CN117081744B - Signature processing method and device based on elliptic curve and electronic equipment - Google Patents
Signature processing method and device based on elliptic curve and electronic equipment Download PDFInfo
- Publication number
- CN117081744B CN117081744B CN202311338897.4A CN202311338897A CN117081744B CN 117081744 B CN117081744 B CN 117081744B CN 202311338897 A CN202311338897 A CN 202311338897A CN 117081744 B CN117081744 B CN 117081744B
- Authority
- CN
- China
- Prior art keywords
- signature
- target
- value
- random number
- determining
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 24
- 238000000034 method Methods 0.000 claims abstract description 102
- 230000005540 biological transmission Effects 0.000 claims abstract description 59
- 230000008569 process Effects 0.000 claims abstract description 59
- 238000012795 verification Methods 0.000 claims abstract description 56
- 238000012545 processing Methods 0.000 claims abstract description 43
- 238000004590 computer program Methods 0.000 claims description 16
- 238000004891 communication Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 9
- 238000004422 calculation algorithm Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000010485 coping Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3252—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
Abstract
The invention discloses a signature processing method and device based on elliptic curve and electronic equipment, and relates to the technical field of digital signature, comprising the following steps: responding to a data transmission instruction, acquiring a target random number, and determining a first signature according to the target random number, a selected point on a preset elliptic curve and a preset parameter value; determining a second signature according to the target random number, the first signature, the transmission message and the private key of the signature party; and combining the first signature and the second signature to obtain a target signature, and sending the target signature and the transmission message to the signature verification party. The scheme provides a certificate-free signature verification method based on random numbers and elliptic curves, and digital certificates are not needed, so that a large amount of time and resources are not needed to be consumed in the processing process of the method. Moreover, the method can effectively prevent counterfeit signature attack.
Description
Technical Field
The present invention relates to the field of digital signature technologies, and in particular, to a signature processing method and apparatus based on elliptic curves, and an electronic device.
Background
With the rapid development of computer network technology, more and more intelligent devices need to perform secure communication. Digital signatures are widely used because they ensure the integrity of information transmission, the identity authentication of the sender, and the prevention of repudiation in transactions.
In the related art, one common digital signature method includes a certificate signature verification method. The method is a technique for authenticating electronic data information using digital certificates and information encryption techniques.
However, the above-described manner requires issuing and managing the digital certificate and also requires performing operations such as verification and signing of the digital certificate, which requires a lot of time and resources.
Disclosure of Invention
The invention provides a signature processing method, a signature processing device and electronic equipment based on elliptic curves, which are used for solving the problem that a large amount of time and resources are required to be consumed because a digital certificate is required to be issued and managed and operations such as verification and signature of the digital certificate are also required to be carried out in the certificate signature verification method in the related technology.
According to an aspect of the present invention, there is provided a signature processing method based on elliptic curve, applied to a signer, the method comprising:
responding to a data transmission instruction, acquiring a target random number, and determining a first signature according to the target random number, a selected point on a preset elliptic curve and a preset parameter value;
determining a second signature according to the target random number, the first signature, the transmission message and the private key of the signature party;
and combining the first signature and the second signature to obtain a target signature, and sending the target signature and the transmission message to a signer.
According to another aspect of the present invention, there is provided a signature processing method based on elliptic curve, applied to a signer, the method comprising:
receiving a target signature and a transmission message sent by a signature party; the target signature is obtained by combining the first signature and the second signature; the first signature is determined according to the target random number, a selected point on a preset elliptic curve and a preset parameter value; the second signature is determined according to the target random number, the first signature, a transmission message and a private key of the signing party;
and carrying out signature verification processing on the target signature to obtain a signature verification result.
According to another aspect of the present invention, there is provided a signature processing apparatus based on elliptic curve, applied to a signer, the apparatus comprising:
the signature unit is used for responding to the data transmission instruction, acquiring a target random number and determining a first signature according to the target random number, a selected point on a preset elliptic curve and a preset parameter value;
the signature unit is further used for determining a second signature according to the target random number, the first signature, the transmission message and the private key of the signature party;
and the sending unit is used for combining the first signature and the second signature to obtain a target signature and sending the target signature and the transmission message to a signature verification party.
According to another aspect of the present invention, there is provided a signature processing apparatus based on elliptic curve, applied to a signer, the apparatus comprising:
the receiving unit is used for receiving the target signature and the transmission message sent by the signing party; the target signature is obtained by combining the first signature and the second signature; the first signature is determined according to the target random number, a selected point on a preset elliptic curve and a preset parameter value; the second signature is determined according to the target random number, the first signature, a transmission message and a private key of the signing party;
and the signature verification unit is used for carrying out signature verification processing on the target signature to obtain a signature verification result.
According to another aspect of the present invention, there is provided an electronic apparatus including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the elliptic curve-based signature processing method according to any one of the embodiments of the present invention.
According to another aspect of the present invention, there is provided a computer readable storage medium storing computer instructions for causing a processor to implement the elliptic curve-based signature processing method according to any one of the embodiments of the present invention when executed.
The technical scheme of the embodiment of the invention provides a certificate-free signature verification method based on random numbers and elliptic curves, which does not need digital certificates, so that a large amount of time and resources are not consumed in the processing process of the method. In addition, when the method is used for coping with the attack of the fake signature of the attacker, the random number is only used when the signature is generated, so that the attacker needs to use a new random number when the attacker modifies the signature, and because the random number has a large selection range, the selection of a valid new random number is very difficult, time is very consuming and large computing resources are required. Therefore, the scheme has stronger anti-counterfeiting performance, and further can effectively prevent counterfeiting signature attack.
It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the invention or to delineate the scope of the invention. Other features of the present invention will become apparent from the description that follows.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a signature processing method based on elliptic curves according to a first embodiment of the present invention;
FIG. 2 is a flowchart of a signature processing method based on elliptic curves according to a second embodiment of the present invention;
FIG. 3 is a flowchart of a signature processing method based on elliptic curves according to a third embodiment of the present invention;
FIG. 4 is a flowchart of a signature processing method based on elliptic curves according to a fourth embodiment of the present invention;
FIG. 5 is a schematic diagram of a signature processing procedure based on elliptic curves according to a fourth embodiment of the present invention;
fig. 6 is a schematic structural diagram of a signature processing device based on elliptic curves according to a fifth embodiment of the present invention;
fig. 7 is a schematic structural diagram of a signature processing device based on elliptic curves according to a sixth embodiment of the present invention;
fig. 8 is a schematic structural diagram of an electronic device implementing a signature processing method based on elliptic curves according to an embodiment of the present invention.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
It should be noted that the terms "object," "first," "second," and the like in the description and the claims of the present invention and the above drawings are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example 1
Fig. 1 is a flowchart of a signature processing method based on elliptic curves according to an embodiment of the present invention, where the embodiment is applicable to a secure communication scenario between intelligent devices, and the method may be performed by a signer. As shown in fig. 1, the method includes:
step 101, responding to a data transmission instruction, obtaining a target random number, and determining a first signature according to the target random number, a selected point on a preset elliptic curve and a preset parameter value.
Specifically, a target random number may be generated by a random number generator, and may be acquired. The range of the target random number can be [0,2 ] 128 -1]Real numbers within.
The preset elliptic curve may be an ECC elliptic curve.
The selected point on the preset elliptic curve refers to a selected point on the preset elliptic curve in advance according to actual requirements.
The preset parameter value is preset according to actual conditions.
Specifically, in response to the data transmission instruction, a target random number may be acquired by using a random number generator, and then the first signature may be determined according to the target random number, a selected point on a preset elliptic curve, and a preset parameter value.
Step 102, determining a second signature according to the target random number, the first signature, the transmission message and the private key of the signature party.
The private key of the signing party is generated when the signing party generates the key pair.
Wherein the transmission message refers to a message to be transmitted to the signer.
Specifically, the second signature may be determined based on the target random number, the first signature, the transmitted message, and a private key of the signing party.
Wherein the second signature may actually be understood as a function of the transmitted message and the private key of the signer.
And step 103, combining the first signature and the second signature to obtain a target signature, and sending the target signature and the transmission message to the signature verification party.
Specifically, the first signature and the second signature are combined, and a target signature can be obtained. The target signature and the transfer message may then be combined and sent to the signature issuer.
The signature checking party can receive the target signature and the transmission message sent by the signature party. And the target signature can be subjected to signature verification processing to obtain a signature verification result.
The technical scheme provided by the embodiment of the invention provides a certificate-free signature verification method based on random numbers and elliptic curves, and digital certificates are not needed, so that a large amount of time and resources are not needed to be consumed in the processing process of the method. In addition, when the method is used for coping with the attack of the fake signature of the attacker, the random number is only used when the signature is generated, so that the attacker needs to use a new random number when the attacker modifies the signature, and because the random number has a large selection range, the selection of a valid new random number is very difficult, time is very consuming and large computing resources are required. Therefore, the scheme has stronger anti-counterfeiting performance, and further can effectively prevent counterfeiting signature attack.
Example two
Fig. 2 is a flowchart of a signature processing method based on elliptic curves according to a second embodiment of the present invention, and the present embodiment refines steps 101 and 102 in the first embodiment. As shown in fig. 2, the method includes:
step 201, in response to a data transmission instruction, obtaining a target random number, and determining a product between a first process value and a selected point on a preset elliptic curve as a target point on the preset elliptic curve; the first process value is a result of hashing the target random number.
Specifically, in response to a data transmission instruction, a random number generator may be utilized to obtain a target random number, and then hash the target random number to obtain a first process value; then, the first process value may be multiplied by a selected point on a preset elliptic curve to obtain a target point on the preset elliptic curve.
In one implementation, the first process value is obtained by hashing the combined data of the target random number and the shared key.
The sharing secret key is preset according to actual requirements. The target random number and the shared key may be combined, and the combined data may be hashed to obtain a first process value. The hash processing is performed after the shared secret key is added on the basis of the target random number, so that the hash strength can be increased.
Step 202, determining a first signature according to the hash value corresponding to the target point and a preset parameter value.
Specifically, the hash processing may be performed on the target point, and the first signature may be determined according to the obtained hash value and the preset parameter value.
Step 203, hash the combined data of the first signature and the transmission message to obtain a second process value.
Specifically, the first signature and the transmission data may be combined first, and then the combined data is hashed, so as to obtain the second process value.
Step 204, determining the product between the second process value and the private key of the signer as a third process value.
Specifically, the second process value may be multiplied by the private key of the signing party to obtain a third process value.
Step 205, determining the difference between the first process value and the third process value as a second signature; the first process value is a result of hashing the target random number.
In particular, the difference between the first process value and the third process value may be determined as the second signature. The first process value is obtained by carrying out hash processing on the target random number.
In one implementation, the first process value is obtained by hashing the combined data of the target random number and the shared key.
Specifically, the target random number and the shared secret key may be combined, and the combined data may be subjected to hash processing, to obtain the first process value. The hash processing is performed after the shared secret key is added on the basis of the target random number, so that the hash strength can be increased.
And 206, combining the first signature and the second signature to obtain a target signature, and sending the target signature and the transmission message to the signer.
Specifically, the principle and implementation of step 206 are similar to those of step 103, and will not be described again.
Example III
Fig. 3 is a flowchart of a signature processing method based on elliptic curves according to a third embodiment of the present invention. The method may be performed by a signer. As shown in fig. 3, the method includes:
step 301, receiving a target signature and a transmission message sent by a signature party; the target signature is obtained by combining the first signature and the second signature; the first signature is determined according to the target random number, a preset selected point on the elliptic curve and a preset parameter value; the second signature is determined from the target random number, the first signature, the transmitted message, and a private key of the signing party.
Step 302, performing signature verification processing on the target signature to obtain a signature verification result.
For example, the process of this embodiment may refer to the above embodiment, and will not be described in detail.
Example IV
Fig. 4 is a flowchart of a signature processing method based on elliptic curves according to a fourth embodiment of the present invention. This embodiment refines step 302 in embodiment three. As shown in fig. 4, the method includes:
step 401, receiving a target signature and a transmission message sent by a signature party; the target signature is obtained by combining the first signature and the second signature; the first signature is determined according to the target random number, a preset selected point on the elliptic curve and a preset parameter value; the second signature is determined from the target random number, the first signature, the transmitted message, and a private key of the signing party.
Specifically, the principle and implementation of step 401 are similar to those of step 301, and will not be described again.
Step 402, determining a predicted value of a first signature in the target signature according to the target signature, the transmission message, the public key of the signer, the selected point on the preset elliptic curve and the preset parameter value.
Specifically, the predicted value of the first signature in the target signature may be determined according to the target signature, the transmission message, the public key of the signing party, the selected point on the preset elliptic curve, and the preset parameter value. The scheme does not limit the specific calculation process.
The public key of the signing party is obtained by calculating a key center according to the private key of the signing party and a selected point on a preset elliptic curve; the signer may obtain the public key of the signer from the key center.
In one implementation, the first signature and the second signature in the target signature are parsed.
Specifically, the first signature and the second signature in the received target signature may be resolved first.
Then, hash processing is performed on the combined data of the first signature and the transmission message to obtain a first intermediate value.
Specifically, the first signature and the transmission message may be combined, and then the combined data may be hashed to obtain a first intermediate value.
Then, determining the product between the second signature and a selected point on a preset elliptic curve as a second intermediate value; determining a product between the first intermediate value and the public key of the signer as a third intermediate value; determining a sum between the second intermediate value and the third intermediate value as a fourth intermediate value; and determining a predicted value of the first signature according to the hash value corresponding to the fourth intermediate value and a preset parameter value.
Step 403, determining a signature verification result according to the comparison result of the first signature and the predicted value.
Specifically, the first signature and the predicted value can be compared to obtain a comparison result, and the signature verification result is determined according to the comparison result.
In one implementation, if the first signature does not match the predicted value, determining that the verification of the signature fails; if the first signature is matched with the predicted value, the signature verification is determined to be successful.
Specifically, if the first signature and the predicted value are not matched, the verification is failed, and if the first signature and the predicted value are matched, the verification is successful.
In one implementation, a schematic diagram of an elliptic curve-based signature process is shown in fig. 5. Wherein, the end A refers to a signing party and the end B refers to a signing verification party. The process is specifically shown below.
The a-side generates a signature (r, s), the following is a digital signature generation mechanism:
a1: generating a target random number rand e R0, 2 by a random number generator 128 -1]The method comprises the steps of carrying out a first treatment on the surface of the Wherein R represents a real number; rand is in interval [0,2 128 -1]Real numbers in (a);
a2: calculation of k=hash (rand, K AC 1) a step of; wherein K is AC Representing a shared secret key; the '1' in the formula is used for distinguishing from other collaborative signature algorithms; k represents a first process value;
a3: calculating p=k×g; wherein G represents a selected point on a preset elliptic curve; p represents a target point on a preset elliptic curve;
a4: calculating r=hash (P) mod 2 m The method comprises the steps of carrying out a first treatment on the surface of the m=32 to 256; where mod represents the remainder of dividing the two numbers; m is a preset parameter value; r represents a first signature;
a5: calculate c=hash (r, message); wherein message represents a transmission message; c represents a second process value;
a6: calculating s=k-c×d; wherein d represents the private key of the signer; c x d represents a third process value; s represents a second signature;
a7: a target signature (r, s) is generated.
The target signature and the transmission message are sent to the B end;
the B-side receives the target signature and the transmission message, and starts to check the signature, and the signature checking mechanism comprises the following steps:
b1: calculate c=hash (r , Message; wherein message represents the received transmission message; r is (r) , Representing a first signature parsed from the received target signature; c represents a first intermediate value;
b2: calculate q=s , *G+c*P A The method comprises the steps of carrying out a first treatment on the surface of the Wherein P is A Is the public key of the signer; g represents a selected point on a preset elliptic curve; s is(s) , Representing a second signature parsed from the received target signature; s is(s) , * G represents a second intermediate value; c is P A Representing a third intermediate value; q represents a fourth intermediate value;
b3: calculating r ,, =HASH(Q) mod 2 m The method comprises the steps of carrying out a first treatment on the surface of the Wherein m is a preset parameter value; r is (r) ,, A predictor representing a first signature; mod represents the remainder of dividing the two numbers;
if r ,, =r , If so, determining that the signature is correct, and indicating that the signature verification is successful; otherwise, the signature error can be determined, and the verification fails.
In particular, since the present invention does not use certificates, there may be a counterfeit signature attack, and the signature verification algorithm we employ is a counterfeit verification algorithm, i.e., by comparing r ,, And r , Is verified if the values of (c) are equal. In the signature generation process, the value of k is randomly selected, so that the generated signature value (r, s) is effectively a function of the message for a particular transmission and the private key d of the signer. If an attacker wants to modify the signature, he needs to recalculate the s value even if he modifies an irrelevant bit in the signature value, such as the least significant bit of r or a byte.
However, since the calculation of the generated s-value involves a random number k, this k-value is only used when the signature is generated, and the choice of the k-value is closely related to the signature algorithm of the signer. Thus, if an attacker changes one of the bits in r in the signature, he must recalculate the value of s. This process of recalculating the s value requires the use of a new random number k, while it is very difficult to reselect a valid k value, since the k value can only be selected from a very large range, which is time consuming and requires that the attacker have corresponding computing resources. Therefore, the scheme has stronger anti-counterfeiting performance.
Example five
Fig. 6 is a schematic structural diagram of a signature processing device based on elliptic curves according to a fifth embodiment of the present invention. Applied to the signer. As shown in fig. 6, the apparatus 600 includes:
a signature unit 610, configured to obtain a target random number in response to a data transmission instruction, and determine a first signature according to the target random number, a selected point on a preset elliptic curve, and a preset parameter value;
the signature unit 610 is further configured to determine a second signature according to the target random number, the first signature, the transmission message, and a private key of the signing party;
and a sending unit 620, configured to combine the first signature and the second signature, obtain a target signature, and send the target signature and the transmission message to the signature verification party.
A signature unit 610, configured to determine a product between the first process value and a selected point on a preset elliptic curve as a target point on the preset elliptic curve; the first process value is a result of hash processing of the target random number;
and determining a first signature according to the hash value corresponding to the target point and a preset parameter value.
The signing unit 610 is specifically configured to hash the combined data of the first signature and the transmission message to obtain a second process value;
determining a product between the second process value and the private key of the signing party as a third process value;
determining a difference between the first process value and the third process value as a second signature; the first process value is a result of hashing the target random number.
In one implementation, the first process value is obtained by hashing the combined data of the target random number and the shared key.
Example six
Fig. 7 is a schematic structural diagram of a signature processing device based on elliptic curves according to a sixth embodiment of the present invention. Is applied to the label checking party. As shown in fig. 7, the apparatus 700 includes:
a receiving unit 710, configured to receive a target signature and a transmission message sent by a signing party; the target signature is obtained by combining the first signature and the second signature; the first signature is determined according to the target random number, a preset selected point on the elliptic curve and a preset parameter value; the second signature is determined according to the target random number, the first signature, the transmission message and the private key of the signature party;
and the signature verification unit 720 is used for performing signature verification processing on the target signature to obtain a signature verification result.
The signature verification unit 720 is specifically configured to determine a predicted value of a first signature in the target signature according to the target signature, the transmission message, the public key of the signing party, a selected point on a preset elliptic curve, and a preset parameter value;
and determining a signature verification result according to the comparison result of the first signature and the predicted value.
The signature verification unit 720 is specifically configured to parse out a first signature and a second signature in the target signature;
carrying out hash processing on the combined data of the first signature and the transmission message to obtain a first intermediate value;
determining the product between the second signature and a selected point on a preset elliptic curve as a second intermediate value;
determining a product between the first intermediate value and the public key of the signer as a third intermediate value;
determining a sum between the second intermediate value and the third intermediate value as a fourth intermediate value;
and determining a predicted value of the first signature according to the hash value corresponding to the fourth intermediate value and a preset parameter value.
The signature verification unit 720 is specifically configured to determine that the signature verification fails if the first signature does not match the predicted value;
if the first signature is matched with the predicted value, the signature verification is determined to be successful.
The signature processing device based on the elliptic curve provided by the embodiment of the invention can execute the signature processing device based on the elliptic curve provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of executing the signature processing device based on the elliptic curve.
Example seven
Fig. 8 shows a schematic diagram of the structure of an electronic device 10 that may be used to implement an embodiment of the invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. Electronic equipment may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 8, the electronic device 10 includes at least one processor 11, and a memory, such as a Read Only Memory (ROM) 12, a Random Access Memory (RAM) 13, etc., communicatively connected to the at least one processor 11, in which the memory stores a computer program executable by the at least one processor, and the processor 11 may perform various appropriate actions and processes according to the computer program stored in the Read Only Memory (ROM) 12 or the computer program loaded from the storage unit 18 into the Random Access Memory (RAM) 13. In the RAM 13, various programs and data required for the operation of the electronic device 10 may also be stored. The processor 11, the ROM 12 and the RAM 13 are connected to each other via a bus 14. An input/output (I/O) interface 15 is also connected to bus 14.
Various components in the electronic device 10 are connected to the I/O interface 15, including: an input unit 16 such as a keyboard, a mouse, etc.; an output unit 17 such as various types of displays, speakers, and the like; a storage unit 18 such as a magnetic disk, an optical disk, or the like; and a communication unit 19 such as a network card, modem, wireless communication transceiver, etc. The communication unit 19 allows the electronic device 10 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.
The processor 11 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of processor 11 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, digital Signal Processors (DSPs), and any suitable processor, controller, microcontroller, etc. The processor 11 performs the various methods and processes described above, such as the elliptic curve-based signature processing method.
In some embodiments, any of the elliptic curve-based signature processing methods described above may be implemented as a computer program tangibly embodied on a computer-readable storage medium, such as the storage unit 18. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 10 via the ROM 12 and/or the communication unit 19. When the computer program is loaded into RAM 13 and executed by processor 11, one or more steps of any of the elliptic curve-based signature processing methods described above may be performed. Alternatively, in other embodiments, the processor 11 may be configured to perform any of the elliptic curve-based signature processing methods described above in any other suitable manner (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for carrying out methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be implemented. The computer program may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. The computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) through which a user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), blockchain networks, and the internet.
The computing system may include clients and servers. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical hosts and VPS service are overcome.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps described in the present invention may be performed in parallel, sequentially, or in a different order, so long as the desired results of the technical solution of the present invention are achieved, and the present invention is not limited herein.
The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.
Claims (9)
1. A signature processing method based on elliptic curve, which is applied to a signer, the method comprising:
responding to a data transmission instruction, acquiring a target random number, and determining a first signature according to the target random number, a selected point on a preset elliptic curve and a preset parameter value; wherein the target random number is generated by a random number generator;
determining a second signature according to the target random number, the first signature, the transmission message and the private key of the signature party;
combining the first signature and the second signature to obtain a target signature, and sending the target signature and the transmission message to a signer;
the determining a second signature according to the target random number, the first signature, the transmission message and the private key of the signing party comprises the following steps:
carrying out hash processing on the combined data of the first signature and the transmission message to obtain a second process value;
determining a product between the second process value and a private key of the signer as a third process value;
determining a difference between the first process value and the third process value as a second signature; the first process value is a result of hashing the target random number.
2. The method of claim 1, wherein the determining the first signature based on the target random number, the selected point on the preset elliptic curve, and the preset parameter value comprises:
determining a product between a first process value and a selected point on a preset elliptic curve as a target point on the preset elliptic curve; the first process value is a result of carrying out hash processing on the target random number;
and determining a first signature according to the hash value corresponding to the target point and a preset parameter value.
3. The method of claim 2, wherein the first process value is obtained by hashing the combined data of the target random number and a shared key.
4. A signature processing method based on elliptic curve, which is applied to a signature verification party, the method comprising:
receiving a target signature and a transmission message sent by a signature party; the target signature is obtained by combining the first signature and the second signature; the first signature is determined according to the target random number, a selected point on a preset elliptic curve and a preset parameter value; the second signature is determined according to the target random number, the first signature, a transmission message and a private key of the signing party;
performing signature verification processing on the target signature to obtain a signature verification result;
the step of performing signature verification processing on the target signature to obtain a signature verification result comprises the following steps:
analyzing a first signature and a second signature in the target signature;
carrying out hash processing on the combined data of the first signature and the transmission message to obtain a first intermediate value;
determining the product between the second signature and a selected point on a preset elliptic curve as a second intermediate value;
determining a product between the first intermediate value and the public key of the signer as a third intermediate value;
determining a sum between the second intermediate value and the third intermediate value as a fourth intermediate value;
determining a predicted value of the first signature according to the hash value corresponding to the fourth intermediate value and a preset parameter value;
and determining a signature verification result according to the comparison result of the first signature and the predicted value.
5. The method of claim 4, wherein determining a signature verification result based on the comparison of the first signature and the predicted value comprises:
if the first signature is not matched with the predicted value, determining that the signature verification fails;
and if the first signature is matched with the predicted value, determining that the signature verification is successful.
6. A signature processing apparatus based on elliptic curves, the apparatus being applied to a signer, the apparatus comprising:
the signature unit is used for responding to the data transmission instruction, acquiring a target random number and determining a first signature according to the target random number, a selected point on a preset elliptic curve and a preset parameter value; wherein the target random number is generated by a random number generator;
the signature unit is further used for determining a second signature according to the target random number, the first signature, the transmission message and the private key of the signature party;
the sending unit is used for combining the first signature and the second signature to obtain a target signature and sending the target signature and the transmission message to a signature verification party;
the signature unit is specifically configured to perform hash processing on the combined data of the first signature and the transmission message to obtain a second process value;
determining a product between the second process value and a private key of the signer as a third process value;
determining a difference between the first process value and the third process value as a second signature; the first process value is a result of hashing the target random number.
7. A signature processing device based on elliptic curve, which is applied to a signature verification party, the device comprising:
the receiving unit is used for receiving the target signature and the transmission message sent by the signing party; the target signature is obtained by combining the first signature and the second signature; the first signature is determined according to the target random number, a selected point on a preset elliptic curve and a preset parameter value; the second signature is determined according to the target random number, the first signature, a transmission message and a private key of the signing party;
the signature verification unit is used for carrying out signature verification processing on the target signature to obtain a signature verification result;
the signature verification unit is specifically configured to analyze a first signature and a second signature in the target signature;
carrying out hash processing on the combined data of the first signature and the transmission message to obtain a first intermediate value;
determining the product between the second signature and a selected point on a preset elliptic curve as a second intermediate value;
determining a product between the first intermediate value and the public key of the signer as a third intermediate value;
determining a sum between the second intermediate value and the third intermediate value as a fourth intermediate value;
determining a predicted value of the first signature according to the hash value corresponding to the fourth intermediate value and a preset parameter value;
and determining a signature verification result according to the comparison result of the first signature and the predicted value.
8. An electronic device, the electronic device comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-5.
9. A computer readable storage medium storing computer instructions for causing a processor to perform the method of any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311338897.4A CN117081744B (en) | 2023-10-17 | 2023-10-17 | Signature processing method and device based on elliptic curve and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311338897.4A CN117081744B (en) | 2023-10-17 | 2023-10-17 | Signature processing method and device based on elliptic curve and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117081744A CN117081744A (en) | 2023-11-17 |
| CN117081744B true CN117081744B (en) | 2024-01-26 |
Family
ID=88713776
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311338897.4A Active CN117081744B (en) | 2023-10-17 | 2023-10-17 | Signature processing method and device based on elliptic curve and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117081744B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101244930B1 (en) * | 2012-09-17 | 2013-03-18 | 숭실대학교산학협력단 | Application signature management server, and method for managing the server |
| CN108964916A (en) * | 2018-08-03 | 2018-12-07 | 元科技控股有限公司 | Signature generating method, generating means, signature verification method and verifying device |
| CN112380584A (en) * | 2021-01-13 | 2021-02-19 | 北京笔新互联网科技有限公司 | Block chain data updating method and device, electronic equipment and storage medium |
| CN112737778A (en) * | 2020-12-30 | 2021-04-30 | 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) | Digital signature generation and verification method and device, electronic equipment and storage medium |
| CN116346328A (en) * | 2023-03-03 | 2023-06-27 | 郑州师范学院 | Digital signature method, system, equipment and computer readable storage medium |
| CN116455580A (en) * | 2023-04-07 | 2023-07-18 | 浙江吉利控股集团有限公司 | Message signing method, device, equipment and readable storage medium |
-
2023
- 2023-10-17 CN CN202311338897.4A patent/CN117081744B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101244930B1 (en) * | 2012-09-17 | 2013-03-18 | 숭실대학교산학협력단 | Application signature management server, and method for managing the server |
| CN108964916A (en) * | 2018-08-03 | 2018-12-07 | 元科技控股有限公司 | Signature generating method, generating means, signature verification method and verifying device |
| CN112737778A (en) * | 2020-12-30 | 2021-04-30 | 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) | Digital signature generation and verification method and device, electronic equipment and storage medium |
| CN112380584A (en) * | 2021-01-13 | 2021-02-19 | 北京笔新互联网科技有限公司 | Block chain data updating method and device, electronic equipment and storage medium |
| CN116346328A (en) * | 2023-03-03 | 2023-06-27 | 郑州师范学院 | Digital signature method, system, equipment and computer readable storage medium |
| CN116455580A (en) * | 2023-04-07 | 2023-07-18 | 浙江吉利控股集团有限公司 | Message signing method, device, equipment and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117081744A (en) | 2023-11-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2020181822A1 (en) | Method and apparatus for checking consistency of encrypted data, and computer device and storage medium | |
| RU2719311C1 (en) | Information protection system and method | |
| US9219602B2 (en) | Method and system for securely computing a base point in direct anonymous attestation | |
| CN108494557B (en) | Social security digital certificate management method, computer readable storage medium and terminal device | |
| AU2021204543B2 (en) | Digital signature method, signature information verification method, related apparatus and electronic device | |
| EP2916484A1 (en) | User authentication using elliptic curve based OTP | |
| CN106878022A (en) | The method and device signed on block chain, verified | |
| US20220217004A1 (en) | Systems and methods for non-parallelised mining on a proof-of-work blockchain network | |
| CN116112182A (en) | Digital signature method, device, electronic equipment and storage medium | |
| CN115033923A (en) | Method, device, equipment and storage medium for protecting transaction privacy data | |
| CN112184245B (en) | Transaction identity confirmation method and device for cross-region block chain | |
| WO2022057106A1 (en) | Credibility verification system for digital asset data packet | |
| CN117081744B (en) | Signature processing method and device based on elliptic curve and electronic equipment | |
| CN114389821B (en) | Signature supervision method, device, equipment and storage medium based on block chain | |
| CN114389822B (en) | Block chain based signature generation method, device, equipment and storage medium | |
| CN114389820B (en) | Block chain based signature verification method, device, equipment and storage medium | |
| CN115242402B (en) | Signature method, signature verification method and electronic equipment | |
| CN112861189B (en) | Signature generation method, signature verification method, signature generation device, signature verification device and signature verification medium | |
| CN112751667B (en) | Key generation method, signature and signature verification method, device, equipment and medium | |
| CN113806441B (en) | Signature processing method and device based on blockchain, electronic equipment and storage medium | |
| CN112737777B (en) | Threshold signature and signature verification method, device, equipment and medium based on secret key | |
| CN112887097A (en) | Signature method based on SM2 elliptic curve, related device and storage medium | |
| CN117254908B (en) | Cloud data storage method, device, equipment and medium | |
| CN115694843B (en) | Camera access management method, system, device and medium for avoiding counterfeiting | |
| CN117035776A (en) | Data sharing method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |