CN116980129A - Digital signature generation method, device, electronic equipment and readable storage medium - Google Patents

Digital signature generation method, device, electronic equipment and readable storage medium Download PDF

Info

Publication number
CN116980129A
CN116980129A CN202311231977.XA CN202311231977A CN116980129A CN 116980129 A CN116980129 A CN 116980129A CN 202311231977 A CN202311231977 A CN 202311231977A CN 116980129 A CN116980129 A CN 116980129A
Authority
CN
China
Prior art keywords
preset
signature
elliptic curve
hash value
illegal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202311231977.XA
Other languages
Chinese (zh)
Other versions
CN116980129B (en
Inventor
刘福春
焦四辈
郭小虎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Open Security Research Inc
Original Assignee
Open Security Research Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Open Security Research Inc filed Critical Open Security Research Inc
Priority to CN202311231977.XA priority Critical patent/CN116980129B/en
Publication of CN116980129A publication Critical patent/CN116980129A/en
Application granted granted Critical
Publication of CN116980129B publication Critical patent/CN116980129B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The embodiment of the invention discloses a digital signature generation method, a digital signature generation device, electronic equipment and a readable storage medium, which can improve the efficiency of generating digital signatures. The method comprises the following steps: calculating a hash value corresponding to the message to be signed based on the original information input by the signing party and the message to be signed; acquiring a preset signature parameter set from a cache pool; the preset signature parameter set comprises: the random number, elliptic curve point corresponding to the random number and at least one illegal hash value corresponding to the elliptic curve point; the preset signature parameter set is generated through pre-calculation and stored in a cache pool; at least one illegal hash value is obtained by calculating an illegal signature value based on elliptic curve points corresponding to random numbers; in case the at least one illegal hash value does not comprise a hash value, a digital signature of the message to be signed is determined based on the hash value, the random number and the elliptic curve point.

Description

Digital signature generation method, device, electronic equipment and readable storage medium
Technical Field
The present invention relates to the field of encryption technologies, and in particular, to a digital signature generation method, a digital signature generation device, an electronic device, and a readable storage medium.
Background
The digital signature technology can ensure the integrity of information transmission, carry out identity authentication of an information sender and prevent repudiation in transactions. The public key cryptographic algorithm of elliptic curve of commercial cryptography (Shang yong Mi ma, SM 2) is one of digital signature cryptographic algorithms issued by national cryptography administration, and in the process of the SM2 algorithm, the steps of computing multiple points of a base point on an elliptic curve and the like consume most of the time of signature operation. Some current signature algorithms, such as binary expansion or table lookup, optimize the SM2 calculation process, but still perform time-consuming point operations several times, significantly reducing the speed of signature operations, and thus reducing the efficiency of generating digital signatures.
Disclosure of Invention
The embodiment of the invention provides a digital signature generation method, a digital signature generation device, electronic equipment and a readable storage medium, which can improve the efficiency of generating digital signatures.
The technical scheme of the invention is realized as follows:
in a first aspect, an embodiment of the present invention provides a digital signature generation method, including:
calculating a hash value corresponding to a message to be signed based on original information input by a signing party and the message to be signed;
Acquiring a preset signature parameter set from a cache pool; the preset signature parameter set includes: the random number, elliptic curve points corresponding to the random number and at least one illegal hash value corresponding to the elliptic curve points; the preset signature parameter set is generated through pre-calculation and stored in the cache pool; the at least one illegal hash value is obtained by calculating an illegal signature value based on elliptic curve points corresponding to the random numbers;
and determining the digital signature of the message to be signed based on the hash value, the random number and the elliptic curve point in the case that the at least one illegal hash value does not comprise the hash value.
In a second aspect, an embodiment of the present invention provides a digital signature generating apparatus, including:
the hash value generation module is used for calculating a hash value corresponding to the message to be signed based on the original information input by the signing party and the message to be signed;
the acquisition module is used for acquiring a preset signature parameter set from the cache pool; the preset signature parameter set includes: the random number, elliptic curve points corresponding to the random number and at least one illegal hash value corresponding to the elliptic curve points; the preset signature parameter set is generated through pre-calculation and stored in the cache pool; the at least one illegal hash value is obtained by calculating an illegal signature value based on elliptic curve points corresponding to the random numbers;
And the signature module is used for determining the digital signature of the message to be signed based on the hash value, the random number and the elliptic curve point under the condition that the at least one illegal hash value does not comprise the hash value.
In a third aspect, an embodiment of the present invention provides an electronic device, including a memory and a processor; wherein the memory is configured to store executable instructions;
the processor is used for realizing the digital signature generation method provided by the embodiment of the invention when executing the executable instructions stored in the memory.
In a fourth aspect, an embodiment of the present invention provides a readable storage medium storing executable instructions for implementing the digital signature generation method provided by the embodiment of the present invention when the executable instructions cause a processor to execute.
In a fifth aspect, embodiments of the present invention provide a computer program product, including a computer program or instructions, which when executed by a processor implement the digital signature generation method provided by the embodiments of the present invention.
The embodiment of the invention provides a digital signature generation method, a device, electronic equipment and a readable storage medium, wherein when an SM2 digital signature process is executed, after a hash value corresponding to a message to be signed is calculated, a random number, an elliptic curve point corresponding to the random number and at least one illegal hash value corresponding to the elliptic curve point which are obtained by calculation in advance are obtained from a cache pool; and under the condition that at least one illegal hash value does not comprise the hash value corresponding to the message to be signed, carrying out SM2 digital signature calculation based on the hash value corresponding to the message to be signed and elliptic curve points directly obtained from the cache pool, and determining the digital signature of the message to be signed. Wherein, at least one illegal hash value is obtained by calculating an illegal signature value based on elliptic curve points corresponding to random numbers. Therefore, the steps of calculating elliptic curve points and verifying illegal signature values based on the calculated elliptic curve points in the SM2 digital signature generation process are saved, the SM2 digital signature generation time is shortened, and the digital signature generation efficiency is improved.
Drawings
Fig. 1 is a schematic flow chart of a digital signature generation method according to an embodiment of the present invention;
fig. 2 is a second schematic flow chart of a digital signature generating method according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating a digital signature generation method according to an embodiment of the present invention;
fig. 4 is a flowchart of a digital signature generation method according to an embodiment of the present invention;
fig. 5 is a flowchart of a digital signature generation method according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an alternative digital signature generating apparatus according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an alternative electronic device according to an embodiment of the present invention.
Detailed Description
The present invention will be further described in detail with reference to the accompanying drawings, for the purpose of making the objects, technical solutions and advantages of the present invention more apparent, and the described embodiments should not be construed as limiting the present invention, and all other embodiments obtained by those skilled in the art without making any inventive effort are within the scope of the present invention.
In the following description, reference is made to "some embodiments" which describe a subset of all possible embodiments, but it is to be understood that "some embodiments" can be the same subset or different subsets of all possible embodiments and can be combined with one another without conflict.
In the following description, the terms "first", "second", "third" and the like are merely used to distinguish similar objects and do not represent a specific ordering of the objects, it being understood that the "first", "second", "third" may be interchanged with a specific order or sequence, as permitted, to enable embodiments of the invention described herein to be practiced otherwise than as illustrated or described herein.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used herein is for the purpose of describing embodiments of the invention only and is not intended to be limiting of the invention.
Section 2 in GMT 0003.2-2012 SM2 elliptic curve public key cryptography algorithm: digital signature algorithm in the "canonical document," the flow of SM2 digital signature is defined as follows:
let the message to be signed be M, in order to obtain the digital signature of the message MThe user a as the signer should implement the following operation steps:
a1: device for placing articles. Wherein (1)>Is a hash value of the discernable identity of user a, the partial elliptic curve system parameters, and the user a public key. />Representation- >Concatenation with a message M to be signed.
A2: calculation ofThe data type of e is converted to an integer according to the methods given in sections 4.2.4 and 4.2.3 of GMT 0003.2-2012 SM2 elliptic curve public key cryptography algorithm. Wherein (1)>For message digest length +.>Cryptographic hash function of bits.
A3: generating a random number k by a random number generator; wherein, the liquid crystal display device comprises a liquid crystal display device,n is the order of the base point G on the preset elliptic curve, and n is a prime number.
A4: calculating elliptic curve pointsThe method given in section 4.2.8 of the GMT 0003.2-2012 SM2 elliptic Curve public Key Algorithm will +.>Is converted into an integer. Wherein [ k ]]G is the k-fold point of the base point G on the preset elliptic curve, i.e. +.>K is a positive integer.
A5: calculation ofIf (if)Or (b)Then return to A3. Wherein, the liquid crystal display device comprises a liquid crystal display device,is a modulo-n operation.
A6: calculation ofIf->Then return to A3. Wherein (1)>Is the private key of user a.
A7: converting the data types of r and s into byte string types according to the method given in the 4.2.2 part of GMT 0003.2-2012 SM2 elliptic curve public key cryptography algorithm, thereby obtaining the signature of the message M as
The generation of SM2 digital signatures by the steps A1-A7 described above is very time consuming, wherein the calculation of elliptic curve points in step A4 consumes a significant part of the time of the signature calculation. And, in step A5, if the calculated r is an illegal value, e.g Or->And returning to the step A3 to carry out the operation of elliptic curve points again, thereby further increasing the generation time of the digital signature and reducing the efficiency of generating the SM2 digital signature.
Currently, the related art generally uses a binary expansion method or a table look-up method to calculate elliptic curve points. Wherein [ k ] is calculated by binary expansion method]In G, k is spread according to the bit sequence to makeThe calculation steps are as follows:
input:
and (3) outputting: q= [ k ] G
(here, 0 is a unit element in the group operation,/-for)>Representing initializing point Q to infinity 0)
for(i=t-1 to 0)
begin
Q=2Q
if (==1)
{
Q=Q+ G
}
end
return Q
It can be seen that since k is a random large number of 256 bits, and is randomly combined by 128 bits of 1 and 128 bits of 0 according to probability, 256 times of point operations (q= [ k ] G) and 128 times of point addition operations (q=q+g) are required on average in the calculation step of the binary expansion method, which is still very time-consuming.
The table look-up method is a table in which a base point including a specified value is calculated in advance based on a binary expansion method. When calculating [ k ] G, splitting k according to the bit width of the table, searching points in the table, and then performing multiple point addition operations to obtain the value of [ k ] G. In this process, multiple point-add operations are also very time-consuming.
The embodiment of the invention provides a digital signature generation method, a digital signature generation device, electronic equipment and a readable storage medium, which can improve the efficiency of generating SM2 digital signatures. Referring to fig. 1, fig. 1 is a flowchart illustrating a digital signature generation method according to an embodiment of the present invention. The following are provided:
s101, calculating a hash value corresponding to the message to be signed based on the original information input by the signing party and the message to be signed.
The embodiment of the invention is an optimization algorithm based on an SM2 digital signature algorithm. The embodiment of the invention is applied to the electronic equipment. The electronic device is provided with an application program related to the SM2 digital signature function, and the application program can comprise a payment application, a blockchain application and the like. In some embodiments, the electronic device may include a terminal, and may also include a server. The terminal may include a smart phone, a smart watch, a notebook computer, a tablet computer, a desktop computer, a mobile device, an intelligent voice interaction device, a smart home appliance, a vehicle-mounted terminal, and the like, which need signature authentication of information such as identity authentication or ciphertext authentication, so as to implement a terminal or a user terminal with related functions. The server may include a server cryptographic engine, a signature verification server, etc. that provides signature operations, etc. The embodiment of the invention is not limited, and is specifically selected according to the actual situation.
In the embodiment of the invention, the original information input by the signer comprises: the original information entered by the signer includes a discernible identification of the signer, a partial elliptic curve system parameter and a hash value of the signer's public key. The original information input by the signer can be exemplified by the SM2 digital signature algorithm
In S101, based on the original information input by the signing party and the message to be signed, calculating the hash value corresponding to the message to be signed may be described in steps A1 and A2 in the SM2 digital signature algorithm flow. Determining a spliced message according to the splicing of the original information Z and the message M to be signedWherein->The method comprises the steps of carrying out a first treatment on the surface of the By +_ing for spliced messages>Carry out message digest length +.>Bit cryptographic hash function processing and data type conversion, determining a hash value e,/-corresponding to a message to be signed>
S102, acquiring a preset signature parameter set from a cache pool; the preset signature parameter set comprises: the random number, elliptic curve point corresponding to the random number and at least one illegal hash value corresponding to the elliptic curve point; the preset signature parameter set is generated through pre-calculation and stored in a cache pool; at least one illegal hash value is obtained by calculating an illegal signature value based on elliptic curve points corresponding to the random numbers.
In the embodiment of the invention, the electronic equipment performs the steps A3 and A4 in the SM2 digital signature algorithm in advance to generate at least one random number and at least one elliptic curve point corresponding to the at least one random number. In some embodiments, elliptic curve point [ k ] G is a k-fold point of a base point on a preset elliptic curve. k is a generated random number. And the electronic equipment calculates illegal signature values based on the elliptic curve points corresponding to each random number, and generates at least one illegal hash value corresponding to each elliptic curve point in at least one elliptic curve point.
In the embodiment of the invention, on the basis of pre-calculating elliptic curve points corresponding to random numbers, the calculation formula of the illegal hash value, namely the preset constraint condition of the illegal signature value, can be obtained by deducing based on the step A5 of the SM2 digital signature algorithm. In step A5, points based on elliptic curvesSM2 digital signature can be calculated>First signature value +.>. If->Or->If r is an illegal signature value, the step A3 is needed to be returned to regenerate the random number and calculate the random number pairPoints of the elliptic curve are supposed. Based on step A5, in->Or->And (3) carrying out deduction on the premise that the establishment is established, and obtaining a calculation formula of an illegal hash value e, wherein r is an illegal value, and taking the calculation formula as a preset constraint condition of the illegal signature value. Based on elliptic curve points, the e value calculated according to the constraint condition of the preset illegal signature value is the illegal hash value. Thus, if at least one illegal hash value in the preset signature parameter set does not include the hash value corresponding to the message to be signed calculated in S101, it is explained that the calculation process of step A5 is performed according to the hash value corresponding to the message to be signed and the elliptic curve point in the preset signature parameter set, and the obtained first signature value is not an illegal signature value, so that step A5 is not needed any more >Or->Is performed in the authentication process.
In the embodiment of the invention, the electronic device takes a random number, an elliptic curve point corresponding to the random number and at least one illegal hash value corresponding to the elliptic curve point which are generated in advance as a preset signature parameter set, so as to determine at least one preset signature parameter set, and stores the at least one preset signature parameter set in a cache pool in advance. Thus, when the SM2 digital signature is performed, the preset signature parameter set can be taken out from the cache pool under the condition of calculating the hash value corresponding to the message to be signed.
S103, under the condition that at least one illegal hash value does not comprise the hash value, determining the digital signature of the message to be signed based on the hash value, the random number and elliptic curve points in a preset signature parameter set.
In the embodiment of the present invention, in the case that at least one illegal hash value does not include the hash value corresponding to the message to be signed, the method may be based on the message to be signedContinuing to execute the steps A5, A6 and A7 by the hash value corresponding to the name message, the random number and elliptic curve point in the preset signature parameter set taken out from the cache; and, skip the pair when executing the A5 stepOr->Is performed in the authentication process. That is, by directly acquiring the pre-calculated set of preset signature parameters from the cache pool, steps A3 and A4 in the SM2 digital signature algorithm can be skipped; by comparing the hash value corresponding to the message to be signed with at least one illegal hash value in the preset signature parameter set, the process that r value verification in the step A5 is not recalculated by returning to the step A3 is avoided, and therefore the speed of generating the SM2 digital signature is greatly improved.
In some embodiments, when at least one illegal hash value includes a hash value corresponding to a message to be signed, it is described that the first signature value r calculated based on the hash value and the random number and elliptic curve point in the preset signature parameter set is an illegal signature value, and the verification process of the r value in step A5 cannot be passed. The electronic equipment acquires a next preset signature parameter set from the cache pool, compares at least one illegal hash value in the next preset signature parameter set with a hash value corresponding to the message to be signed until the at least one illegal hash value in the next preset signature parameter set does not comprise the hash value corresponding to the message to be signed, and determines the digital signature of the message to be signed based on the hash value corresponding to the message to be signed, the random number in the next preset signature parameter set and the elliptic curve point corresponding to the random number in the next preset signature parameter set.
In some embodiments, for a process of determining a digital signature of a message to be signed based on a hash value, a random number and an elliptic curve point in a preset signature parameter set, performing modulo n operation on a sum of horizontal coordinate values of the hash value and the elliptic curve point in the preset signature parameter set, and determining a first signature value corresponding to the message to be signed; i.e. A5 step in SM2 digital signature algorithm And in the calculation process, r is a first signature value. Here, since at least one illegal hash value in the preset signature parameter set does not include the hash value corresponding to the message to be signed, the validity of the first signature value r does not need to be verified, and the second signature value corresponding to the message to be signed can be determined directly based on the first signature value r, the random number k in the preset signature parameter set and the private key of the signing party. Here, the process of determining the second signature value may be as in the step A6 of the SM2 digital signature algorithm, by the formula +.>And calculating, wherein s is a second signature value. Further, the data type conversion of the step A7 is performed based on the first signature value and the second signature value corresponding to the message to be signed, and the digital signature (r, s) of the message to be signed is determined.
It can be understood that, in the embodiment of the present invention, when executing the SM2 digital signature process, after calculating the hash value corresponding to the message to be signed, at least one illegal hash value corresponding to the random number, the elliptic curve point corresponding to the random number and the elliptic curve point obtained by pre-calculation is obtained from the cache pool; and under the condition that at least one illegal hash value does not comprise the hash value corresponding to the message to be signed, carrying out SM2 digital signature calculation based on the hash value corresponding to the message to be signed and elliptic curve points directly obtained from the cache pool, and determining the digital signature of the message to be signed. Wherein, at least one illegal hash value is obtained by calculating an illegal signature value based on elliptic curve points corresponding to random numbers. Therefore, the steps of calculating elliptic curve points and verifying illegal signature values based on the calculated elliptic curve points in the SM2 digital signature generation process are saved, the SM2 digital signature generation time is shortened, and the SM2 digital signature generation efficiency is improved.
It should be noted that, in the embodiment of the present invention, when at least one illegal hash value in each preset signature parameter set obtained from the cache pool includes a hash value corresponding to a message to be signed, the digital signature of the message to be signed is generated according to steps A3-A7 of the SM2 digital signature without using the preset signature parameter set.
In some embodiments, before the preset signature parameter set is obtained from the cache pool, based on fig. 1, as shown in fig. 2, S001-S002 may be further included as follows:
s001, determining whether the cache pool is full.
In the embodiment of the present invention, the preset signature parameter set obtained from the cache pool in S102 is deleted from the cache pool, so as to ensure that the digital signature can be generated according to different random numbers. The electronic device determines whether the cache pool is full by checking the memory usage condition of the cache pool.
For example, the electronic device may periodically check the data in the cache pool and the free cache space to determine if the cache pool is full.
S002, generating at least one preset signature parameter set and storing the at least one preset signature parameter set in the cache pool under the condition that the cache pool is not full.
In the embodiment of the invention, under the condition that the cache pool is not full, the electronic equipment generates at least one preset signature parameter set and stores the preset signature parameter set in the cache pool, and the preset signature parameter set in the cache pool is timely supplemented.
In some embodiments, the generating at least one preset signature parameter set in S002 and storing the at least one preset signature parameter set in the cache pool includes:
generating at least one random number, performing multiple point calculation according to each random number in the at least one random number and a base point of a preset elliptic curve, and determining at least one elliptic curve point corresponding to the at least one random number; performing illegal signature value calculation based on each elliptic curve point in the at least one elliptic curve points and a preset illegal signature value constraint condition, and determining at least one illegal hash value corresponding to each elliptic curve point; and determining each random number, an elliptic curve point corresponding to each random number and at least one illegal hash value corresponding to the elliptic curve point (elliptic curve point corresponding to each random number) as a preset signature parameter set, thereby determining at least one preset signature parameter set, and storing the at least one preset signature parameter set into a cache pool.
In some implementationsIn an embodiment, the preset illegal signature value constraint condition includes: the first signature value in the digital signature is 0; i.e. r=0. Wherein the first signature value is determined by modulo n operation of the hash value and the horizontal coordinate value of the elliptic curve point, i.e ;/>Is the horizontal coordinate value of the elliptic curve point; n is the order of the base point of the preset elliptic curve. The above-mentioned process of performing illegal signature value calculation based on each elliptic curve point in the at least one elliptic curve point and a preset illegal signature value constraint condition, and determining at least one illegal hash value corresponding to each elliptic curve point may include:
a first product of n and at least one first predetermined coefficient is determined. And determining at least one illegal hash value corresponding to each elliptic curve point according to the difference between the at least one first product and the horizontal coordinate value of each elliptic curve point.
In the embodiment of the invention, n is multiplied by each first preset coefficient in at least one first preset coefficient to obtain a first product, so as to obtain at least one first product. And (3) differencing each first product in the at least one first product with the horizontal coordinate value of each elliptic curve point to obtain at least one illegal hash value corresponding to each elliptic curve point.
In the embodiment of the invention, according to the calculation formula of the first signature valueCan be derived fromFurther deriving->. Deriving by combining the constraint condition r=0 of the preset illegal signature value to obtain +. >. Wherein, M corresponds to a first preset coefficient, M is a multiple of n, and Mn is a first product. Since e and +.in the SM2 digital signature Specification>Are all positive numbers of 256 bits, and n is a fixed value ffffffff ffffffff ffffffff ffffffff 7203df6b 21c6052b 53bbf409 39d54123. It can be deduced that the first predetermined coefficient M can only take on a value of 1 or 2, i.e. the range of values of the first predetermined coefficient is [1,2 ]]. In case M is 1, the illegal hash value may be obtained byCalculated, in case M is 2, the illegal hash value can be obtained by +.>And calculating to obtain at least one illegal hash value corresponding to each elliptic curve point. Wherein the illegal hash value is a positive number of 256 bits.
In some embodiments, the preset illegal signature value constraint comprises: the first signature value in the digital signature is the difference between n and the random number; i.e. the. The above-mentioned process of performing illegal signature value calculation based on each elliptic curve point in the at least one elliptic curve point and a preset illegal signature value constraint condition, and determining at least one illegal hash value corresponding to each elliptic curve point may include:
determining at least one second product of n and at least one second preset coefficient; at least one first difference between the at least one second product and the random number corresponding to each elliptic curve point is determined, and at least one illegal hash value corresponding to each elliptic curve point is determined according to the difference between the at least one first difference and the horizontal coordinate value of each elliptic curve point.
In the embodiment of the invention, n is multiplied by each second preset coefficient in the at least one second preset coefficient to obtain a second product, thereby obtaining at least one second product. And (3) differencing each second product in the at least one second product with the horizontal coordinate value of each elliptic curve point to obtain at least one illegal hash value corresponding to each elliptic curve point.
In the embodiment of the invention, according to the calculation formula of the first signature valueCan be derived fromFurther deriving->. Combining the constraint condition of the preset illegal signature value>Deriving to obtain +.>Further deriving->. Wherein (m+1) corresponds to a second preset coefficient. Since in the SM2 digital signature Specification e, k and +.>Are all positive numbers of 256 bits, and n is a fixed value ffffffff ffffffff ffffffff ffffffff 7203df6b 21c6052b 53bbf409 39d54123. It can be deduced that M can only take on values of 0, 1 or 2, i.e. the range of values of the second predetermined coefficient (M+1) is [1,2,3 ]]. In case the second preset coefficient is 1, the illegal hash value may be obtained by +.>And (5) calculating to obtain the product. In case the second preset coefficient is 2, the illegal hash value may be passed throughAnd (5) calculating to obtain the product. In case the second preset coefficient is 3, the illegal hash value may be obtained by +. >And (5) calculating to obtain the product. Thus, at least one illegal hash value corresponding to each elliptic curve point can be calculated. Wherein the illegal hash value is a positive number of 256 bits.
It will be appreciated that by pre-computing at least one illegal hash value corresponding to an elliptic curve point, the hash value corresponding to the message to be signed may be compared with the at least one illegal hash value. Because the at least one illegal hash value is obtained by deducting and calculating the illegal signature value of the first signature value as a constraint condition, under the condition that the at least one illegal hash value does not contain the hash value corresponding to the message to be signed, the first signature value calculated according to the hash value corresponding to the message to be signed, the elliptic curve point and the random number corresponding to the elliptic curve point can not be the illegal signature value, the situation that the step A3 is returned to be recalculated when r is the illegal signature value in the step A5 of the current SM2 digital signature algorithm is avoided, the generation speed of the digital signature is accelerated, and the generation efficiency of the digital signature is improved.
In the embodiment of the invention, based on the method for accelerating the generation of the SM2 digital signature by using the preset signature parameter set in the cache pool, it can be seen that the larger the cache pool space is, the more the number of the preset signature parameter sets is, and the more the generated digital signature can be accelerated. However, since the memory space of the electronic device is limited, a balance needs to be struck between the buffer pool space size and signature acceleration. The embodiment of the invention can automatically adjust the space of the cache pool according to the total space of the memory or the occupied ratio of the available space of the memory. In some embodiments, as shown in FIG. 3, including S201-S204, are as follows:
S201, acquiring the total memory of the electronic equipment.
S202, under the condition that the memory occupation amount of the cache pool is smaller than a first preset duty ratio threshold value of the total memory amount, acquiring the current available memory amount of the electronic equipment.
In the embodiment of the invention, the memory information, such as the total memory amount or the available memory amount, of the electronic device can be obtained by calling a preset memory information reading interface. In some embodiments, the total memory refers to the size of the total memory space in the electronic device. Under the condition that the memory occupied by the cache pool is smaller than a first preset duty ratio threshold value of the total memory, the fact that the memory occupied by the cache pool is smaller can be indicated, and the memory occupied by the cache pool can be further compared with the current available memory of the electronic equipment to determine whether the memory space of the cache pool can be increased or not.
The size of the total memory space may be obtained, for example, by reading the MemTotal field in the electronic device system file. The first preset duty cycle threshold may be 10%. That is, the current amount of available memory is obtained in the case where the memory space of the cache pool is less than 10% of the total memory space.
And S203, adding the memory block to the cache pool under the condition that the memory occupation amount is smaller than a second preset occupation ratio threshold value of the available memory amount.
In the embodiment of the invention, the size of the available memory space in the available memory amount electronic device. Under the condition that the memory occupancy rate of the cache pool is smaller than a second preset duty ratio threshold value of the available memory quantity, the fact that a larger available memory space exists on the electronic equipment currently is indicated, and part of memory can be divided from the available memory space and added into the cache pool so as to increase the memory space of the cache pool.
The size of the available memory space may be obtained, for example, by reading the MemFree field in the electronic device system file. The second preset duty cycle threshold may be 50%. That is, in the case where the memory space of the cache pool is less than 50% of the available memory space, a portion of the available memory is added to the cache pool.
In some embodiments, the memory in the cache pool comprises: a memory block linked list; the memory block linked list comprises: at least one page of memory block corresponding to at least one linked list node. The adding of the memory blocks to the cache pool can be realized by adding the memory blocks corresponding to the linked list nodes to the memory block linked list.
In the embodiment of the invention, the cache pool is provided in a linked list form, and each linked list node corresponds to one page of memory block. By way of example, a page of memory block may be 4KB, and each page may store 16 preset signature parameter sets (each preset signature parameter set consisting of 256 bytes). The cache pool occupies 10% of the total memory of the system at maximum, and when the cache pool occupies less than 50% of the available memory of the system, one or more memory blocks corresponding to one or more linked list nodes are added to the cache pool.
S204, under the condition that the memory occupation amount is larger than or equal to a third preset duty ratio threshold value of the available memory amount, releasing the idle memory blocks in the cache pool.
In the embodiment of the invention, under the condition that the memory occupation amount is larger than or equal to the third preset occupation ratio threshold value of the available memory amount, the fact that the buffer pool occupies too much available memory space is indicated, and the system operation of the electronic equipment can be influenced. Therefore, the free memory blocks in the cache pool need to be released, so that the memory occupation of the cache pool is reduced.
In the embodiment of the invention, the third preset duty ratio threshold is larger than or equal to the second preset duty ratio threshold. The third preset duty cycle threshold may be 60% by way of example. And when the memory size occupied by the cache pool is larger than 60% of the available memory space, releasing the idle memory blocks, and reducing the size of the cache pool.
In some embodiments, the cache pool of memory blocks is organized based on a linked list form, and memory blocks in the cache pool may be released by releasing free memory blocks corresponding to linked list nodes in the memory block linked list. Illustratively, one or more free memory blocks corresponding to one or more linked list nodes in the cache pool may be released.
For example, the above process of dynamically adjusting the size of the buffer pool and generating at least one preset signature parameter set in advance may be as shown in fig. 4, as follows:
S301, creating a cache pool.
The initial size of the buffer pool may be 10MB, for example.
S302, determining whether the size of the cache pool is smaller than 10% of the total memory of the system. If yes, S303 is executed, and if no, S305 is executed.
In S302, the total memory of the system corresponds to the total memory amount, and 10% corresponds to the first predetermined duty ratio threshold.
S303, determining whether the size of the cache pool is less than 50% of the available memory of the system. If yes, S304 is executed, and if no, S305 is executed.
In S303, the available memory of the system corresponds to the above-mentioned available memory amount, and 50% corresponds to the above-mentioned second preset duty cycle threshold.
S304, adding a page of memory into the cache pool.
S305, determining whether the size of the cache pool is larger than 60% of the available memory of the system. If yes, S306 is executed, otherwise S307 is executed.
S306, releasing an idle page of memory in the cache pool.
S307, determining whether the cache pool is full. If yes, execution is S308, otherwise, execution is S309.
S308, waiting for 1 second.
In S308, if the buffer pool is full, the process is restarted from S302 after waiting or sleeping for a preset time interval, for example, 1 second.
S309, generating a random number k.
S310, calculating [ k ] G.
S309-S312 correspond to the process of generating the random number in S002, performing the multiple point calculation according to the base point of the random number and the preset elliptic curve, and determining the elliptic curve point corresponding to the random number.
S311, calculating illegal e values.
In S311, the illegal e value corresponds to at least one illegal hash value described above. S311 corresponds to the above-mentioned process of performing the illegal signature value calculation based on the elliptic curve point and the preset illegal signature value constraint condition in S002, and determining at least one illegal hash value corresponding to the elliptic curve point.
S312, storing k, [ k ] G and illegal e values into a cache pool.
In S312, the electronic device writes the calculated values of k, [ k ] G and illegal e as a preset signature parameter set into the free memory block of the cache pool. The electronic device continues to execute the flow from S302, and performs the adjustment of the size of the buffer pool and/or the generation of the preset signature parameter set.
It can be understood that the size of the buffer pool is dynamically scaled according to the total amount of memory and the amount of available memory in the system, so that the occupation of less memory space and the improvement of digital signature efficiency can be automatically balanced according to the current memory use condition of the system, and the efficiency of digital signature can be improved under the condition that the operation of the system is not influenced.
In some embodiments, the process of generating at least one preset signature parameter set in S002 to store in the cache pool may be implemented in a multithreaded manner by fully utilizing the parallel processing capability of the processor on the electronic device. The process of generating at least one preset signature parameter set and storing the same in the cache pool may include: generating at least one preset signature parameter set in parallel through a plurality of first threads; and for each first thread in the plurality of first threads, under the condition that the write lock corresponding to the cache pool is acquired, storing a preset signature parameter set corresponding to each first thread into the cache pool, and releasing the write lock.
In the embodiment of the invention, the first thread may be a background thread, and is used for generating a preset signature parameter set and writing operation of a cache pool. The background process can adopt a multithreading mode to calculate k, [ k ] G and illegal e values in parallel, and then the calculation result is stored in a cache pool as a preset signature parameter set.
In the embodiment of the invention, the shared cache pool is accessed by multiple threads concurrently, and a read-write lock is required. When a plurality of first threads write the respectively generated preset signature parameter sets into the cache pool concurrently, the write lock of the cache pool needs to be acquired first, and the write lock is released after the preset signature parameter sets are written.
In some embodiments, the process of obtaining the preset signature parameter set from the cache pool in S102 may also be implemented in a multithreading manner, including: and under the condition that the read lock corresponding to the cache pool is acquired by each second thread in the plurality of second threads, acquiring a preset signature parameter set from the cache pool, and releasing the read lock.
In the embodiment of the invention, for a plurality of digital signature requests which are concurrent on the electronic device, a preset signature parameter set can be obtained from a cache pool through each of a plurality of second threads, and the preset signature parameter set is provided for a corresponding digital signature request in the plurality of digital signature requests. And acquiring a read lock corresponding to the cache pool through each second thread in the plurality of second threads, and acquiring a digital signature request provided for each second thread by a preset signature parameter set from the cache pool under the condition that the read lock is acquired, so that the digital signature request corresponding to each second thread generates a digital signature of a message to be signed corresponding to the digital signature request based on the preset signature parameter set.
It can be understood that by means of parallel reading and writing of the cache pool, the generation process of the SM2 digital signature is further accelerated, and the efficiency of generating the SM2 digital signature is improved.
In some embodiments, the SM2 digital signature generation method of the embodiments of the present invention may be implemented in a dynamic library, and by calling the dynamic library by an application program, a corresponding digital signature is generated for a message to be signed applied by the application program.
In some embodiments, before calculating the hash value corresponding to the message to be signed based on the original information and the message to be signed input by the signing party in S101, the original information and the message to be signed may also be received through a preset dynamic library signature interface. After determining the digital signature of the message to be signed in S103, the digital signature corresponding to the message to be signed may also be returned to the signing party through the preset dynamic library signature interface.
For example, the dynamic library libsm2.So may be implemented in advance by a code, and after compiling the linked dynamic library libsm2.So in the application, the application may input the message M, i.e. the message to be signed, by calling a preset signature interface in libsm2.So, and wait for a digital signature of the returned message M. As shown in fig. 5, the following is provided:
S401, request to calculate the digital signature of the message M.
In S401, the application program invokes a preset signature interface of a preset dynamic library, and inputs original information Z of a signature party and a message to be signed: message M.
S402, placing
S403, calculating a hash value e of M1.
S402-S403 correspond to S101 in the above embodiment, corresponding to steps A1-A2 in the SM2 digital signature algorithm. The hash value e of M1 is the hash value corresponding to the message M.
S404, determining whether the cache pool is not empty.
In S404, before the called signature process in the preset dynamic library obtains the cache entry from the cache pool, it is determined whether the cache pool is not empty. In the case that the cache pool is not empty, S405 is performed to generate a digital signature of the message M based on the cache item. In case the buffer pool is empty, S407 is performed to generate a digital signature of the message M by the current SM2 digital signature algorithm.
S405, taking out a cache item from the cache pool.
In S405, the cache entry corresponds to the above-mentioned default signature parameter set.
S406, determining whether the hash value e is in an illegal e list of the cache item.
In S406, the illegal e list corresponds to at least one illegal hash value described above. In case the calculated hash value e of the message M is contained in the illegal e list of cache entries, S405 is performed to re-fetch the cache entries from the cache pool. In case that the hash value e of the message M is not contained in the illegal e list of the cache entry, S409 is performed.
S407, generating a random number k.
S408, calculating [ k ] G.
S407 and S408 correspond to steps A3-A4 in the current SM2 digital signature algorithm.
S409, calculating a first signature value r.
In S409, the first signature value r may be calculated based on the random number and elliptic curve point in the cache entry, or may be calculated based on the random numbers k and k G calculated in S407 and S408. It should be noted that, the verification of r=0 or r+k=n is not required for the first signature value r calculated based on the random number and the elliptic curve point in the cache entry.
S410, calculating a second signature value S.
In S410, a second signature value S is calculated based on the first signature value r calculated in S409.
S411, determining the digital signature (r, S) of the message M.
In S411, the digital signature (r, S) of the message M is determined according to the first signature value r and the second signature value S, and returned to the application program through the preset signature interface of the preset dynamic library.
S412, acquiring the digital signature of the message M.
In S412, the application program obtains the digital signature of the message M through the preset signature interface.
It should be noted that, the S501-S512 process executed by the background process of the preset dynamic library in fig. 5 is identical to the S301-S312 process in fig. 4, and will not be described herein.
It should be noted that, in the embodiment of dynamic expansion of the cache pool, the memory blocks in the cache pool may also be applied and released by the preset dynamic pool, that is, the size of the cache pool may be maintained by the preset dynamic pool.
It can be understood that the digital signature generation method of the embodiment of the invention is realized in the dynamic library, which is more beneficial to conveniently applying the digital signature generation method of the embodiment of the invention on different electronic equipment or in different application programs, thereby improving the application flexibility of the digital signature method.
In some embodiments, in order to adapt to various application scenarios, for example, an application program requiring digital signature needs an exclusive processor or has a high requirement on memory occupation, the digital signature method of the embodiment of the present invention may perform switch control by enabling a switch. When the enable switch is turned off, the method is as described in part 2 of the GMT 0003.2-2012 SM2 elliptic Curve public Key cryptography Algorithm: the standard signature flow of the digital signature algorithm "generates a digital signature; when the enabling switch is turned on, a digital signature is generated according to the digital signature method in the embodiment of the invention. Accordingly, the obtaining the preset signature parameter set from the cache pool in S102 may include:
Reading a preset configuration field from a preset configuration file; and under the condition that the preset configuration field is a first preset value, acquiring a preset signature parameter set from the cache pool.
In some embodiments, the first preset value characterizes a digital signature generation method enabling embodiments of the present invention. Under the condition that the preset configuration field is a first preset value, a preset signature parameter set is obtained from the cache pool, so that the digital signature generation method in the embodiment of the invention is realized based on the preset signature parameter set. The configuration of the preset configuration field may be performed in a configuration file in the preset dynamic library as described above, for example. When the user configures the preset configuration field as enable, the preset configuration field is equal to the first preset value, and the digital signature generation method in the embodiment of the invention is adopted. When the user configures the preset configuration field as disable, signature operation is performed according to steps in the SM2 specification.
It can be understood that, by presetting whether the configuration field configuration enables the digital signature method in the embodiment of the invention, the method for generating the digital signature can be selected according to the actual situation, thereby improving the flexibility of the digital signature mode.
The embodiment of the invention also provides a digital signature generation device which is applied to the electronic equipment of the embodiment of the invention. Fig. 6 is a schematic structural diagram of a digital signature generating apparatus according to an embodiment of the present invention. As shown in fig. 6, the digital signature generating apparatus 1 includes: a hash value generation module 11, an acquisition module 12 and a signature module 13, wherein:
The hash value generating module 11 is configured to calculate a hash value corresponding to a message to be signed based on original information input by a signing party and the message to be signed.
The acquiring module 12 is configured to acquire a preset signature parameter set from the cache pool; the preset signature parameter set includes: the random number, elliptic curve points corresponding to the random number and at least one illegal hash value corresponding to the elliptic curve points; the preset signature parameter set is generated through pre-calculation and stored in the cache pool; and the at least one illegal hash value is obtained by calculating an illegal signature value based on the elliptic curve point corresponding to the random number.
The signature module 13 is configured to determine, in a case where the at least one illegal hash value does not include the hash value, a digital signature of the message to be signed based on the hash value, the random number and the elliptic curve point.
In some embodiments, the digital signature generating apparatus 1 further includes a preset signature parameter generating module; before the preset signature parameter set is obtained from the cache pool, the preset signature parameter generation module is used for determining whether the cache pool is full; generating at least one preset signature parameter set and storing the preset signature parameter set into the cache pool under the condition that the cache pool is not full;
The preset signature parameter generation module is further used for generating at least one random number, performing multiple point calculation according to each random number in the at least one random number and a base point of a preset elliptic curve, and determining at least one elliptic curve point corresponding to the at least one random number; performing illegal signature value calculation based on each elliptic curve point in the at least one elliptic curve point and a preset illegal signature value constraint condition, and determining at least one illegal hash value corresponding to each elliptic curve point; and determining each random number, an elliptic curve point corresponding to each random number and at least one illegal hash value corresponding to the elliptic curve point as a preset signature parameter set, thereby determining at least one preset signature parameter set, and storing the at least one preset signature parameter set into the cache pool.
In some embodiments, the preset illegal signature value constraint comprises: the first signature value in the digital signature is 0; the first signature value is determined by carrying out modulo n operation on the hash value and the horizontal coordinate value of the elliptic curve point; n is the order of a base point of a preset elliptic curve; the preset signature parameter generation module is further used for determining at least one first product of n and at least one first preset coefficient; determining at least one illegal hash value corresponding to each elliptic curve point according to the difference between the at least one first product and the horizontal coordinate value of each elliptic curve point; wherein, the value range of the first preset coefficient is [1,2]; the illegal hash value is a positive number of 256 bits.
In some embodiments, the preset illegal signature value constraint comprises: the first signature value in the digital signature is the difference between n and the random number; the preset signature parameter generation module is further used for determining at least one second product of n and at least one second preset coefficient; determining at least one first difference value between the at least one second product and the random number corresponding to each elliptic curve point, and determining at least one illegal hash value corresponding to each elliptic curve point according to the difference between the at least one first difference value and the horizontal coordinate value of each elliptic curve point; wherein the value range of the second preset coefficient is [1,2,3]; the illegal hash value is a positive number of 256 bits.
In some embodiments, the signature module 13 is further configured to perform a modulo-n operation on a sum of the hash value and a horizontal coordinate value of the elliptic curve point to determine a first signature value corresponding to the message to be signed; determining a second signature value corresponding to the message to be signed based on the first signature value corresponding to the message to be signed, the random number and a private key of the signer; a digital signature of the message to be signed is determined based on the first signature value and the second signature value.
In some embodiments, after the obtaining the set of preset signature parameters from the cache pool, the obtaining module 12 is further configured to obtain a next set of preset signature parameters from the cache pool if the at least one illegal hash value includes the hash value; the signature module 13 is further configured to compare the illegal hash value in the next preset signature parameter set with the hash value until, in the case that the illegal hash value in the next preset signature parameter set does not include the hash value, determine the digital signature of the message to be signed based on the hash value, the elliptic curve point corresponding to the random number in the next preset signature parameter set and the random number in the next preset signature parameter set.
In some embodiments, the digital signature generating apparatus 1 further comprises a cache management module; the acquiring module 12 is further configured to acquire a total memory of the electronic device; acquiring the current available memory quantity of the electronic equipment under the condition that the memory occupation quantity of the cache pool is smaller than a first preset occupation ratio threshold value of the total memory quantity; the cache management module is configured to add a memory block to the cache pool under a condition that the memory occupation amount is smaller than a second preset occupation ratio threshold value of the available memory amount; releasing the idle memory blocks in the cache pool under the condition that the memory occupation amount is larger than or equal to a third preset occupation ratio threshold value of the available memory amount; the third preset duty cycle threshold is greater than or equal to the second preset duty cycle threshold.
In some embodiments, the memory in the cache pool includes: a memory block linked list; the memory block linked list comprises: at least one page of memory block corresponding to at least one linked list node; the cache management module is further used for adding memory blocks corresponding to the linked list nodes to the memory block linked list; and the cache management module is also used for releasing the idle memory blocks corresponding to the linked list nodes in the memory block linked list.
In some embodiments, the preset signature parameter generating module is further configured to generate, in parallel, the at least one preset signature parameter set through a plurality of first threads; for each first thread in the plurality of first threads, under the condition that a write lock corresponding to the cache pool is acquired, storing a preset signature parameter set corresponding to each first thread into the cache pool, and releasing the write lock;
the preset signature parameter generation module is further configured to, through each of the plurality of second threads, obtain the preset signature parameter set from the cache pool under the condition that a read lock corresponding to the cache pool is obtained, and release the read lock.
In some embodiments, before calculating the hash value corresponding to the message to be signed based on the original information input by the signing party and the message to be signed, the digital signature generating apparatus 1 further includes a calling module; the calling module is used for receiving the original information and the message to be signed through a preset dynamic library signature interface; and the calling module is further configured to return the digital signature corresponding to the message to be signed to the signer through the preset dynamic library signature interface after the digital signature of the message to be signed is determined.
In some embodiments, the obtaining module 12 is further configured to read a preset configuration field from a preset configuration file; and under the condition that the preset configuration field is a first preset value, acquiring the preset signature parameter set from the cache pool.
It should be noted that the description of the above device embodiments is similar to the description of the method embodiments described above, with similar advantageous effects as the method embodiments. For technical details not disclosed in the embodiments of the apparatus of the present invention, please refer to the description of the embodiments of the method of the present invention.
The embodiment of the invention also provides a terminal, and fig. 7 is an optional structural schematic diagram of the electronic device provided by the embodiment of the invention. As shown in fig. 7, the electronic apparatus 3 includes: a memory 31 and a processor 32. Wherein the memory 31 and the processor 32 are connected by a communication bus 33; a memory 31 for storing executable instructions; the processor 32 is configured to implement the digital signature generation method provided by the embodiment of the present invention when executing the executable instructions stored in the memory 31.
An embodiment of the present invention provides a computer-readable storage medium storing executable instructions, in which the executable instructions are stored, which when executed by the processor, cause the processor to perform the digital signature generation method provided by the embodiment of the present invention.
In some embodiments, the computer readable storage medium (i.e., readable storage medium) may be a ferroelectric random access Memory (Ferroelectric Random Access Memory, FRAM), read Only Memory (ROM), programmable Read Only Memory (Programmable Read Only Memory, PROM), erasable programmable Read Only Memory (Erasable Programmable Read Only Memory, EPROM), charged erasable programmable Read Only Memory (Electrically Erasable Programmable Read Only Memory, EEPROM), flash Memory, magnetic surface Memory, optical disk, or Read Only optical disk Memory (Compact Disc Read Only Memory, CD-ROM), or the like; but may be a variety of devices including one or any combination of the above memories.
In some embodiments, the executable instructions may be in the form of programs, software modules, scripts, or code, written in any form of programming language (including compiled or interpreted languages, or declarative or procedural languages), and they may be deployed in any form, including as stand-alone programs or as modules, components, subroutines, or other units suitable for use in a computing environment.
As an example, the executable instructions may, but need not, correspond to files in a file system, may be stored as part of a file that holds other programs or data, for example, in one or more scripts in a hypertext markup language (Hyper Text Markup Language, HTML) document, in a single file dedicated to the program in question, or in multiple coordinated files (e.g., files that store one or more modules, sub-programs, or portions of code).
As an example, executable instructions may be deployed to be executed on one computing device or on multiple computing devices located at one site or, alternatively, distributed across multiple sites and interconnected by a communication network.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of a hardware embodiment, a software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, magnetic disk storage, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The foregoing description is only of the preferred embodiments of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and scope of the present invention are included in the protection scope of the present invention.

Claims (14)

1. A digital signature generation method, comprising:
calculating a hash value corresponding to a message to be signed based on original information input by a signing party and the message to be signed;
acquiring a preset signature parameter set from a cache pool; the preset signature parameter set includes: the random number, elliptic curve points corresponding to the random number and at least one illegal hash value corresponding to the elliptic curve points; the preset signature parameter set is generated through pre-calculation and stored in the cache pool; the at least one illegal hash value is obtained by calculating an illegal signature value based on elliptic curve points corresponding to the random numbers;
And determining the digital signature of the message to be signed based on the hash value, the random number and the elliptic curve point in the case that the at least one illegal hash value does not comprise the hash value.
2. The method of claim 1, wherein prior to obtaining the set of preset signature parameters from the cache pool, the method further comprises:
determining whether the cache pool is full;
generating at least one preset signature parameter set and storing the preset signature parameter set into the cache pool under the condition that the cache pool is not full; wherein the generating at least one preset signature parameter set and storing the generated at least one preset signature parameter set in the cache pool comprises:
generating at least one random number, performing multiple point calculation according to each random number in the at least one random number and a base point of a preset elliptic curve, and determining at least one elliptic curve point corresponding to the at least one random number;
performing illegal signature value calculation based on each elliptic curve point in the at least one elliptic curve point and a preset illegal signature value constraint condition, and determining at least one illegal hash value corresponding to each elliptic curve point;
and determining each random number, an elliptic curve point corresponding to each random number and at least one illegal hash value corresponding to the elliptic curve point as a preset signature parameter set, thereby determining at least one preset signature parameter set, and storing the at least one preset signature parameter set into the cache pool.
3. The method of claim 2, wherein the preset illegal signature value constraint comprises: the first signature value in the digital signature is 0; the first signature value is determined by carrying out modulo n operation on the hash value and the horizontal coordinate value of the elliptic curve point; n is the order of a base point of a preset elliptic curve; the step of calculating the illegal signature value based on each elliptic curve point in the at least one elliptic curve point and a preset illegal signature value constraint condition, and determining at least one illegal hash value corresponding to each elliptic curve point comprises the following steps:
determining at least one first product of n and at least one first preset coefficient;
determining at least one illegal hash value corresponding to each elliptic curve point according to the difference between the at least one first product and the horizontal coordinate value of each elliptic curve point;
wherein, the value range of the first preset coefficient is [1,2]; the illegal hash value is a positive number of 256 bits.
4. The method of claim 2, wherein the preset illegal signature value constraint comprises: the first signature value in the digital signature is the difference between n and the random number; the step of calculating the illegal signature value based on each elliptic curve point in the at least one elliptic curve point and a preset illegal signature value constraint condition, and determining at least one illegal hash value corresponding to each elliptic curve point comprises the following steps:
Determining at least one second product of n and at least one second preset coefficient;
determining at least one first difference value between the at least one second product and the random number corresponding to each elliptic curve point, and determining at least one illegal hash value corresponding to each elliptic curve point according to the difference between the at least one first difference value and the horizontal coordinate value of each elliptic curve point;
wherein the value range of the second preset coefficient is [1,2,3]; the illegal hash value is a positive number of 256 bits.
5. The method according to any of claims 1-4, wherein said determining a digital signature of said message to be signed based on said hash value, said random number and said elliptic curve point comprises:
performing modulo n operation on the sum of the hash value and the horizontal coordinate value of the elliptic curve point to determine a first signature value corresponding to the message to be signed;
determining a second signature value corresponding to the message to be signed based on the first signature value corresponding to the message to be signed, the random number and a private key of the signer;
a digital signature of the message to be signed is determined based on the first signature value and the second signature value.
6. The method according to any one of claims 1-4, wherein after the obtaining the set of preset signature parameters from the cache pool, the method further comprises:
and under the condition that the at least one illegal hash value comprises the hash value, acquiring a next preset signature parameter set from the cache pool, comparing the illegal hash value in the next preset signature parameter set with the hash value until the illegal hash value in the next preset signature parameter set does not comprise the hash value, and determining the digital signature of the message to be signed based on the hash value, an elliptic curve point corresponding to the random number in the next preset signature parameter set and the random number in the next preset signature parameter set.
7. The method according to any one of claims 1-4, further comprising:
acquiring the total memory of the electronic equipment;
acquiring the current available memory quantity of the electronic equipment under the condition that the memory occupation quantity of the cache pool is smaller than a first preset occupation ratio threshold value of the total memory quantity;
under the condition that the memory occupation amount is smaller than a second preset occupation ratio threshold value of the available memory amount, adding a memory block to the cache pool;
Releasing the idle memory blocks in the cache pool under the condition that the memory occupation amount is larger than or equal to a third preset occupation ratio threshold value of the available memory amount; the third preset duty cycle threshold is greater than or equal to the second preset duty cycle threshold.
8. The method of claim 7, wherein the memory in the cache pool comprises: a memory block linked list; the memory block linked list comprises: at least one page of memory block corresponding to at least one linked list node;
the adding the memory block to the cache pool includes:
adding memory blocks corresponding to linked list nodes to the memory block linked list;
the releasing the free memory blocks in the cache pool comprises the following steps:
and releasing the idle memory blocks corresponding to the linked list nodes in the memory block linked list.
9. The method according to any one of claims 2-4, wherein generating and storing at least one set of preset signature parameters in the cache pool comprises:
generating the at least one preset signature parameter set in parallel through a plurality of first threads;
for each first thread in the plurality of first threads, under the condition that a write lock corresponding to the cache pool is acquired, storing a preset signature parameter set corresponding to each first thread into the cache pool, and releasing the write lock;
The obtaining the preset signature parameter set from the cache pool comprises the following steps:
and under the condition that the read lock corresponding to the cache pool is acquired by each second thread in the plurality of second threads, acquiring the preset signature parameter set from the cache pool, and releasing the read lock.
10. The method according to any one of claims 1-4, wherein before calculating a hash value corresponding to a message to be signed based on original information input by a signer and the message to be signed, the method further comprises:
receiving the original information and the message to be signed through a preset dynamic library signature interface;
after the determining the digital signature of the message to be signed, the method further comprises:
and returning the digital signature corresponding to the message to be signed to the signing party through the preset dynamic library signature interface.
11. The method according to any one of claims 1-4, wherein the obtaining a set of preset signature parameters from a cache pool includes:
reading a preset configuration field from a preset configuration file;
and under the condition that the preset configuration field is a first preset value, acquiring the preset signature parameter set from the cache pool.
12. A digital signature generation apparatus, comprising:
the hash value generation module is used for calculating a hash value corresponding to the message to be signed based on the original information input by the signing party and the message to be signed;
the acquisition module is used for acquiring a preset signature parameter set from the cache pool; the preset signature parameter set includes: the random number, elliptic curve points corresponding to the random number and at least one illegal hash value corresponding to the elliptic curve points; the preset signature parameter set is generated through pre-calculation and stored in the cache pool; the at least one illegal hash value is obtained by calculating an illegal signature value based on elliptic curve points corresponding to the random numbers;
and the signature module is used for determining the digital signature of the message to be signed based on the hash value, the random number and the elliptic curve point under the condition that the at least one illegal hash value does not comprise the hash value.
13. An electronic device, comprising: a memory and a processor; wherein, the liquid crystal display device comprises a liquid crystal display device,
the memory is used for storing executable instructions;
the processor being configured to implement the method of any one of claims 1 to 11 when executing executable instructions stored in the memory.
14. A readable storage medium storing executable instructions for causing a processor to perform the method of any one of claims 1 to 11.
CN202311231977.XA 2023-09-22 2023-09-22 Digital signature generation method, device, electronic equipment and readable storage medium Active CN116980129B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311231977.XA CN116980129B (en) 2023-09-22 2023-09-22 Digital signature generation method, device, electronic equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311231977.XA CN116980129B (en) 2023-09-22 2023-09-22 Digital signature generation method, device, electronic equipment and readable storage medium

Publications (2)

Publication Number Publication Date
CN116980129A true CN116980129A (en) 2023-10-31
CN116980129B CN116980129B (en) 2024-03-26

Family

ID=88485331

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311231977.XA Active CN116980129B (en) 2023-09-22 2023-09-22 Digital signature generation method, device, electronic equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN116980129B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103546288A (en) * 2013-09-25 2014-01-29 中国科学院数据与通信保护研究教育中心 SM2 (streaming multiprocessor 2) digital signature generating algorithm realizing method and device
CN109698751A (en) * 2018-11-09 2019-04-30 北京中宇万通科技股份有限公司 Digital signature generates and sign test method, computer equipment and storage medium
CN110247757A (en) * 2019-04-19 2019-09-17 中国工商银行股份有限公司 Block chain processing method based on national secret algorithm, apparatus and system
CN110309665A (en) * 2019-07-08 2019-10-08 北京海泰方圆科技股份有限公司 A kind of rapid generation and device of SM2 digital signature
CN111092730A (en) * 2018-10-24 2020-05-01 三星电子株式会社 Random number generator, encryption device and method for operating encryption device
US10778428B1 (en) * 2019-05-31 2020-09-15 Allibaba Group Holding Limited Method for restoring public key based on SM2 signature
CN113628094A (en) * 2021-07-29 2021-11-09 西安电子科技大学 High-throughput SM2 digital signature computing system and method based on GPU

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103546288A (en) * 2013-09-25 2014-01-29 中国科学院数据与通信保护研究教育中心 SM2 (streaming multiprocessor 2) digital signature generating algorithm realizing method and device
CN111092730A (en) * 2018-10-24 2020-05-01 三星电子株式会社 Random number generator, encryption device and method for operating encryption device
CN109698751A (en) * 2018-11-09 2019-04-30 北京中宇万通科技股份有限公司 Digital signature generates and sign test method, computer equipment and storage medium
CN110247757A (en) * 2019-04-19 2019-09-17 中国工商银行股份有限公司 Block chain processing method based on national secret algorithm, apparatus and system
US10778428B1 (en) * 2019-05-31 2020-09-15 Allibaba Group Holding Limited Method for restoring public key based on SM2 signature
CN110309665A (en) * 2019-07-08 2019-10-08 北京海泰方圆科技股份有限公司 A kind of rapid generation and device of SM2 digital signature
CN113628094A (en) * 2021-07-29 2021-11-09 西安电子科技大学 High-throughput SM2 digital signature computing system and method based on GPU

Also Published As

Publication number Publication date
CN116980129B (en) 2024-03-26

Similar Documents

Publication Publication Date Title
CN108846659B (en) Block chain-based transfer method and device and storage medium
CN107657438B (en) Block chain generation method, data verification method, node and system
CN105531713A (en) Generating multiple secure hashes from a single data buffer
US20110246779A1 (en) Zero-knowledge proof system, zero-knowledge proof device, zero-knowledge verification device, zero-knowledge proof method and program therefor
CN110597916B (en) Data processing method and device based on block chain, storage medium and terminal
CN113079200A (en) Data processing method, device and system
CN110147685B (en) Data verification method, system, device and equipment
CN110659905B (en) Transaction verification method, device, terminal equipment and storage medium
US11575515B2 (en) Post-quantum secure remote attestation for autonomous systems
US20150063565A1 (en) Methods and apparatuses for prime number generation and storage
CN110555079B (en) Data processing method, device, equipment and storage medium
CN111541756B (en) Block generation method, block generation device, node equipment and storage medium
KR20100065721A (en) Apparatus and method for hash cryptography
CN116980129B (en) Digital signature generation method, device, electronic equipment and readable storage medium
CN103197950B (en) Plug-in virtual machine implementation method
JP2010107947A (en) Sha-based message schedule operation method, message compression operation method and cryptographic device performing the same
US20130108038A1 (en) System and method for a collatz based hash function
CN115129728A (en) File checking method and device
CN110995447B (en) Data storage method, device, equipment and medium
CN109032804B (en) Data processing method and device and server
CN113268322A (en) Method, system, device and storage medium for calculating resource capacity
CN116166402B (en) Data security processing method, system, security chip and electronic equipment
CN110348246B (en) Verification information generation method, device, terminal equipment and medium
CN102546178A (en) Method and device for generating ciphertext
CN116737349B (en) Stream data processing method, system and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant