CN116823260A - Collaborative signature and decryption method and device, electronic equipment and storage medium - Google Patents

Collaborative signature and decryption method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN116823260A
CN116823260A CN202310780865.3A CN202310780865A CN116823260A CN 116823260 A CN116823260 A CN 116823260A CN 202310780865 A CN202310780865 A CN 202310780865A CN 116823260 A CN116823260 A CN 116823260A
Authority
CN
China
Prior art keywords
decryption result
client
server
collaborative
decryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310780865.3A
Other languages
Chinese (zh)
Inventor
冯飞龙
郭昕
石吉东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Tonghuashun Intelligent Technology Co Ltd
Original Assignee
Zhejiang Tonghuashun Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Tonghuashun Intelligent Technology Co Ltd filed Critical Zhejiang Tonghuashun Intelligent Technology Co Ltd
Priority to CN202310780865.3A priority Critical patent/CN116823260A/en
Publication of CN116823260A publication Critical patent/CN116823260A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • General Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Technology Law (AREA)
  • Marketing (AREA)
  • Economics (AREA)
  • Development Economics (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The application relates to a collaborative decryption method, a collaborative decryption device, electronic equipment and a storage medium. The method at least comprises the following steps: the client sends first target data in the secret to the server, and the server carries out first partial decryption processing on the first target data and obtains a first decryption result; the ciphertext is obtained by encrypting plaintext through a cooperative public key, and the ciphertext is composed of the following data: first, second and third target data; the client performs second partial decryption processing on the first target data in the secret and obtains a second decryption result; the client receives a first decryption result sent by the server and calculates a collaborative decryption result based on the first decryption result and the second decryption result; and the client calculates a derivative key based on the collaborative decryption result, and decrypts the second target data in the ciphertext based on the derivative key to obtain a plaintext corresponding to the ciphertext.

Description

Collaborative signature and decryption method and device, electronic equipment and storage medium
Technical Field
The present application relates to the field of security technologies, and in particular, to a collaborative signature and decryption method, apparatus, electronic device, and storage medium.
Background
Aiming at the business with frequent trade and high real-time requirement in the securities industry, a user needs to carry a hardware medium, such as an intelligent password key (Ukey), and when signature is needed, signature operation is completed by calling the hardware driver of the intelligent password key. The signature mode has the defects of inconvenient operation, inconvenient carrying, low acceptance of the intelligent password key and the like.
Disclosure of Invention
In order to solve the problems, the application provides a collaborative signature and decryption method, a collaborative signature and decryption device, an electronic device and a storage medium.
In a first aspect, an embodiment of the present application provides a collaborative signature method, including:
the client side carries out first partial signature processing on the first message to obtain a first processing result;
the client sends the first processing result to a server, and the server performs second partial signature processing based on the first processing result and obtains a second processing result;
and the client receives a second processing result sent by the server and calculates a signature result corresponding to the first message based on the second processing result.
In a second aspect, an embodiment of the present application provides a collaborative decryption method, including:
the client sends first target data in the secret to the server, and the server carries out first partial decryption processing on the first target data and obtains a first decryption result; the ciphertext is obtained by encrypting plaintext through a cooperative public key, and the ciphertext is composed of the following data: first, second and third target data;
the client performs second partial decryption processing on the first target data in the secret and obtains a second decryption result;
the client receives a first decryption result sent by the server and calculates a collaborative decryption result based on the first decryption result and the second decryption result;
and the client calculates a derivative key based on the collaborative decryption result, and decrypts the second target data in the ciphertext based on the derivative key to obtain a plaintext corresponding to the ciphertext.
In a third aspect, an embodiment of the present application provides a collaborative signature apparatus, including:
the processing unit is used for carrying out first partial signature processing on the first message to obtain a first processing result;
The interaction unit is used for sending the first processing result to the server, and the server performs second partial signature processing based on the first processing result and obtains a second processing result; receiving a second processing result sent by the server;
the processing unit is further configured to calculate a signature result corresponding to the first message based on the second processing result.
In a fourth aspect, an embodiment of the present application provides a collaborative decryption apparatus, including:
the interaction unit is used for sending the first target data in the secret to the server, and the server carries out first partial decryption processing on the first target data and obtains a first decryption result; the ciphertext is obtained by encrypting plaintext through a cooperative public key, and the ciphertext is composed of the following data: first, second and third target data;
the processing unit is used for performing second partial decryption processing on the first target data in the secret and obtaining a second decryption result;
the interaction unit is further used for receiving a first decryption result sent by the server;
the processing unit is further used for calculating a collaborative decryption result based on the first decryption result and the second decryption result; and calculating a derivative key based on the collaborative decryption result, and decrypting the second target data in the ciphertext based on the derivative key to obtain a plaintext corresponding to the ciphertext.
In a fifth aspect, an embodiment of the present application provides an electronic device, including:
one or more processors;
a memory communicatively coupled to the one or more processors;
one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the one or more processors, the one or more applications configured to perform the method described above.
In a fourth aspect, embodiments of the present application provide a computer readable storage medium storing a computer program which when executed by a processor implements the method described above.
By adopting the technical scheme of the embodiment of the application, the signing process is cooperatively completed under the condition that the client and the server participating in the signing do not reveal the private keys, and the signing process is not required to be completed by both parties at the same time, so that the security of the private keys of both the client and the server is ensured. On the other hand, the client and the server participating in decryption cooperate to complete the decryption process under the condition that the private keys are not revealed, and the decryption process is not required to be completed by both parties, so that the security of the private keys of both the client and the server is ensured.
Drawings
Fig. 1 is a schematic diagram of an implementation flow of a collaborative signature method according to an embodiment of the present application;
fig. 2 is a schematic diagram of an implementation flow of a public key negotiation method according to an embodiment of the present application;
fig. 3 is a schematic diagram of an implementation flow of a collaborative decryption method according to an embodiment of the present application;
fig. 4 is a schematic diagram of a second implementation flow of the public key negotiation method according to the embodiment of the present application;
fig. 5 is a second schematic implementation flow chart of the collaborative signature method according to the embodiment of the present application;
fig. 6 is a second schematic implementation flow chart of the collaborative decryption method according to the embodiment of the present application;
fig. 7 is a schematic structural diagram of a collaborative signature apparatus according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of a collaborative decryption device according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
In some of the procedures described in the specification and claims of the present application and the above figures, a plurality of operations appearing in a particular order are included, but it should be clearly understood that the procedures may include more or less operations, and that the operations may be performed in order or in parallel.
The digital signature mechanism is used as one of means for guaranteeing the security of network information, and can solve the problems of counterfeiting, repudiation, impersonation and falsification. The current online trading system in the securities industry stores key information by using an intelligent password key (Ukey), and when signature is needed, signature operation is completed by calling hardware drive of the intelligent password key. The private key of the user cannot be revealed, and the private key needs to be always stored in the client hand, which is the core of the intelligent password key guarantee.
Aiming at the business with frequent trade and high real-time requirement in the securities industry, a user needs to carry a hardware medium, such as an intelligent password key (Ukey), and when signature is needed, signature operation is completed by calling the hardware driver of the intelligent password key. However, the signature mode has the defects of inconvenient operation, inconvenient carrying, easy loss, high hardware cost and the like. In addition, with the popularization of the mobile internet, the mobile transaction accounts for the gradual rise of the stock network transaction, and most of hardware devices of the traditional intelligent cipher key are universal serial bus (Universal Serial Bus, USB) interfaces, cannot be compatible with the mobile devices, and have great popularization difficulty.
Based on the above, the embodiment of the application provides a collaborative signature and decryption method, a collaborative signature and decryption device, electronic equipment and a storage medium.
The technical scheme of the embodiment of the application provides a novel SM2 signature method and an SM2 decryption method. The novel SM2 signature method belongs to a collaborative signature method, namely a signature method requiring the common participation of both a client and a server, and the novel SM2 signature can be called as a collaborative SM2 signature method. The novel SM2 decryption method belongs to a collaborative decryption method, namely a decryption method requiring the joint participation of both a client side and a server side, and the novel SM2 decryption method can be called as a collaborative SM2 decryption method.
It should be noted that, the collaborative signature method and the collaborative decryption method in the embodiment of the present application are implemented based on the following preconditions: the client and the server determine the following contents through a national cryptographic standard algorithm: elliptic curve parameters E (Fp), G and n, wherein E is an elliptic curve defined over the finite element field Fp, G is a base point on the elliptic curve E, n is a base point order, a cryptographic hash algorithm, a key derivation function, and a random number generator. The cryptographic hash algorithm may use a cryptographic hash algorithm annotated by the national cryptographic authority, such as an SM3 cryptographic hash algorithm; the function of the key derivation function is to derive a key (called a derived key); the random number generator may use a random number generator annotated by the national password administration for generating random numbers.
Fig. 1 is a schematic implementation flow diagram of a collaborative signature method according to an embodiment of the present application, as shown in fig. 1, where the method includes:
step 101: and the client performs first partial signature processing on the first message to obtain a first processing result.
In the embodiment of the application, the client performs a first partial signature processing on the first message by the following manner:
1-1) the client processes the first message based on a hash function to obtain first data;
specifically, the first message is denoted as M', the Hash function is denoted as Hash, the first data is denoted as e, and the following formula holds:
e=Hash(M’) (1)
here, the hash function may be implemented using a cryptographic hash algorithm, such as the SM3 cryptographic hash algorithm.
It should be noted that, the first message refers to a message to be signed, and the first data (i.e., e) may also be referred to as a message digest.
1-2) the client generates a first random number, and calculates second data based on the first random number and a base point;
here, the client may generate a first random number by the random number generator, specifically, the first random number is denoted as k1 and has a range of [1, n-1], that is, k1 e [1, n-1], the base point is denoted as G, the second data is denoted as Q1, and the following formula holds:
Q1=k1[*]G (2)
Here, [ ] denotes a dot product operation.
1-3) the client calculates third data based on a first private key of the client side, the first random number, and an order of a base point;
specifically, the client calculates the third data by the following formula:
s1=(1+D1⊕U1) -1 *k1 mod n (3)
where s1 represents third data, d1_u1 represents a first private key on the client side, k1 represents a first random number, n represents the order of the base point, and mod represents a remainder operation.
The first data (e), the second data (Q1) and the third data (s 1) may be obtained through the above steps 1-1), 1-2) and 1-3), and it should be noted that the first processing result in the embodiment of the present application includes the first data, the second data and the third data.
Step 102: the client sends the first processing result to the server, and the server performs second partial signature processing based on the first processing result and obtains a second processing result.
Here, the client sends the first processing result, that is, the first data (i.e., e), the second data (i.e., Q1), and the third data (i.e., s 1), to the server. The server side executes the following operations based on the first processing result:
2-1) generating a second random number, calculating fourth data based on the second random number and the base point;
Here, the server may generate a second random number by using a random number generator, specifically, the second random number is denoted as k2 and has a range of [1, n-1], that is, k2 e [1, n-1], the base point is denoted as G, the fourth data is denoted as Q2, and the following formula holds:
Q2=k2[*]G (4)
here, [ ] denotes a dot product operation.
2-2) generating a third random number, calculating fifth data based on the third random number, the second data and the fourth data, wherein the fifth data is represented as (x 1, y 1);
here, the server may also generate a third random number by using a random number generator, specifically, the third random number is denoted as k3 and ranges from [1, n-1], that is, k3 e [1, n-1], and the fifth data is denoted as (x 1, y 1), where the following formula holds:
(x1,y1)=k3[*](Q1+Q2) (5)
wherein (x 1, y 1) represents the point coordinates corresponding to the fifth data, x1 represents the abscissa corresponding to the fifth data, y1 represents the ordinate corresponding to the fifth data, [ x ] represents the point multiplication operation, Q1 represents the second data (see formula (2) above), and Q2 represents the fourth data (see formula (4) above).
2-3) calculating sixth data based on x1 in the fifth data, the first data and the order of the base point;
specifically, the sixth data is expressed by the following formula:
r=x1+e mod n (6)
Where r represents sixth data, x1 represents an abscissa in fifth data, e represents first data (refer to the above formula (1)), and n represents a rank of a base point.
2-4) if the sixth data is not equal to 0, calculating seventh data based on the second private key of the server, the third random number, the third data, and the base point order, and calculating eighth data based on the second private key of the server, the sixth data, the third random number, the second random number, and the base point order;
specifically, if r+.0, the seventh data is calculated by the following formula:
s2 =(1+D2⊕U2) -1 *k3*s1 mod n (7)
wherein s2 represents seventh data, d2_u2 represents a second private key on the server side, k3 represents a third random number, s1 represents third data (refer to formula (3) above), and n represents the order of the base point;
and calculates eighth data by the following formula:
s3=(1+D2⊕U2) -1 *(r+k3*k2) mod n (8)
where s3 denotes eighth data, d2_u2 denotes a second private key on the server side, r denotes sixth data (refer to the above formula (6)), k3 denotes a third random number, k2 denotes a second random number, and n denotes a base point order.
The sixth data (i.e. r), the seventh data (i.e. s 2) and the eighth data (i.e. s 3) can be obtained by the above 2-1), 2-2), 2-3) and 2-4), and it should be noted that the second processing result in the embodiment of the present application includes the sixth data, the seventh data and the eighth data.
Then, the server sends the sixth data (i.e. r), the seventh data (i.e. s 2) and the eighth data (i.e. s 3) to the client, refer to the following step 103.
Step 103: and the client receives a second processing result sent by the server and calculates a signature result corresponding to the first message based on the second processing result.
Here, the client receives the second processing result, that is, the sixth data (i.e., r), the seventh data (i.e., s 2), and the eighth data (i.e., s 3), which are sent by the server. And the client calculates a signature result corresponding to the first message based on the second processing result. Specifically, the client calculates a signature result corresponding to the first message by:
3-1) the client calculates ninth data based on a first private key of the client, the sixth data, the seventh data, the eighth data, and a base point order;
specifically, the client calculates the ninth data by the following formula:
s=s2–r+(1+D1⊕U1) -1 *s3 mod n (9)
where s denotes ninth data, s2 denotes seventh data (see formula (7) above), r denotes sixth data (see formula (6) above), d1_u1 denotes the first private key on the client side, s3 denotes eighth data (see formula (8) above), n denotes the order of the base point, mod denotes the remainder operation, and x denotes the exclusive or operation.
3-2) if the ninth data is not equal to 0 and the ninth data is not equal to the order of the base point minus the sixth data, the client combines the sixth data and the ninth data into a signature result.
Specifically, if r+.0 and s+.n—r, (r, s) is used as the signature result, where r represents the sixth data (see equation (6) above), s represents the ninth data (see equation (9) above), and n represents the order of the base point.
According to the technical scheme, the signing process is completed cooperatively under the condition that the client and the server participating in the signing do not reveal the private keys, and the signing process is required to be completed simultaneously, the complete private keys are not required to be recovered in the signing process, so that the safety of the private keys of the client and the server is ensured, and in addition, the server participates in part of the signing process, so that the signing efficiency and quality can be improved by utilizing the processing advantages of the server.
In the above technical solution of the embodiment of the present application, the first private key at the client side and the second private key at the server side are related, and the two private keys are respectively and independently present at both sides of the client and the server side, so that the security of the private keys at both sides is ensured. After the signature of the first message is completed through the technical scheme, the obtained signature result can be subjected to signature verification by adopting a national standard signature verification method, wherein a public key adopted in the signature verification process is a public key commonly negotiated between the client and the server, and is called a negotiation public key. How to determine the negotiation public key, and the public-private key pair at the client side and the public-private key pair at the server side are described below with reference to fig. 2. The scheme shown in fig. 2 may be combined with the scheme shown in fig. 1, or may be implemented separately.
Fig. 2 is a schematic diagram of an implementation flow of a public key negotiation method according to an embodiment of the present application, as shown in fig. 2, where the method includes:
step 201: the client generates a first private key of the client side based on the first device information of the client and the first target random number.
Specifically, the first private key at the client side is denoted as U1D 1, where U1 represents first device information of the client, and D1 represents a first target random number. The range of U1 # -D1 is [1, n-1], i.e., (U1 # -D1) ∈ [1, n-1]. It should be noted that, the first private key is a private key of the client itself, and may also be referred to as a selfish key of the client.
Step 202: the client calculates a first public key of the client side based on the first private key and a base point.
In particular, the first public key is denoted P1, wherein,
P1=(D1⊕U1)[*]G (10)
here, G represents a base point, [ ] represents a point multiplication operation.
Step 203: and the client sends the first public key to a server, and the server generates a collaborative public key based on the first public key.
Here, the client sends the first public key (i.e. P1) to the server, and the server generates a cooperative public key based on the first public key, specifically:
4-1) generating a second private key of the server side based on the second equipment information of the server side and the second target random number.
Here, the second private key on the server side is denoted as U2D 2, where U2 denotes second device information of the server, and D2 denotes a second target random number. The range of U2 # -D2 is [1, n-1], i.e., (U2 # -D2) ∈ [1, n-1]. It should be noted that, the second private key is a private key of the server, and may also be referred to as a selfish key of the server.
4-2) calculating a second public key of the server side based on the second private key and the base point.
In particular, the second public key is denoted P2, wherein,
P2=(D2⊕U2)[*]G (11)
here, G represents a base point, [ ] represents a point multiplication operation.
4-3) calculating a collaborative public key based on the first public key, the second public key, and the second private key, the collaborative public key expressed as:
P=P1+P2+(D2⊕U2)[*]P1 (12)
and then, the server side discloses P as a cooperative public key, and any other client side can acquire the cooperative public key.
In the embodiment of the present application, the collaborative public key is used to sign the signature result corresponding to the first message in the scheme related to fig. 1. The signing result can be checked by adopting a national cryptographic standard signing checking method and using the collaborative public key.
Fig. 3 is a schematic implementation flow diagram of a collaborative decryption method according to an embodiment of the present application, as shown in fig. 3, where the method includes:
step 301: the client sends the first target data in the secret to the server, and the server carries out first partial decryption processing on the first target data and obtains a first decryption result.
In the embodiment of the application, the ciphertext is obtained by encrypting a plaintext by a cooperative public key, and the ciphertext is composed of the following data: first target data, second target data, and third target data.
For example: the ciphertext is represented as M, m=c1|c2|c3, wherein|represents a concatenation symbol, C1 represents first target data, C2 represents second target data, and C3 represents third target data. The client may propose first target data (i.e., C1), second target data (i.e., C2), and third target data (i.e., C3) from the ciphertext.
Then, the client sends the first target data in the secret to the server, and the server performs a first partial decryption process on the first target data and obtains a first decryption result, and specifically, the first decryption result is expressed by the following formula:
T1=(D2⊕U2)[*] C1 (13)
wherein T1 represents the first decryption result, d2# -U2 represents the second private key at the server side, C1 represents the first target data, [ × ] represents the dot product operation, and x-bar represents the exclusive or operation.
Step 302: and the client performs second partial decryption processing on the first target data in the secret and obtains a second decryption result.
Specifically, the second decryption result is expressed by the following formula:
T2=(D1⊕U1)[*] C1 (14)
wherein T2 represents the second decryption result, d1_u1 represents the first private key of the client side, C1 represents the first target data, [ × ] represents the dot product operation.
Step 303: and the client receives the first decryption result sent by the server and calculates a collaborative decryption result based on the first decryption result and the second decryption result.
Specifically, the client calculates the collaborative decryption result based on the following formula:
(x2, y2)= T1+T2+(D1⊕U1)[*]T1 (15)
wherein (x 2, y 2) represents the collaborative decryption result, T1 represents the first decryption result, T2 represents the second decryption result, d1_u1 represents the first private key on the client side, [ × ] represents the dot product operation.
Note that (x 2, y 2) represents the point coordinates corresponding to the collaborative decryption result, x2 represents the abscissa corresponding to the collaborative decryption result, and y2 represents the ordinate corresponding to the collaborative decryption result.
Step 304: and the client calculates a derivative key based on the collaborative decryption result, and decrypts the second target data in the ciphertext based on the derivative key to obtain a plaintext corresponding to the ciphertext.
Specifically, the client calculates the derived key based on the following formula:
t=KDF(x2||y2, klen) (16)
wherein t represents a derivative key, KDF represents a key derivative function, ||represents a splice symbol, x2 represents an abscissa of a collaborative decryption result, y2 represents an ordinate of the collaborative decryption result, and klen represents the length of the derivative key;
the client calculates plaintext corresponding to ciphertext based on the following formula:
M`=C2⊕t (17)
wherein M' represents plaintext corresponding to ciphertext, C2 represents second target data in the ciphertext, and the block is represented by exclusive OR operation.
According to the technical scheme, the decryption process is completed cooperatively under the condition that the client and the server participating in decryption do not reveal the private keys, and the two parties are required to participate simultaneously in the decryption process, so that the complete private keys do not need to be recovered in the decryption process, the security of the private keys of the client and the server is ensured, and in addition, the server participates in part of the decryption process, so that the decryption efficiency and quality can be improved by utilizing the processing advantages of the server.
In the above technical solution of the embodiment of the present application, the first private key at the client side and the second private key at the server side are related, and the two private keys are respectively and independently present at both sides of the client and the server side, so that the security of the private keys at both sides is ensured. The ciphertext in the technical scheme can be obtained by encrypting the plaintext by using a public key by adopting a national encryption standard encryption algorithm, wherein the public key used in the technical scheme can be a public key commonly negotiated between the client and the server and is called a negotiation public key. Fig. 2 shows how to determine the negotiation public key, and the scheme of the public-private key pair at the client side and the public-private key at the server side, which will not be described in detail. It should be noted that the scheme shown in fig. 2 may be implemented in combination with the scheme shown in fig. 3, or may be implemented separately.
In the embodiment of the present application, the first message, the signature result corresponding to the first message, the ciphertext, and the plaintext corresponding to the ciphertext may be converted into a bit string with a finite length for processing.
Fig. 4 is a second schematic implementation flow chart of a public key negotiation method according to an embodiment of the present application, as shown in fig. 4, where the method includes:
step 401: the client acquires first device information U1 at the client side, generates a first target random number D1, and takes (U1D 1) [1, n-1] as a self-private key.
Here, U1, D1 may also be referred to as a first private key on the client side.
Step 402: the client calculates p1= (d1×u1) [ ] G and sends P1 to the server.
Here, P1 is the first public key of the client side.
Step 403: the server acquires second equipment information U2 at the server side, generates a second target random number D2, and takes (U2D 2) epsilon [1, n-1] as a self-private key.
Here, U2, D2 may also be referred to as a second private key on the server side.
Step 404: the server calculates p2= (d2×u2) [ ] G.
Here, P1 is the first public key of the client side.
Step 405: the server calculates p=p1+p2+ (d2×u2) [ x ] p1, and discloses P as the negotiation public key.
Fig. 5 is a second schematic implementation flow chart of a collaborative signature method according to an embodiment of the present application, as shown in fig. 5, where the method includes:
step 501: the client calculates e=hash (M '), where M' is the first message to be signed.
Here, e is first data, which may also be referred to as a message digest.
Step 502: the client generates a first random number k 1E [1, n-1]]Calculate q1=k1 [ # ]]G, s1= (1+d1U 1) -1 * k1 mod n, and sends e, Q1, s1 to the server.
Here, Q1 is second data, and s1 is third data.
Step 503: the server generates a second random number k2∈ [1, n-1], and calculates q2=k2×g.
Here, Q2 is fourth data.
Step 504: the server generates a second random number k3∈ [1, n-1], calculates (x 1, y 1) =k3 ] (q1+q2), and r=x1+e mod n.
Here, (x 1, y 1) is fifth data, and r is sixth data.
Step 505: the server judges whether r is equal to 0, if r is not equal to 0, s 2= (1+D2) U2 is calculated -1 * k3.s 1mod n, s3= (1+d2. Gtoreq. U2) -1 * (r+k3 x k 2) mod n, and sends r, s2, s3 to the client.
Here, s2 is seventh data, and s3 is eighth data.
Step 506: client calculates s=s2-r+ (1+d1 +' U1) -1 *s3 mod n。
Here, s is ninth data.
Step 507: the client determines whether s is equal to 0 and s is equal to n-r, and if r is not equal to 0 and s is not equal to n-r, (r, s) is the signature result.
Fig. 6 is a second schematic implementation flow chart of a collaborative decryption method according to an embodiment of the present application, as shown in fig. 6, where the method includes:
step 601: and the client sends the C1 in the secret to the server.
Here, the ciphertext is represented as M, m=c1|c2|c3, where|represents the concatenation symbol, C1 represents the first target data, C2 represents the second target data, and C3 represents the third target data. The client may propose first target data (i.e., C1), second target data (i.e., C2), and third target data (i.e., C3) from the ciphertext.
Step 602: the server calculates t1= (d2_u2) [ ] C1 and sends T1 to the client.
Here, T1 represents the first decryption result, d2#, U2 represents the second private key on the server side, C1 represents the first target data, [ × ] represents the dot product operation, and ∈represents the exclusive or operation.
Step 603: the client calculates t2= (d1×u1) [ ] C1.
Here, T2 denotes a second decryption result, d1_u1 denotes a first private key of the client side, C1 denotes first target data, [ × ] denotes a dot product operation.
Step 604: the client calculates (x 2, y 2) =t1+t2+ (d1_u1) [ ] T1.
Here, (x 2, y 2) represents the cooperative decryption result.
Step 605: the client calculates t=kdf (x2||y2, klen).
Here, t represents a derivative key, KDF represents a key derivative function, || represents a concatenation symbol, x2 represents an abscissa of a cooperative decryption result, y2 represents an ordinate of the cooperative decryption result, and klen represents a length of the derivative key.
Step 606: the client calculates mj=c2 × t.
Here, M' represents a plaintext corresponding to the ciphertext, C2 represents second target data in the ciphertext, and a block represents an exclusive or operation.
The consistency of the collaborative signature method and the collaborative decryption method in the technical scheme is verified by a plurality of equations.
1) Equation one:
P=P1+P2+(D2⊕U2)[*]P1
=(D1⊕U1)[*]G+(D2⊕U2)[*]G+(D1⊕U1)(D2⊕U2)[*]G
=((D1⊕U1)+(D2⊕U2)+(D1⊕U1)(D2⊕U2))[*]G
2) Equation two:
P A =D A [*]G
3) From the above equations one and two, the following equation three can be derived:
D A =((D1⊕U1)+(D2⊕U2)+(D1⊕U1)(D2⊕U2))mod n
4) Equation four:
(x1,y1)=k3[*](Q1+Q2)
=k3[*](k1[*]G+k2[*]G)
=(k3*k1+k2*k3)[*]G
5) Equation five:
(x,y)=k*G
6) From the above equation four and equation five, the following equation six can be derived:
k=k1*k3+k2*k3
7) Equation seven:
s=s2–r+(1+D1⊕U1) -1 *s3
=(1+D2⊕U2) -1 *k3*(1+D1⊕U1) -1 *k1+(1+D1⊕U1) -1 *(1+D2⊕
U2) -1 *(r+k3*k2)-r
=(1+D2⊕U2) -1 *(1+D1⊕U1) -1 *k1*k3+(1+D1⊕U1) -1 *(1+D2⊕
U2) -1 *(r+k3*k2)-r
=(1+(D1⊕U1)+(D2⊕U2)+(D1⊕U1)*(D2⊕U2)) -1 *k1*k3+(1+(D1⊕U1)+(D2⊕U2)+(D1⊕U1)*(D2⊕U2)) -1 *(r+k3*k2)-r
=(1+(D1⊕U1)+(D2⊕U2)+(D1⊕U1)*(D2⊕
U2)) -1 *(k1*k3+k2*k3+r-r*(1+(D1⊕U1)+(D2⊕U2)+(D1⊕U1)*(D2⊕U2)) -1 )
=(1+(D1⊕U1)+(D2⊕U2)+(D1⊕U1)*(D2⊕U2)) -1 *(k1*k3+k2*k3+r*(D1⊕U1)+(D2⊕U2)+(D1⊕U1)*(D2⊕U2)) -1 )
=(1+d A ) -1 *(k-r*d A )
the consistency of the collaborative signature method can be verified according to equation seven above.
8) Equation eight:
(x2,y2)=T1+T2+(D1⊕D2)[*]T1
=(D1⊕U1)[*]C1+(D2⊕U2)[*]C1+(D2⊕U2)(D1⊕U1)[*]C1
=((D1⊕U1)+(D2⊕U2)+(D2⊕U2)(D1⊕U1))[*]C1
=((D1⊕U1)+(D2⊕U2)+(D2⊕U2)(D1⊕U1))k[*]G
=k[*](D A [*]G)
=k[*]P A
the consistency of the collaborative decryption algorithm can be verified according to equation eight above.
Fig. 7 is a schematic structural diagram of a collaborative signature apparatus according to an embodiment of the present application, as shown in fig. 7, where the apparatus includes:
A processing unit 701, configured to perform a first partial signature process on the first message to obtain a first processing result;
an interaction unit 702, configured to send the first processing result to a server, and perform second partial signature processing based on the first processing result by the server to obtain a second processing result; receiving a second processing result sent by the server;
the processing unit 701 is further configured to calculate a signature result corresponding to the first message based on the second processing result.
In an optional manner, the processing unit 701 is specifically configured to process the first message based on a hash function to obtain first data; generating a first random number, and calculating second data based on the first random number and a base point; calculating third data based on the first private key of the client side, the first random number and the order of the base point; wherein the first processing result includes the first data, the second data, and the third data.
In an alternative manner, the processing unit 701 is specifically configured to calculate the third data by the following formula:
s1=(1+D1⊕U1) -1 *k1 mod n;
where s1 represents third data, d1#, U1 represents a first private key on the client side, k1 represents a first random number, and n represents the order of the base point.
In an optional manner, the performing, by the server, the second partial signature processing based on the first processing result and obtaining a second processing result includes:
the server side executes the following operations based on the first processing result:
generating a second random number, and calculating fourth data based on the second random number and a base point;
generating a third random number, calculating fifth data based on the third random number, the second data, and the fourth data, wherein the fifth data is represented as (x 1, y 1);
calculating sixth data based on x1 in the fifth data, the first data and the order of the base point;
if the sixth data is not equal to 0, calculating seventh data based on the second private key of the server, the third random number, the third data and the order of the base point, and calculating eighth data based on the second private key of the server, the sixth data, the third random number, the second random number and the order of the base point;
wherein the second processing result includes the sixth data, the seventh data, and the eighth data.
In an alternative, the sixth data is represented by the following formula: r=x1+e mod n; wherein r represents sixth data, x1 represents an abscissa in fifth data, e represents first data, and n represents a rank of a base point;
The seventh data is represented by the following formula: s2= (1+d2 -1 * k3×s1 mod n; wherein s2 represents seventh data, d2_u2 represents a second private key of the server side, k3 represents a third random number, s1 represents third data, and n represents a base point order;
the eighth data is represented by the following formula: s3= (1+d2 -1 * (r+k3 x k 2) mod n; wherein s3 represents eighth data, d2.u2 represents a second private key on the server side, r represents sixth data, k3 represents a third random number, k2 represents a second random number, and n represents a base point order.
In an optional manner, the processing unit 701 is specifically configured to calculate ninth data based on the first private key of the client, the sixth data, the seventh data, the eighth data, and the order of the base point; if the ninth data is not equal to 0 and the ninth data is not equal to the base point order minus the sixth data, then combining the sixth data and the ninth data into a signature result.
In an alternative manner, the processing unit 701 is specifically configured to calculate the ninth data by the following formula:
s=s2–r+(1+D1⊕U1) -1 *s3 mod n;
where s denotes ninth data, s2 denotes seventh data, r denotes sixth data, D1U 1 denotes a first private key of the client side, s3 denotes eighth data, and n denotes the order of the base point.
In an optional manner, the processing unit 701 is further configured to generate a first private key on the client side based on the first device information of the client and the first target random number, where the first private key on the client side is denoted as U1D 1, where U1 represents the first device information of the client, and D1 represents the first target random number; calculating a first public key of the client side based on the first private key and a base point, wherein the first public key is represented as P1, wherein p1= (d1_u1) [ [ x ] G, G represents the base point, [ [ x ] represents a point multiplication operation;
the interaction unit is further configured to send the first public key to a server, and the server generates a collaborative public key based on the first public key; the collaborative public key is used for signing the signature result corresponding to the first message.
In an optional manner, the generating, by the server, a cooperative public key based on the first public key includes:
the server performs the following operations based on the first public key:
generating a second private key of the server side based on the second device information of the server side and the second target random number, wherein the second private key of the server side is denoted as U2D 2, U2 represents the second device information of the server side, and D2 represents the second target random number;
Calculating a second public key of the server side based on the second private key and the base point, wherein the second public key is represented as P2, and p2= (d2# - [ U2 ]) ] [ G, G represents the base point, [ [ x ]) ] represents the point multiplication operation;
based on the first public key, the second public key and the second private key, a collaborative public key is calculated, the collaborative public key being denoted as p= p1+p2+ (d2++u2) [ P1 ].
It should be noted here that: the description of the embodiment items of the device is similar to the description of the method, and has the same beneficial effects as those of the embodiment of the method, so that a detailed description is omitted. For technical details not disclosed in the embodiments of the apparatus of the present application, those skilled in the art will understand with reference to the description of the embodiments of the method of the present application, and the details are not repeated here for the sake of brevity.
Fig. 8 is a schematic structural diagram of a collaborative decryption apparatus according to an embodiment of the present application, as shown in fig. 8, where the apparatus includes:
an interaction unit 801, configured to send first target data in a secret to a server, where the server performs a first partial decryption process on the first target data and obtains a first decryption result; the ciphertext is obtained by encrypting plaintext through a cooperative public key, and the ciphertext is composed of the following data: first, second and third target data;
A processing unit 802, configured to perform a second partial decryption process on the first target data in the secret, and obtain a second decryption result;
the interaction unit 801 is further configured to receive a first decryption result sent by the server;
the processing unit 802 is further configured to calculate a collaborative decryption result based on the first decryption result and the second decryption result; and calculating a derivative key based on the collaborative decryption result, and decrypting the second target data in the ciphertext based on the derivative key to obtain a plaintext corresponding to the ciphertext.
In an alternative way, the first decryption result is expressed by the following formula: t1= (d2+_u2) [ ] C1; wherein T1 represents a first decryption result, d2_u2 represents a second private key at the server side, C1 represents first target data, [ # ] represents dot product operation;
the second decryption result is expressed by the following formula: t2= (d1+_u1) [ ] C1; wherein T2 represents the second decryption result, d1_u1 represents the first private key of the client side, C1 represents the first target data, [ × ] represents the dot product operation.
In an alternative manner, the processing unit 802 is specifically configured to calculate the collaborative decryption result based on the following formula:
(x2,y2)=T1+T2+(D1⊕U1)[*]T1;
Wherein (x 2, y 2) represents the collaborative decryption result, T1 represents the first decryption result, T2 represents the second decryption result, d1_u1 represents the first private key on the client side, [ × ] represents the dot product operation.
In an alternative manner, the processing unit 802 is specifically configured to calculate the derivative key based on the following formula: t=kdf (x2||y2, klen); wherein t represents a derivative key, KDF represents a key derivative function, ||represents a splice symbol, x2 represents an abscissa of a collaborative decryption result, y2 represents an ordinate of the collaborative decryption result, and klen represents the length of the derivative key; calculating plaintext corresponding to ciphertext based on the following formula: m '=c2 × t, where M' represents plaintext corresponding to ciphertext, C2 represents second target data in the ciphertext, and a-d represents exclusive-or operation.
In an alternative manner, the processing unit 802 is further configured to generate a first private key on the client side based on the first device information of the client and the first target random number, where the first private key on the client side is denoted as U1D 1, where U1 represents the first device information of the client, and D1 represents the first target random number; calculating a first public key of the client side based on the first private key and a base point, wherein the first public key is represented as P1, wherein p1= (d1_u1) [ [ x ] G, G represents the base point, [ [ x ] represents a point multiplication operation;
The interaction unit 801 is further configured to send the first public key to a server, and the server generates a collaborative public key based on the first public key; the collaborative public key is used for signing the signature result corresponding to the first message.
In an optional manner, the generating, by the server, a cooperative public key based on the first public key includes:
the server performs the following operations based on the first public key:
generating a second private key of the server side based on the second device information of the server side and the second target random number, wherein the second private key of the server side is denoted as U2D 2, U2 represents the second device information of the server side, and D2 represents the second target random number;
calculating a second public key of the server side based on the second private key and the base point, wherein the second public key is represented as P2, and p2= (d2# - [ U2 ]) ] [ G, G represents the base point, [ [ x ]) ] represents the point multiplication operation;
based on the first public key, the second public key and the second private key, a collaborative public key is calculated, the collaborative public key being denoted as p= p1+p2+ (d2++u2) [ P1 ].
It should be noted here that: the description of the embodiment items of the device is similar to the description of the method, and has the same beneficial effects as those of the embodiment of the method, so that a detailed description is omitted. For technical details not disclosed in the embodiments of the apparatus of the present application, those skilled in the art will understand with reference to the description of the embodiments of the method of the present application, and the details are not repeated here for the sake of brevity.
The embodiment of the application also provides electronic equipment, which comprises: one or more processors; a memory communicatively coupled to the one or more processors; one or more applications; wherein the one or more application programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs configured to perform the methods described above.
In a specific example, the electronic device according to the embodiment of the present application may be specifically configured as shown in fig. 9, where the electronic device includes at least a processor 91, a storage medium 92, and at least one external communication interface 93; the processor 91, the storage medium 92 and the external communication interface 93 are all connected by a bus 94. The processor 91 may be an electronic component with a processing function, such as a microprocessor, a central processing unit, a digital signal processor, or a programmable logic array. The storage medium has stored therein computer executable code capable of performing the method of any of the above embodiments. In practical applications, the processing unit in the above-described scheme may be implemented by the processor 91.
It should be noted here that: the description of the embodiment items of the electronic device is similar to the description of the method, and has the same beneficial effects as those of the embodiment of the method, so that a detailed description is omitted. For technical details not disclosed in the embodiments of the electronic device of the present application, those skilled in the art will understand with reference to the description of the embodiments of the method of the present application, which are not repeated herein for the sake of brevity.
The embodiment of the present application also provides a computer-readable storage medium storing a computer program which, when executed by a processor, implements the method described above.
Here, a computer-readable storage medium may be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable read-only memory (CDROM). In addition, the computer-readable storage medium may even be paper or other suitable medium upon which the program is printed, as the program may be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted, or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory.
It should be understood that all or part of the steps carried out in the method of the above embodiment may be implemented by a program, which may be stored in a computer readable storage medium, and the program, when executed, includes one or a combination of the steps of the method embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing module, or each unit may exist alone physically, or two or more units may be integrated in one module. The integrated modules may be implemented in hardware or in software functional modules. The integrated modules may also be stored in a computer readable storage medium if implemented in the form of software functional modules and sold or used as a stand-alone product. The storage medium may be a read-only memory, a magnetic or optical disk, or the like.
The embodiments described above are only some, but not all, embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to fall within the scope of the application.

Claims (10)

1. A collaborative decryption method, the method comprising:
the client sends first target data in the secret to the server, and the server carries out first partial decryption processing on the first target data and obtains a first decryption result; the ciphertext is obtained by encrypting plaintext through a cooperative public key, and the ciphertext is composed of the following data: first, second and third target data;
the client performs second partial decryption processing on the first target data in the secret and obtains a second decryption result;
the client receives a first decryption result sent by the server and calculates a collaborative decryption result based on the first decryption result and the second decryption result;
and the client calculates a derivative key based on the collaborative decryption result, and decrypts the second target data in the ciphertext based on the derivative key to obtain a plaintext corresponding to the ciphertext.
2. The method of claim 1, wherein the step of determining the position of the substrate comprises,
the first decryption result is represented by the following formula: t1= (d2+_u2) [ ] C1; wherein T1 represents a first decryption result, d2_u2 represents a second private key at the server side, C1 represents first target data, [ # ] represents dot product operation;
The second decryption result is expressed by the following formula: t2= (d1+_u1) [ ] C1; wherein T2 represents the second decryption result, d1_u1 represents the first private key of the client side, C1 represents the first target data, [ × ] represents the dot product operation.
3. The method of claim 2, wherein the client receives a first decryption result sent by the server and calculates a collaborative decryption result based on the first decryption result and the second decryption result, comprising:
the client calculates a collaborative decryption result based on the following formula:
(x2,y2)=T1+T2+(D1⊕U1)[*]T1;
wherein (x 2, y 2) represents the collaborative decryption result, T1 represents the first decryption result, T2 represents the second decryption result, d1_u1 represents the first private key on the client side, [ × ] represents the dot product operation.
4. The method of claim 3, wherein the client calculates a derivative key based on the collaborative decryption result, and decrypts the second target data in the ciphertext based on the derivative key to obtain plaintext corresponding to the ciphertext, comprising:
the client computes a derivative key based on the following formula: t=kdf (x2||y2, klen); wherein t represents a derivative key, KDF represents a key derivative function, ||represents a splice symbol, x2 represents an abscissa of a collaborative decryption result, y2 represents an ordinate of the collaborative decryption result, and klen represents the length of the derivative key;
The client calculates plaintext corresponding to ciphertext based on the following formula: m '=c2 × t, where M' represents plaintext corresponding to ciphertext, C2 represents second target data in the ciphertext, and a-d represents exclusive-or operation.
5. The method according to any one of claims 1 to 4, further comprising:
the client generates a first private key of the client side based on the first device information of the client and a first target random number, wherein the first private key of the client side is denoted as U1D 1, U1 represents the first device information of the client, and D1 represents the first target random number;
the client calculates a first public key of the client side based on the first private key and a base point, wherein the first public key is represented as P1, wherein P1= (D1U 1) [ [ x ] G, G represents the base point, [ [ x ] represents point multiplication operation;
the client sends the first public key to a server, and the server generates a collaborative public key based on the first public key; the collaborative public key is used for signing the signature result corresponding to the first message.
6. The method of claim 5, wherein the generating, by the server, a collaborative public key based on the first public key comprises:
The server performs the following operations based on the first public key:
generating a second private key of the server side based on the second device information of the server side and the second target random number, wherein the second private key of the server side is denoted as U2D 2, U2 represents the second device information of the server side, and D2 represents the second target random number;
calculating a second public key of the server side based on the second private key and the base point, wherein the second public key is represented as P2, and p2= (d2# - [ U2 ]) ] [ G, G represents the base point, [ [ x ]) ] represents the point multiplication operation;
based on the first public key, the second public key and the second private key, a collaborative public key is calculated, the collaborative public key being denoted as p= p1+p2+ (d2++u2) [ P1 ].
7. A collaborative decryption apparatus, the apparatus comprising:
the interaction unit is used for sending the first target data in the secret to the server, and the server carries out first partial decryption processing on the first target data and obtains a first decryption result; the ciphertext is obtained by encrypting plaintext through a cooperative public key, and the ciphertext is composed of the following data: first, second and third target data;
The processing unit is used for performing second partial decryption processing on the first target data in the secret and obtaining a second decryption result;
the interaction unit is further used for receiving a first decryption result sent by the server;
the processing unit is further used for calculating a collaborative decryption result based on the first decryption result and the second decryption result; and calculating a derivative key based on the collaborative decryption result, and decrypting the second target data in the ciphertext based on the derivative key to obtain a plaintext corresponding to the ciphertext.
8. The method of claim 5, wherein the first decryption result is represented by the following formula: t1= (d2+_u2) [ ] C1; wherein T1 represents a first decryption result, d2_u2 represents a second private key at the server side, C1 represents first target data, [ # ] represents dot product operation;
and/or the number of the groups of groups,
the second decryption result is expressed by the following formula: t2= (d1+_u1) [ ] C1; wherein T2 represents the second decryption result, d1_u1 represents the first private key of the client side, C1 represents the first target data, [ × ] represents the dot product operation.
9. An electronic device, comprising:
one or more processors;
A memory communicatively coupled to the one or more processors;
one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the one or more processors, the one or more applications configured to perform the method of any of claims 1 to 6.
10. A computer readable storage medium storing a computer program, which when executed by a processor implements the method of any one of claims 1 to 6.
CN202310780865.3A 2020-05-11 2020-05-11 Collaborative signature and decryption method and device, electronic equipment and storage medium Pending CN116823260A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310780865.3A CN116823260A (en) 2020-05-11 2020-05-11 Collaborative signature and decryption method and device, electronic equipment and storage medium

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202310780865.3A CN116823260A (en) 2020-05-11 2020-05-11 Collaborative signature and decryption method and device, electronic equipment and storage medium
CN202010394747.5A CN111582867B (en) 2020-05-11 2020-05-11 Collaborative signature and decryption method and device, electronic equipment and storage medium

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN202010394747.5A Division CN111582867B (en) 2020-05-11 2020-05-11 Collaborative signature and decryption method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN116823260A true CN116823260A (en) 2023-09-29

Family

ID=72126373

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202310780865.3A Pending CN116823260A (en) 2020-05-11 2020-05-11 Collaborative signature and decryption method and device, electronic equipment and storage medium
CN202010394747.5A Active CN111582867B (en) 2020-05-11 2020-05-11 Collaborative signature and decryption method and device, electronic equipment and storage medium

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN202010394747.5A Active CN111582867B (en) 2020-05-11 2020-05-11 Collaborative signature and decryption method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (2) CN116823260A (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113300841B (en) * 2021-05-25 2022-11-25 贵州大学 Identity-based collaborative signature method and system
CN115134093B (en) * 2022-08-30 2022-11-15 北京信安世纪科技股份有限公司 Digital signature method and computing device
CN116992204B (en) * 2023-09-26 2023-12-29 蓝象智联(杭州)科技有限公司 Data point multiplication operation method based on privacy protection

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6157900B2 (en) * 2013-04-05 2017-07-05 株式会社東芝 Data management device, meter device, and data management method
CN107196763B (en) * 2017-07-06 2020-02-18 数安时代科技股份有限公司 SM2 algorithm collaborative signature and decryption method, device and system
CN108737103B (en) * 2018-03-27 2021-06-29 中国科学院数据与通信保护研究教育中心 SM2 algorithm signature method applied to CS framework
CN109672539B (en) * 2019-03-01 2021-11-05 深圳市电子商务安全证书管理有限公司 SM2 algorithm collaborative signature and decryption method, device and system

Also Published As

Publication number Publication date
CN111582867B (en) 2023-09-22
CN111582867A (en) 2020-08-25

Similar Documents

Publication Publication Date Title
CN111628868B (en) Digital signature generation method and device, computer equipment and storage medium
CN110011802B (en) Efficient method and system for cooperatively generating digital signature by two parties of SM9
CN109274503B (en) Distributed collaborative signature method, distributed collaborative signature device and soft shield system
CN113424185B (en) Fast inadvertent transmission
CN107483212B (en) Method for generating digital signature by cooperation of two parties
CN110247757B (en) Block chain processing method, device and system based on cryptographic algorithm
CN111066285B (en) SM2 signature based public key recovery method
CN111582867B (en) Collaborative signature and decryption method and device, electronic equipment and storage medium
US9705683B2 (en) Verifiable implicit certificates
CN111049650B (en) SM2 algorithm-based collaborative decryption method, device, system and medium
CN111130804B (en) SM2 algorithm-based collaborative signature method, device, system and medium
US20110208970A1 (en) Digital signature and key agreement schemes
CA2669145A1 (en) Implicit certificate verification
US11223486B2 (en) Digital signature method, device, and system
EP1642437A2 (en) Key agreement and transport protocol
CA2320221A1 (en) Secure one-way authentication communication system
CN111147245A (en) Algorithm for encrypting by using national password in block chain
CN114726546B (en) Digital identity authentication method, device, equipment and storage medium
CN111355582A (en) Two-party combined signature and decryption method and system based on SM2 algorithm
KR20210063378A (en) Computer-implemented systems and methods that share common secrets
CN111264045A (en) Interactive system and method based on heterogeneous identity
KR20230141845A (en) Threshold key exchange
CN113326525A (en) Data processing method and device based on intelligent contract
TW202318833A (en) Threshold signature scheme
CN111756537A (en) Two-party cooperative decryption method, system and storage medium based on SM2 standard

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination