CN100544257C - A kind of associating electronic signature method based on RSA - Google Patents

Abstract

The present invention relates to a kind of associating electronic signature method based on RSA, comprise the following steps: a kind of associating electronic signature method based on RSA, comprise the following steps: that (1) key generates: the associating number that A. establishes joint signature is N; B. seek two big prime number: p, q, satisfy p=2p '+1, q=2q '+1, wherein p ' and q ' they are prime numbers; C. try to achieve n and φ (n), n=pq, φ (n)=(p-1) (q-1); D. to i=0,1 ..., N selects the e of inequality _i＜φ (n), e _iCoprime with φ (n); E. to i=0,1 ..., N asks d _i, make d _ie _i=1mod φ (n); F. calculate e=and see right formula (1), e _iMod φ (n); G. announce public key { n, e}; H. the private key that draws with the PKI correspondence is that { wherein d=sees right formula (2), d for n, d} _iMod φ (n); 2) signature: (3) checking: beneficial effect of the present invention: this method is used a plurality of private keys when signature, each private key owner is unknowable to the private key of its associating, signature sequence is any, this method is simple, and compatible mutually with at present popular in the world RSA signature method when checking.

Description

A kind of associating electronic signature method based on RSA

Technical field

The present invention relates to the network security technology field, be specifically related to a kind of associating electronic signature method, be mainly used in network application fields such as E-Government, ecommerce based on RSA.

Background technology

Electronic signature is widely used in occasions such as network, communication, authentication, data integrity mark and check, particularly is applied in the digital certificates.Electronic signature is encrypted with the private key of signer a summary being signed data, and encrypted result becomes electronic signature, and the data that encrypted result and quilt are signed are sent to the verifier together.The verifier is that the PKI of used private key correspondence is decrypted electronic signature with signer in signature, and tries to achieve with identical digest algorithm and to be signed data and must make a summary.

But when being to use single private key to encrypt, be difficult to prevent that single private key owner from abusing private key unwarranted data are signed, and in present many private keys signature scheme, some is with to have the electronic signature that the single private key method of widely used RSA is produced in CA certificate now incompatible, and the method for some realization is very complicated.

Summary of the invention

The present invention has overcome the weak point of above-mentioned electronic signature method, and purpose is to provide the associating electronic signature method based on RSA, and this method is simple, and with existing CA certificate compatibility based on RSA.

The present invention achieves the above object by the following technical programs: a kind of associating electronic signature method based on RSA comprises the following steps:

(1) key generates:

A, the associating number of establishing joint signature are N;

B, searching two big prime number: p, q satisfy p=2p '+1, q=2q '+1, and wherein p ' and q ' they are prime numbers;

C, try to achieve n and φ (n), n=pq, φ (n)=(p-1) (q-1);

D, to i=1 ..., N selects the e of inequality _i＜φ (n), e _iCoprime with φ (n);

E, to i=1 ..., N asks d _i, make d _ie _i=1 mod φ (n);

F, calculation $e=\underset{i=1}{\overset{N}{\mathrm{\Π}}}{e}_i\mathrm{mod}\mathrm{\φ}\left(n\right);$

G, announcement public key { n, e};

H, the private key that draws with the PKI correspondence are { n, d _i;

(2) signature:

, establish and treat that label information is M summary signature successively with each private key, its summary is m;

Make S ₀=m

$S_i={S_{i-1}}^{d_i}\mathrm{mod}n,i=\mathrm{1,2},...,N$

S＝S _N

S is electronic signature;

(3) checking:

The S public key { n, the e} checking:

$S^e\mathrm{mod}n={\left({\left({\left(m^{d_1}\right)}^{d_2}\right)}^{d_N}\right)}^e\mathrm{mod}n={\left(m^{d_1{d}_2...d_N}\right)}^e\mathrm{mod}n{=m}^{\mathrm{de}}\mathrm{mod}n=m\mathrm{mod}n.$

As preferably, each private key owner is unknowable to the private key except that.

As preferably, the order of each private key signature is arbitrarily.

Beneficial effect of the present invention: this method is used a plurality of private keys when signature, each private key owner is unknowable to the private key of its associating, signature sequence is that this method is simple arbitrarily, and compatible mutually with at present popular in the world RSA signature method when checking.

Embodiment:

Embodiment 1: the present invention is further elaborated below by embodiment:

1, key generates

Get the associating number N=2 of joint signature.

1. seek two big prime number: p=107, q=167.

2. try to achieve n and φ (n), n=pq=17869, φ (n)=(p-1) (q-1)=17596.

3. select the e of inequality ₁=5, e ₂=7.

4. calculate $e=\underset{i=1}{\overset{N}{\mathrm{\Π}}}{e}_i\mathrm{mod}\mathrm{\φ}\left(n\right)=35.$

5. seek d with the division algorithm of expansion ₁=14077, d ₂=10055; Checking d ₁e ₁=5 * 14077=70385=4 * 17596+1, and d ₂e ₂=7 * 10055=70385=4 * 17596+1.

6. with d ₁Write among the UKey1 d ₂Write among the UKey2.

7. abandon p, q, φ (n) and d ₁And d ₂(but keeping UKey).

8. announcement public key { n, e}={17869,35}.

2, signature

If wait to sign summary m=10341.

With UKey1 and UKey2 m is signed successively:

1.m＝10341<n＝17869。

2. establishing signature sequence is 2,1, i.e. displacement { k ₁, k ₂}={ 2,1}.

3. make S ₀=m=10341.

4. calculate S ₁=10341 ¹⁰⁰⁵⁵Mod 17869=1400, S ₂=1400 ¹⁴⁰⁷⁷Mod 17869=7873.

5. make S=S ₂=7873.

3, checking

1. the verifier receives { m, S}={10341,7873}.Calculate V=S ^eMod n=7873 ³⁵Mod17869=10341=m accepts signature.

The verifier receive { m, S ' }=10341,7872}.Calculate V=S ^{, e}Mod n=7872 ³⁵Mod17869=17684=/=10341=m, withhold one's signature.

Claims (3)

1, a kind of associating electronic signature method based on RSA is characterized in that, comprises the following steps:

(1) key generates:

A, the associating number of establishing joint signature are N;

B, searching two big prime number: p, q satisfy p=2p '+1, q=2q '+1, and wherein p ' and q ' they are prime numbers;

C, try to achieve n and φ (n), n=pq, φ (n)=(p-1) (q-1);

D, to i=1 ..., N selects the e of inequality _i＜φ (n), e _iCoprime with φ (n);

E, to i=1 ..., N asks d _i, make d _ie _i=1 mod φ (n);

F, calculation $e=\underset{i=1}{\overset{N}{\mathrm{\&Pi;}}}{e}_i\mathrm{mod}\mathrm{\&phi;}\left(n\right);$

G, announcement public key { n, e};

H, the private key that draws with the PKI correspondence are { n, d _i;

(2) signature:

, establish and treat that label information is M summary signature successively with each private key, its summary is m;

Make S ₀=m

$S_i={S_{i-1}}^{d_i}\mathrm{mod}n,i=\mathrm{1,2},...,N$

S＝S _N

S is electronic signature;

(3) checking:

The S public key { n, the e} checking:

$S^e\mathrm{mod}n={\left({({\left(m^{d_1}\right)}^{d_2}...)}^{d_N}\right)}^e\mathrm{mod}n={\left(m^{d_1{d}_2...d_N}\right)}^e\mathrm{mod}n=m^{\mathrm{de}}\mathrm{mod}n=m\mathrm{mod}n.$

2, the associating electronic signature method based on RSA according to claim 1 is characterized in that each private key owner is unknowable to the private key except that.

3, the associating electronic signature method based on RSA according to claim 1 is characterized in that, the order of each private key signature is arbitrarily.