CN102761415A - System for generating, verifying and mixing digital signatures of p-element domain SM2 elliptic curves - Google Patents

System for generating, verifying and mixing digital signatures of p-element domain SM2 elliptic curves Download PDF

Info

Publication number
CN102761415A
CN102761415A CN2011101075533A CN201110107553A CN102761415A CN 102761415 A CN102761415 A CN 102761415A CN 2011101075533 A CN2011101075533 A CN 2011101075533A CN 201110107553 A CN201110107553 A CN 201110107553A CN 102761415 A CN102761415 A CN 102761415A
Authority
CN
China
Prior art keywords
territory
submodule
value
montgomery
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2011101075533A
Other languages
Chinese (zh)
Other versions
CN102761415B (en
Inventor
徐树民
屈善新
刘振
王绍麟
田心
刘建巍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aisino Corp
Original Assignee
Aisino Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aisino Corp filed Critical Aisino Corp
Priority to CN201110107553.3A priority Critical patent/CN102761415B/en
Publication of CN102761415A publication Critical patent/CN102761415A/en
Application granted granted Critical
Publication of CN102761415B publication Critical patent/CN102761415B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention relates to a system for generating, verifying and mixing digital signatures of p-element domain SM2 elliptic curves. The system functions through the following steps: m' which is obtained by combining a message (m) to be signed with a signer hash value (ZA) is sent to a password hash module; r which is obtained through r=(e+x1)mod n is sent to an s generation module; when r=0, r+k=n or s=0, a random number generation module is notified to regenerate k; r and s are used as signature control centers for output of the digital signature of m; password hash computation is performed to m' to generate the password hash module of the combined message hash value e; the random number generation module of the random number k is generated; k doubling computation is performed to the base G of an elliptic curve; the generated coordinate (x1,y1) is used as the doubling computation module of the result [k]G; and the s generation module is generated according to s=[(1+dA)<-1>*(k-r*dA)] mod n, where n is the order of the elliptic curve, and dA is the private key of the signer. According to the invention, the digital signature algorithm in the SM2 elliptic curve public-key algorithm can be achieved through hardware.

Description

Digital signature generation, checking and the hybrid system of p unit territory SM2 elliptic curve
Technical field
The present invention relates to field of information security technology, particularly relate to digital signature generation, checking and the hybrid system of the first territory of a kind of p SM2 elliptic curve.
Background technology
Along with the development of the communication technology and the information processing technology, the fail safe of information in transmission course more and more receives publicity, and need come guarantee information in communication process, not eavesdropped, distort and copy through the information processing technology.Cryptographic technique can solve the requirement of this respect.
Since Diffie in 1976 and Hellmann propose the notion of public-key cryptosystem; 3 types of generally acknowledged common key cryptosystems have safely and effectively appearred; The mathematical problem of its dependence is respectively integer factors resolution problem (IFP), discrete logarithm problem (DLP) and elliptic curve discrete logarithm problem (ECDLP), and corresponding algorithm is RSA Algorithm, DSA Digital Signature Algorithm, elliptic curve (ECC) successively.These three kinds of problems all guarantee the fail safe of key based on the NPC problem (Non-deterministic Polynomial Complete problem) of computational complexity.With respect to other two kinds of algorithms, the security performance of ECC is higher, amount of calculation is littler, and processing speed is faster, needed keys sizes is littler, lower to the requirement of bandwidth under the identical situation of fail safe, and therefore, the ECC system has more wide application prospect.
SM2 ellipse curve public key cipher algorithm is a kind of ECC algorithm of national Password Management office issue, and it comprises Digital Signature Algorithm, IKE and public key encryption algorithm three parts.But what national Password Management office had announced only is the flow process of SM2 ellipse curve public key cipher algorithm, does not occur as yet at present any it being used hard-wired hardware device, is difficult to this outstanding algorithm ready for application.
Summary of the invention
Technical problem to be solved by this invention provides digital signature generation, checking and the hybrid system of the first territory of a kind of p SM2 elliptic curve, can realize the Digital Signature Algorithm in the SM2 ellipse curve public key cipher algorithm with hardware.
The technical scheme that the present invention solves the problems of the technologies described above is following: the digital signature generation system of the first territory of a kind of p SM2 elliptic curve, said digital signature comprise a signature section r and No. two signature section s; This system comprises: signature control centre, cryptographic hash module, random number generation module, point doubling module, s generation module; Wherein,
Said signature control centre is used for, and will treat that signature information m and signer Hash Value ZA splice, with the splicing message m that obtains ' send to said cryptographic hash module; Calculate r according to r=(e+x1) mod n; R is sent to said s generation module; Under the situation of r=0, r+k=n or s=0, notify said random number generation module to regenerate k; K is sent to said point doubling module, s generation module; R and s are exported as the digital signature of m;
Said cryptographic hash module is used for, and m ' is carried out the cryptographic hash computing, and the splicing message Hash Value e that generates is sent to said signature control centre;
Said random number generation module is used for, and the random number k that generates is sent to said signature control centre;
Said point doubling module is used for, and the basic G of said elliptic curve is carried out the k point doubling, and (x1 y1) sends to said signature control centre as operation result [k] G with the coordinate that generates;
Said s generation module is used for, according to s=[(1+dA) -1(k-rdA)] mod n generates s, and the s that generates is sent to said signature control centre;
Wherein, n is the rank of said elliptic curve, and dA is the private key of signer.
The invention has the beneficial effects as follows: among the present invention, because message m can be spliced with treating that signature information m and signer Hash Value ZA are spliced in signature control centre ', by the cryptographic hash module it is carried out the hash computing; Obtain splicing message Hash Value e, the random number generation module generates random number k, and the point doubling module is carried out the k point doubling to the basic G of elliptic curve; The generation coordinate (x1, y1), like this; Signature control centre can obtain r according to r=(e+x1) mod n, if this r satisfies r=0 and r+k=0 all is false, then this r is the signature section in the digital signature of m; Otherwise signature control centre notice random number generation module regenerates random number k; The s generation module can be according to s=[(1+dA) -1(k-rdA)] mod n generates s, and under the invalid situation of s=0, this s is No. two signature sections in the digital signature of m.Like this, signature control centre can export r and s as the digital signature of m.Therefore, the enough hardware of signature control centre, cryptographic hash module, random number generation module, point doubling module, s generation module that comprise of the present invention's ability is realized the Digital Signature Algorithm in the SM2 ellipse curve public key cipher algorithm.
The present invention also provides the digital signature authentication system of the first territory of a kind of p SM2 elliptic curve; This system is used to the digital signature of verifying that above-mentioned digital signature generation system is generated, and this system comprises: access control center, cryptographic hash module, point doubling module, point add module; Wherein,
Said access control center is used for, with the r ' that receives and the s ' digital signature as the message M ' to be verified of said digital signature generation system output; Judge r ' and s ' whether all 1 and (n-1) between; M ' and signer Hash Value ZA ' are spliced, the authentication splicing message
Figure BDA0000057887730000021
that obtains is sent to said cryptographic hash module; Confirm t according to t=(r '+s ') mod n, judge whether t is 0; S ' and t are sent to said point doubling module, and [s '] G that said point doubling module is returned sends to said point with [t] PA and adds module; Confirm R, and judge whether R equates with r ' according to R=(e '+x1 ') mod n; Judge r ' not 1 and (n-1) between, s ' not 1 and (n-1) between, t is 0, during arbitrary situation in unequal of R and r ', the message that the output digital signature authentication is not passed through, when above-mentioned each situation does not all occur, the message that the output digital signature authentication is passed through; Wherein, n is the rank of said elliptic curve;
Said cryptographic hash module is used for;
Figure BDA0000057887730000031
carried out the cryptographic hash computing, the authentication splicing message Hash Value e ' that generates is sent to said access control center;
Said point doubling module is used for, and the basic G of said elliptic curve is carried out s ' point doubling, and G sends to said access control center with the operation result that obtains [s ']; PKI PA to signer carries out the t point doubling, and PA sends to said access control center with the operation result that obtains [t];
Said point adds module and is used for, and [s '] G and [t] PA of input carried out point add operation, and operation result (x1 ', y1 ') is sent to said access control center.
In addition, the present invention also provides the digital signature of the first territory of a kind of p SM2 elliptic curve to generate, verify hybrid system, and the rank of said elliptic curve are n, and base is G, and signer has PKI PA and private key dA; This system comprises: signature control centre, access control center, random number generation module, s generation module, cryptographic hash module, point doubling module, upper strata final election module, point add module; Said cryptographic hash module, point doubling module all have signature generate pattern and signature verification pattern; Wherein,
Said signature control centre is used for, and sends signature generate pattern signal to said upper strata final election module; To treat that signature information m and signer Hash Value ZA splice, with the splicing message m that obtains ' send to said cryptographic hash module through said upper strata final election module; Calculate r according to r=(e+x1) mod n; R is sent to said s generation module; Under the situation of r=0, r+k=n or s=0, notify said random number generation module to regenerate k; K is sent to said s generation module; K is sent to said point doubling module through said upper strata final election module; R and s are exported as the digital signature of m;
Said access control center is used for, and sends the signature verification mode signal to said upper strata final election module; With the r ' that receives and s ' digital signature as the message M ' to be verified of said digital signature generation system output; Judge r ' and s ' whether all 1 and (n-1) between; M ' and signer Hash Value ZA ' are spliced, the authentication splicing message
Figure BDA0000057887730000032
that obtains is sent to said cryptographic hash module through said upper strata final election module; Confirm t according to t=(r '+s ') mod n, judge whether t is 0; S ' and t are sent to said point doubling module through said upper strata final election module, and [s '] G that said point doubling module is returned sends to said point with [t] PA and adds module; Confirm R, and judge whether R equates with r ' according to R=(e '+x1 ') mod n; Judge r ' not 1 and (n-1) between, s ' not 1 and (n-1) between, t is 0, during arbitrary situation in unequal of R and r ', the message that the output digital signature authentication is not passed through, when above-mentioned each situation does not all occur, the message that the output digital signature authentication is passed through;
Said cryptographic hash module is used for, and under said signature generate pattern, m ' is carried out the cryptographic hash computing, with the forwarding of the splicing message Hash Value e that generates through said upper strata final election module, delivers to said signature control centre; Under said signature verification pattern;
Figure BDA0000057887730000041
carried out the cryptographic hash computing; With the forwarding of the authentication splicing message Hash Value e ' that generates, deliver to said access control center through said upper strata final election module;
Said random number generation module is used for, and the random number k that generates is sent to said signature control centre;
Said point doubling module is used for, and under said signature generate pattern, G is carried out the k point doubling, and (x1 y1) as operation result [k] G, through the forwarding of said upper strata final election module, delivers to said signature control centre with the coordinate that generates; Under said signature verification pattern, G is carried out s ' point doubling, with the forwarding of the operation result that obtains [s '] G, deliver to said access control center through said upper strata final election module; PA is carried out the t point doubling,, deliver to said access control center the forwarding of the operation result that obtains [t] PA through said upper strata final election module;
Said s generation module is used for, according to s=[(1+dA) -1(k-rdA)] mod n generates s, and the s that generates is sent to said signature control centre;
Said point adds module and is used for, and [s '] G and [t] PA of input carried out point add operation, and operation result (x1 ', y1 ') is sent to said access control center;
Said upper strata final election module is used for, and according to said signature generate pattern signal, the mode of operation of said cryptographic hash module, point doubling module is confirmed as the signature generate pattern; According to said signature verification mode signal, the mode of operation of said cryptographic hash module, point doubling module is confirmed as the signature verification pattern.
Description of drawings
Fig. 1 is the flow chart of the digital signature generating algorithm in the SM2 ellipse curve public key cipher algorithm announced of national Password Management office;
Fig. 2 is the structure chart of the digital signature generation system of the p unit territory SM2 elliptic curve of the present invention's proposition;
Fig. 3 is the structure chart of s generation module in the digital signature generation system of the p unit territory SM2 elliptic curve of the present invention's proposition;
Fig. 4 is the structure chart of point doubling module in the digital signature generation system of the p unit territory SM2 elliptic curve of the present invention's proposition;
Fig. 5 is the flow chart of the digital signature verification algorithm in the SM2 ellipse curve public key cipher algorithm announced of national Password Management office;
Fig. 6 is the structure chart of the digital signature authentication system of the first territory of p provided by the invention SM2 elliptic curve;
Fig. 7 is the structure chart of point doubling module in the digital signature authentication system of p provided by the invention unit territory SM2 elliptic curve;
Fig. 8 adds the structure chart of module for the digital signature authentication system mid point of the first territory of p provided by the invention SM2 elliptic curve;
Fig. 9 is that the digital signature of the first territory of p provided by the invention SM2 elliptic curve generates, the structure chart of checking hybrid system;
Figure 10 is that the digital signature of the first territory of p provided by the invention SM2 elliptic curve generates, the structure chart of the most preferred embodiment of checking hybrid system.
Embodiment
Below in conjunction with accompanying drawing principle of the present invention and characteristic are described, institute gives an actual example and only is used to explain the present invention, is not to be used to limit scope of the present invention.
Fig. 1 is the flow chart of the digital signature generating algorithm in the SM2 ellipse curve public key cipher algorithm announced of national Password Management office.In p unit territory, the equation of elliptic curve is y 2=x 3+ ax+b, the p here are the prime number greater than 3, and a and b are the numerical value in the p unit territory, and satisfy (4a 3+ 27b 2) mod p is not 0.Elliptic curve among the present invention all refers to the elliptic curve in the p unit territory.
Digital signature is to be attached to some data of treating on the signature information, or to the result of data cryptographic transformation that the unit is done, when normal the use, digital signature can provide following service: the source of data is confirmed in (1); (2) integrality of verification msg; (3) the assurance signer can not be denied.
As shown in Figure 1, this algorithm may further comprise the steps:
Step 101: the basic G of known elliptic curve, the rank n of elliptic curve, message m to be signed, Hash Value ZA, signer PKI PA and the private key dA of signer.
This step is the affirmation step of a prevision amount.Wherein, the basic G of elliptic curve and rank n are the characteristic quantity of the elliptic curve described in the ellipse curve public key cipher algorithm; Treat signature information m for carrying out the message of digital signature protection, promptly usually said data expressly; Signer Hash Value ZA carries out the Hash Value that obtains after cryptographic hash is calculated to the abscissa of the abscissa of the parameter a in the sign distinguished of signer and length thereof, the p unit territory elliptic curve equation and b, G and ordinate, signer PKI PA and the Bit String after the ordinate splicing; The hash computing here be with a length arbitrarily Bit String be mapped as the computing of fixed-length bits string (being Hash Value); Irreversibility and input and output unicity are satisfied in this computing, can guarantee the safety of data.SM2 ellipse curve public key cipher algorithm is a kind of rivest, shamir, adelman, need two keys of PKI and private key, data that private key can have been deciphered by public key encryption, and the data that PKI also can have been deciphered by encrypted private key, dA and PA are the private key and the PKI of signer.
Step 102: ZA and m are spliced into the splicing message m '.
This step is that the Bit String with ZA and m is stitched together, and forms a Bit String, can m be spliced in the back of the position, end of ZA Bit String.
Step 103: m ' is carried out the cryptographic hash algorithm, obtain splicing message Hash Value e.
This step is the step of carrying out the cryptographic hash computing, and the length of the e of output can be 192 bits, also can be 256 bits.
Step 104: produce 1 and (n-1) between random number k.
This step is to produce random number k, and this random number must be less than the rank n of elliptic curve, and is positive integer.
Step 105: G is carried out the k point doubling, obtain coordinate (x1, y1).
Here, the k point doubling is meant same point on the elliptic curve is carried out the computing that adds for k time that this point is the point on the elliptic curve; Basic G like the elliptic curve in this step; And the result of computing gained also is the coordinate of the point on this elliptic curve, promptly the coordinate that obtains of this step (x1, y1).
Step 106: calculate r according to r=(e+x1) mod n.
Here, r is the part of the digital signature of m, and the present invention can be referred to as the signature section No. one.
Step 107: judge whether r=0 or r+k=n set up.
Here, no matter r=0 sets up still that r+k=n sets up, and still the two is all set up, and all the k of description of step 104 generations is improper, thus in judged result when being, return execution in step 104, otherwise, execution in step 108.
Step 108: [(1+dA) according to s= -1(k-rdA)] mod n calculates s.
Here, s is another part of the digital signature of m, and the present invention is referred to as the signature section No. two.
Step 109: judge whether s is 0.
Here, s 0 means that the random number k that step 104 generates is improper, thus in judged result when being, return execution in step 104, otherwise, execution in step 110.
Step 110: r and s are exported as the digital signature of m.
Here, r and s can form a message output, also can export simultaneously with m.
Corresponding to digital signature generating algorithm shown in Figure 1, the invention provides the digital signature generation system of the first territory of a kind of p SM2 elliptic curve, be used to utilize hardware to realize this algorithm.Fig. 2 is the structure chart of the digital signature generation system of the p unit territory SM2 elliptic curve of the present invention's proposition.The elliptic curve here is the elliptic curve in the p unit territory, and it has basic G, and its rank are n.The digital signature here is to treating that signature information m carries out the digital signature that generates after the digital signature computing, comprising a signature section r and No. two signature section s.In this system, signer has signer private key dA and signer PKI PA, and wherein, the abscissa xA of PA and ordinate yA as the part of hash computing input bit string, import signer Hash Value ZA through the hash computing.
As shown in Figure 2, this system comprises: signature control centre 201, cryptographic hash module 204, random number generation module 202, point doubling module 203, s generation module 205; Wherein,
Signature control centre 201 is used for, and will treat that signature information m and signer Hash Value ZA splice, with the splicing message m that obtains ' send to cryptographic hash module 204; Calculate r according to r=(e+x1) mod n; R is sent to s generation module 205; Under the situation of r=0, r+k=n or s=0, notice random number generation module 202 regenerates k; K is sent to point doubling module 203, s generation module 205; R and s are exported as the digital signature of m;
Cryptographic hash module 204 is used for, and m ' is carried out the cryptographic hash computing, and the splicing message Hash Value e that generates is sent to signature control centre 201;
Random number generation module 202 is used for, and the random number k that generates is sent to signature control centre 201;
Point doubling module 203 is used for, and the basic G of elliptic curve is carried out the k point doubling, and (x1 y1) sends to signature control centre 201 as operation result [k] G with the coordinate that generates;
S generation module 205 is used for, according to s=[(1+dA) -1(k-rdA)] mod n generates s, and the s that generates is sent to signature control centre 201.
Here; Signature control centre will treat that computing and the step 102 among Fig. 1 that signature information m and signer Hash Value ZA splice are corresponding; Being that Bit String with ZA and m is stitched together and forms the computing of a Bit String, can be that m is spliced in the back of the position, end of ZA Bit String.The function that signature control centre calculates a signature section r according to r=(e+x1) mod n be with Fig. 1 in step 106 corresponding; Under the situation of r=0, r+k=n or s=0; Notice random number generation module regenerates k; Be corresponding with 109 with step 107, signature control centre can be provided with the order of judgement, thereby makes step 107 and opened execution in 109 minutes.Signature control centre exports r and s as the digital signature of m, be with Fig. 1 in step 110 corresponding.This shows that signature control centre is the control core of whole system, have functions such as the work schedule of arranging each module, the legitimacy of judging the digital signature that generates, output digital signature, it also has the receiving function of data, control command.
Mod among the present invention is a modulo operator, execution be to ask modular arithmetic.
The cryptographic hash module is used for m ' is carried out the cryptographic hash computing, generates splicing message Hash Value e, and this is corresponding with the step 103 among Fig. 1.The Hash Value e that the cryptographic hash computing is here generated can be 192 bits, also can be 256 bits, thereby meet the different needs.
The random number generation module generate random number k be with Fig. 1 in step 104 corresponding, k must be less than the rank n of elliptic curve, and is positive number.The randomizer that the random number generation module here can adopt the approval of national Password Management office to use, it can generate random number at random.
The point doubling module is carried out the k point doubling to the basic G of elliptic curve; With the coordinate (x1 that generates; Y1) as operation result [k] G be with Fig. 1 in step 105 corresponding, (x1 y1) also is the coordinate of the point on this elliptic curve to the operation result here; K be produce at random 1 and (n-1) between numeral, the operation result of point doubling module is the coordinate of the point on the elliptic curve.
The s generation module according to s=[(1+dA) -1(k-rdA)] mod n generates the computing of No. two signature section s, is corresponding with step 108.
This shows; Corresponding module in the system is under the prerequisite of Hash Value ZA, signer PKI PA and the private key dA of the rank n of basic G, the elliptic curve of prevision elliptic curve, message m to be signed, signer (corresponding with the step 101 among Fig. 1); Each module in this system can be distinguished each step in the execution graph 1; Control centre arranges the work schedule of each module by signature; Thereby make each module come work, thereby, generate the digital signature r and the s that treat signature information according to the digital signature generating algorithm in the SM2 ellipse curve public key cipher algorithm according to algorithm flow shown in Figure 1.
Among the present invention, because message m can be spliced with treating that signature information m and signer Hash Value ZA are spliced in signature control centre ', by the cryptographic hash module it is carried out the hash computing; Obtain splicing message Hash Value e, the random number generation module generates random number k, and the point doubling module is carried out the k point doubling to the basic G of elliptic curve; The generation coordinate (x1, y1), like this; Signature control centre can obtain r according to r=(e+x1) mod n, if this r satisfies r=0 and r+k=0 all is false, then this r is the signature section in the digital signature of m; Otherwise signature control centre notice random number generation module regenerates random number k; The s generation module can be according to s=[(1+dA) -1(k-rdA)] mod n generates s, and under the invalid situation of s=0, this s is No. two signature sections in the digital signature of m.Like this, signature control centre can export r and s as the digital signature of m.Therefore, the enough hardware of signature control centre, cryptographic hash module, random number generation module, point doubling module, s generation module that comprise of the present invention's ability is realized the Digital Signature Algorithm in the SM2 ellipse curve public key cipher algorithm.
Because system provided by the invention can realize the Digital Signature Algorithm the SM2 ellipse curve public key cipher algorithm from hardware, thereby arithmetic speed realizes more quick, also safer than software.
In addition; Because system provided by the invention can realize the Digital Signature Algorithm the SM2 ellipse curve public key cipher algorithm from hardware; The available amount of calculation littler than prior art, faster speed, littler keys sizes, lower bandwidth guarantee data transmission safety, thereby the present invention has broad application prospects.
S generation module 205 among Fig. 2 is under the time sequence control that signature control centre 201 arranges, according to s=[(1+dA) -1(k-rdA)] mod n generates s, and the s that generates is sent to signature control centre 201.It according to s=[(1+dA) -1(k-rdA)] computing carried out of mod n comprises: to the inversion operation of (1+dA), to r and dA scalar multiplication, k and (rdA) between subtraction, to (1+dA) -1Scalar multiplication (k-rdA); Because the p unit territory at elliptic curve place is the finite field under affine coordinate system, carries out these computing more complicated, the time of meeting labor; Thereby need be transformed under other suitable computing environment and carry out corresponding operation; For example in the territory, Montgomery, carry out computing, this can improve arithmetic speed, improves the efficient that digital signature generates.
Fig. 3 is the structure chart of s generation module in the digital signature generation system of the p unit territory SM2 elliptic curve of the present invention's proposition.As shown in Figure 3, s generation module 205 comprises: s generates control submodule 301, territory conversion submodule 302, territory, Montgomery multiplication submodule 303, the finite field submodule 304 of inverting;
S generates control submodule 301 and is used for, and r that reception signature control centre 201 sends and k are in the value of finite field; (1+dA) sent to the finite field submodule 304 of inverting in the value of finite field; With r, dA, (1+dA) -1Send to conversion submodule 302 in territory with k in the value of finite field; The value in r and each territory, comfortable Montgomery of dA is sent to territory, Montgomery multiplication submodule 303, and (rdA) that return with it in the value in territory, Montgomery with k carries out subtraction in the value in territory, Montgomery, obtains (k-rdA) value in the territory, Montgomery; With (1+dA) -1(k-rdA) value in each territory, comfortable Montgomery sends to territory, Montgomery multiplication submodule 303, and with its return [(1+dA) -1(k-rdA)] value and 1 at affine coordinate system sends to territory, Montgomery multiplication submodule 303; With s=[(1+dA) -1(k-rdA)] mod n sends to signature control centre 201 at the value s of finite field;
Territory conversion submodule 302 is used for, with (1+dA) -1, r, dA and k convert the value in each territory, comfortable Montgomery respectively in the value of finite field, send to s and generate control submodule 301;
Territory, Montgomery multiplication submodule 303 is used for, and the two carries out the multiplying of territory, Montgomery in the value in territory, Montgomery to r and dA, (rdA) that obtain is returned s in the value in territory, Montgomery generate control submodule 301; With (1+dA) -1(k-rdA) the two carries out the multiplying of territory, Montgomery in the value in territory, Montgomery, with obtain [(1+dA) -1(k-rdA)] return s in the value of affine coordinate system and generate control submodule 301; To [(1+dA) -1(k-rdA)] carry out the multiplying of territory, Montgomery in the value and 1 of affine coordinate system, [(1+dA) with the s=that obtains -1(k-rdA)] mod n sends to s at the value s in finite field and generates control submodule 301; Here, because to (1+dA) -1(k-rdA) the two operation result that carries out territory, Montgomery multiplication in the value in territory, Montgomery is [(1+dA) -1(k-rdA)], this means its inevitable less than n, thereby also implied it and ask modular arithmetic that therefore, territory, Montgomery multiplication submodule 303 can be with [(1+dA) to what n carried out in the value of finite field -1(k-rdA)] in the value of finite field [(1+dA) as s= -1(k-rdA)] mod n sends to s at the value s of finite field and generates control submodule 301.
The finite field submodule 304 of inverting is used for, and (1+dA) is carried out inversion operation in the value of finite field, with (1+dA) that obtain -1Value in finite field sends to s generation control submodule 301.
Inversion operation among the present invention satisfies following operation rule: if the scalar product of variable u in the finite field and v satisfies uv=1 mod n, then variable u is called the inversion amount of v, is designated as v=u -1
This shows that this s generation module utilizes the finite field submodule of inverting, and (1+dA) carried out inversion operation in the value of finite field, obtains its reciprocal value in finite field (1+dA) -1, then with data, like r, dA, (1+dA) -1And k; Send to territory conversion submodule, data are transformed into the territory, Montgomery from finite field, and then these data are sent to territory, Montgomery multiplication submodule; Realize its scalar multiplication in the territory, Montgomery; And obtaining the value of product in finite field, after the scalar multiplication finished, s generates the control submodule can turn back to signature control centre in the value of finite field with the s that obtains.It is the control core that generates s that the s here generates the control submodule, it has reception and dateout, in each intermodule transmission data, control the function of the operation time sequence of each module.
What the point doubling module 203 among Fig. 2 realized is the function of the basic G of elliptic curve being carried out the k point doubling, and the k point doubling is that same point on the elliptic curve is carried out the computing that adds for k time, and the point that carries out adding for k time computing here is the basic G of elliptic curve.In the finite field under the affine coordinate system, carry out k point doubling more complicated to the point on the elliptic curve, operand is very big, thereby consuming time very long; Similar with the processing mode of s generation module; The present invention also can transform to each minute computing in the k point doubling in other suitable environment and carry out, and for example, transforms in the territory, Montgomery under the projective coordinate system and carries out; Help improving arithmetic speed like this, improve digital signature formation efficiency of the present invention.
Fig. 4 is the structure chart of point doubling module in the digital signature generation system of the p unit territory SM2 elliptic curve of the present invention's proposition.As shown in Figure 4, point doubling module 203 comprises: point doubling control submodule 401, territory conversion submodule 406, territory, Montgomery multiplication submodule 404, projection mooring points add submodule 402, projective system two point doubling submodules 403, the finite field submodule 405 of inverting; Wherein,
Point doubling control submodule 401 is used for, and (x y) converts coordinate (x2, y2,1) under the projective coordinate system into, and x2, y2,1 are sent to the territory changes submodule 406 with the coordinate of G under affine coordinate system; Will (x3, y3 is z3) as coordinate (x1, y1, z1) the initial value of [k] G in the territory, Montgomery; Confirm the binary bits length L of k; With the initial value of the inferior higher bit position in the binary form of k as its current bit; Inferior higher bit position from the binary form of k begins; Bit of each reduction till its lowest bit position, carries out (L-1) inferior interative computation as current bit; (z1 in z1) sends to territory, Montgomery multiplication submodule 404 for x1, y1 with the coordinate as a result of (L-1) inferior interative computation; The z1 that territory, Montgomery multiplication submodule 404 is returned sends to the finite field submodule 405 of inverting in the value of finite field; With the finite field z1 that submodule 405 returns that inverts -1Value in finite field sends to territory conversion submodule 406; With the coordinate as a result of (L-1) inferior interative computation (x1, y1, x1, y1 and z1 in z1) -1The value in each territory, comfortable Montgomery sends to territory, Montgomery multiplication submodule 404, and its x1 that returns, the two value at affine coordinate system of y1 are sent to territory, Montgomery multiplication submodule 404 with 1 respectively; The x1 that territory, Montgomery multiplication submodule 404 is returned, y1 the two (x1 y1) sends to signature control centre 201 at the coordinate of finite field as [k] G in the value of finite field; An interative computation wherein comprises: with current (x1; Y1; Z1) send to projective system two point doubling submodules 403, be under the situation of binary one at current bit, the output coordinate that projective system two point doubling submodules 403 are returned sends to the projection mooring points and adds submodule 402;
Territory conversion submodule 406 is used for, and converts x2, y2,1 value in finite field value x3, y3, the z3 of each territory, comfortable Montgomery into respectively, and it is returned point doubling control submodule 401; With z1 -1Value in finite field converts its value in the territory, Montgomery into, and it is returned point doubling control submodule 401;
The projection mooring points adds submodule 402 and is used for, with input coordinate with (x3, y3 z3) carry out point add operation, and operation result is sent to point doubling control submodule 401;
Projective system two point doubling submodules 403 are used for, and input coordinate is carried out two point doublings, and operation result is back to point doubling control submodule 401 as output coordinate;
Territory, Montgomery multiplication submodule 404 is used for, and z1 and 1 is carried out the multiplying of territory, Montgomery, and the z1 that obtains is sent to point doubling control submodule 401 in the value of finite field; To x1 and z1 -1The two value, y1 and z1 in the territory, Montgomery -1The two carries out the multiplying of territory, Montgomery respectively in the value in territory, Montgomery, and the two returns point doubling control submodule 401 in the value of affine coordinate system with the x1 that obtains, y1; Point doubling is controlled x1 that submodule 401 sends, y1, and the two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system, and the x1 that obtains, the two value in finite field of y1 are turned back to point doubling control submodule 401;
The finite field submodule 405 of inverting is used for, and z1 is carried out inversion operation in the value of finite field, with the z1 that obtains -1Value in finite field sends to point doubling control submodule 401.
This shows that the method that 203 couples of G of point doubling module carry out the k point doubling is: (x y) converts coordinate (x2 under the projective coordinate system into to point doubling control submodule with the coordinate of G under affine coordinate system; Y2,1), each coordinate is the value in the finite field; Change the value x2 of submodule by the territory then with finite field, y2,1 is transformed to value x3, y3, the z3 in territory, Montgomery respectively; Like this, just can carry out ensuing iterative computation easily.The process of this iterative computation comprises initial assignment phase and (L-1) inferior iterative computation stage, and initial assignment phase comprises: with the coordinate in territory, Montgomery (x3, y3 is z3) as coordinate (x1, y1, z1) the initial value of [k] G in the territory, Montgomery; Confirm the binary bits length L of k; With the initial value (here, in the binary form of k, the highest-order bit of k be binary number 1) of the inferior higher bit position in the binary form of k as the current bit of k; The inferior iterative computation stage of follow-up (L-1) will be carried out (L-1) inferior interative computation; This interative computation uses the sequence number of bit in the binary form of k to be cyclic variable, and the initial value of this cyclic variable is the inferior higher bit position in the binary form of above-mentioned k, and moving direction is the direction towards the lowest bit position; Each quantity that moves is 1; Be that cyclic variable moves a bit towards the direction of lowest bit position at every turn, simultaneously, the current bit of k is along with the variation of cyclic variable; Also be that time higher bit position gradually becomes the lowest bit position from the binary form of k, each variation also is a bit.Iterative process is to carry out in the territory, Montgomery under projective coordinate system.One time the interative computation process comprises: (x1, y1 z1) send to projective system two point doubling submodules, make it carry out one time two point doubling to input coordinate, and operation result is returned point doubling control submodule with current coordinate; Current bit at k is under the situation of binary number 1; The result that projective system two point doubling submodules are returned sends to the projection mooring points and adds submodule, makes it to input coordinate and (x3, y3; Z3) carry out point add operation one time, the result is back to point doubling control submodule.After (L-1) inferior interative computation finishes, need be to operation result coordinate (x1, y1; Z1) z1 in carries out inversion operation, so that x1 and y1 conversion are returned the finite field data output under the affine coordinate system, among the present invention; Point doubling control submodule is sent z1 into territory, Montgomery multiplication submodule, makes it carry out the multiplying of territory, Montgomery to z1 and 1, obtains the value of z1 in finite field; In finite field, this value is carried out inversion operation by the finite field submodule of inverting then, obtain z1 -1In the value of finite field, by territory conversion submodule this value is carried out conversion again, become z1 -1Value in the territory, Montgomery.Through this computing, can be with x1, y1 and z1 -1Value in the territory, Montgomery sends to territory, Montgomery multiplication submodule, by it respectively to x1 and z1 -1Value, y1 and z1 in the territory, Montgomery -1Value in the territory, Montgomery is carried out the multiplying of territory, Montgomery respectively, obtains x1, the two value at affine coordinate system of y1, and the two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system with x1, y1 then; Finally obtain x1, the two value of y1 in finite field; Like this, point doubling module 203 has obtained the coordinate (x1 of a point on the elliptic curve just through the k point doubling to G; Y1), here x1 and y1 is the value in the finite field under the affine coordinate system.
In this point doubling process, point doubling control submodule is the control core, is responsible for data in the transmission of intermodule and reception, the arrangement of each module work schedule, the output of result of calculation etc.
The digital signature generation system of above-mentioned p unit territory SM2 elliptic curve has generated digital signature r and the s that waits to sign close message m, come it is verified with regard to needing special signature verification system, thereby the safety in the judgment data transmission course whether.For this reason, national Password Management office has also announced the digital signature verification algorithm in the SM2 ellipse curve public key cipher algorithm.Fig. 5 is the flow chart of the digital signature verification algorithm in the SM2 ellipse curve public key cipher algorithm announced of national Password Management office.As shown in Figure 5, this algorithm may further comprise the steps:
Step 501: the basic G of known elliptic curve, the rank n of elliptic curve, message M ' to be verified, authentication Hash Value ZA ', signer PKI PA, digital signature r ' and s ' to be verified.
Similar with the step 101 among Fig. 1, this step also is the affirmation step of a prevision amount.Wherein, the basic G of elliptic curve is described identical with step 101 with rank n, is the characteristic quantity of the elliptic curve described in the ellipse curve public key cipher algorithm; The message of message M ' to be verified for carrying out digital signature authentication, promptly usually said data ciphertext, this digital signature verification algorithm promptly are used for the authenticity of M ' is verified; If, explain that the fact that M ' is transmitted by signer and do not distorted is believable midway through checking, otherwise; Checking is not passed through; Explain that then M ' possibly not transmitted by signer, perhaps intercepted and captured, distort, copied midway, thereby be incredible; Identical with the computing of signer Hash Value ZA; Authentication Hash Value ZA ' carries out the Hash Value that obtains after the cryptographic hash computing to the abscissa of the abscissa of the parameter a in the sign distinguished of signer and length thereof, the p unit territory elliptic curve equation and b, G and ordinate, signer PKI PA and the Bit String after the ordinate splicing, and here cryptographic hash computing and the cryptographic hash computing described in the step 101 are identical.Different with the step 101 in the digital signature generating algorithm; Need the parameter of prevision also to comprise digital signature r ' to be verified and s ' in the digital signature verification algorithm; This digital signature is that the authentication reception obtains; Corresponding with M ', r ' wherein can think a signature section of digital signature to be verified, and s ' can think No. two signature sections of digital signature to be verified.
Step 502: judge r ' whether 1 and n-1 between.
Here, r ' must be less than the rank n of elliptic curve, and is the positive integer greater than 0, therefore, if r ' not 1 and n-1 between, then execution in step 512, judge that checking do not pass through, otherwise, execution in step 503.
Step 503: judge s ' whether 1 and n-1 between.
Here, identical with r ', s ' also must be less than the rank n of elliptic curve, and is the positive integer greater than 0, therefore, if s ' not 1 and n-1 between, then execution in step 512, judge that checking do not pass through, otherwise, execution in step 504.
Step 504: ZA ' and M ' are spliced into authentication splicing message.
What this step was carried out is the splicing computing, and M ' is spliced in the ZA ' back of last bit.
Step 505: authentication splicing message is carried out the cryptographic hash computing, obtain authentication splicing message Hash Value e '.
This step is the step of carrying out the cryptographic hash computing, and the length of the e ' of output can be 192 bits, also can be 256 bits.
Step 506: calculate t according to t=(r '+s ') mod n.
Step 507: judge whether t is 0.
Here, set up if judged result is t=0, then execution in step 512, and be judged as checking and do not pass through, otherwise, execution in step 508.
Step 508: according to calculating (x1 ', y1 ')=[s '] G+ [t] PA coordinates computed (x1 ', y1 ').
[the s '] G here and [t] PA are respectively to the s ' point doubling of G with to the t point doubling of PA, because operation result is coordinate a little, thereby plus sige wherein is a point add operation.
Step 509: confirm R according to R=(e '+x1 ') mod n.
Step 510: judge whether R equates with r '.
If the judged result of this step is for being, then execution in step 511, judge that checking passes through, otherwise execution in step 512 are judged as checking and do not pass through.
Step 511: be judged as checking and pass through.
Step 512: be judged as checking and do not pass through.
This algorithm is and the corresponding digital signature verification algorithm of digital signature generating algorithm shown in Figure 1 that any hardware device that can realize this digital signature verification algorithm does not appear in prior art as yet yet.
Corresponding with the digital signature generation system of above-mentioned p unit territory SM2 elliptic curve; The present invention proposes the digital signature authentication system of a kind of p unit territory SM2 elliptic curve, be used for digital signature r and s that the digital signature generation system of the described p of proof diagram 2 unit territory SM2 elliptic curve is generated.
Fig. 6 is the structure chart of the digital signature authentication system of the first territory of p provided by the invention SM2 elliptic curve.As shown in Figure 6, this system comprises: access control center 601, cryptographic hash module 602, point doubling module 603, point add module 604; Wherein,
Access control center 601 is used for, with the r ' that receives and the s ' digital signature as the message M ' to be verified of digital signature generation system output; Judge r ' and s ' whether all 1 and (n-1) between; M ' and signer Hash Value ZA ' are spliced, the authentication splicing message that obtains is sent to cryptographic hash module 602; Confirm t according to t=(r '+s ') mod n, judge whether t is 0; S ' and t are sent to point doubling module 603, and [s '] G that point doubling module 603 is returned sends to [t] PA and a little adds module 604; Confirm R, and judge whether R equates with r ' according to R=(e '+x1 ') mod n; Judge r ' not 1 and (n-1) between, s ' not 1 and (n-1) between, t is 0, during arbitrary situation in unequal of R and r ', the message that the output digital signature authentication is not passed through, when above-mentioned each situation does not all occur, the message that the output digital signature authentication is passed through; Wherein, n is the rank of elliptic curve;
Cryptographic hash module 602 is used for;
Figure BDA0000057887730000142
carried out the cryptographic hash computing, the authentication splicing message Hash Value e ' that generates is sent to access control center 601;
Point doubling module 603 is used for, and the basic G of elliptic curve is carried out s ' point doubling, and G sends to access control center 601 with the operation result that obtains [s ']; PKI PA to signer carries out the t point doubling, and PA sends to access control center 601 with the operation result that obtains [t];
Point adds module 604 and is used for, and [s '] G and [t] PA of input carried out point add operation, and operation result (x1 ', y1 ') is sent to access control center 601.
In this system, the access control center is the control core that realizes digital signature verification algorithm, it is responsible for arranging the work schedule of each module, at each intermodule swap data, receive the authenticity of data, certifying digital signature etc.The cryptographic hash module is to realize the module of cryptographic hash computing; The point doubling module is to realize the module of point doubling; It is to realize the module of point add operation that point adds module, all work under the control at access control center of these modules, thus realize digital signature verification algorithm.
Basic G, the rank n of elliptic curve, signer PKI PA at known elliptic curve; Obtained authentication Hash Value ZA '; And receive under the situation of message M ' to be verified, digital signature r ' to be verified and s ' (corresponding) with step 501; The access control center can judge r ' and s ' whether all 1 and (n-1) between, thereby the function of performing step 502 and 503; The function of performing step 504 is also spliced with M ' and authentication Hash Value ZA ' in the access control center; The access control center is spliced message
Figure BDA0000057887730000151
with authentication and is sent to the cryptographic hash module; Make it carry out the cryptographic hash computing to
Figure BDA0000057887730000152
; Generate authentication splicing message Hash Value e ', this is corresponding with step 505; T is confirmed according to t=(r '+s ') mod n in the access control center, and judges whether t is 0, but the function of performing step 506 and 507; The access control center sends to the point doubling module with s ' and t; Make it carry out s ' point doubling and t point doubling to G and PA respectively; Then two return results are sent to and a little add module, make it carry out point add operation two return results, obtain operation result (x1 '; Y1 '), the function of performing step 508; R is confirmed according to R=(e '+x1 ') mod n in the access control center, and judges whether R equates with r ', thereby can performing step 509 and 510 function; When occur r ' not 1 and (n-1) between, s ' not 1 and (n-1) between, t is 0, during arbitrary situation in unequal of R and r '; The message that the output digital signature authentication of access control center is not passed through; Otherwise; Above-mentioned arbitrary situation does not all occur, and then exports the message that digital signature authentication is passed through, and this is corresponding respectively with 511 with step 512.This shows that digital signature authentication system shown in Figure 6 can realize digital signature verification algorithm shown in Figure 5.
Similar with digital signature generation system shown in Figure 2, the point doubling module in this digital signature authentication system also is the module of carrying out point doubling, its realization be that G is carried out s ' point doubling and PA is carried out the t point doubling.
Fig. 7 is the structure chart of point doubling module in the digital signature authentication system of p provided by the invention unit territory SM2 elliptic curve.As shown in Figure 7, this point doubling module 603 comprises: point doubling control submodule 701, territory conversion submodule 702, territory, Montgomery multiplication submodule 706, projection mooring points add submodule 705, projective system two point doubling submodules 704, the finite field submodule 703 of inverting; Wherein,
Point doubling control submodule 701 is used for, with coordinate under affine coordinate system of G, PA (x2 ', y2 '), (x5 '; Y5 ') convert into respectively coordinate under the projective coordinate system (x3 '; Y3 ', 1), (x6 ', y6 '; 1), and respectively with x3 ', y3 ', 1 and x6 ', y6 ', 1 send to territory conversion submodule 702; Will (x4 ', y4 ', z4 ') and (x7 ', y7 '; Z7 ') send to the projection mooring points respectively and add submodule 705, and with its respectively as [s '] G and [t] PA the coordinate in territory, Montgomery (x11 ', y11 '; Z11 ') and the initial value of (x12 ', y12 ', z12 '); Confirm binary bits length L A and the LB of s ' and t respectively; Respectively with the inferior higher bit position in the binary form of LA and LB as the initial value of current bit separately; And begin from separately inferior higher bit position respectively; An each bit conduct current bit separately that reduces; Till lowest bit position separately, carry out (LA-1) and (LB-1) inferior interative computation respectively; Respectively with (LA-1) and (LB-1) z11 ' and the z12 ' among the coordinate as a result of inferior interative computation (x11 ', y11 ', z11 ') and (x12 ', y12 ', z12 ') send to territory, Montgomery multiplication submodule 706; Z11 ' that respectively territory, Montgomery multiplication submodule 706 is returned and z12 ' send to the finite field submodule 703 of inverting in the value of finite field; Respectively with the finite field z11 ' that submodule 703 returns that inverts -1And z12 ' -1Value in finite field sends to territory conversion submodule 702; With x11 ', y11 ' and the z11 ' in the coordinate as a result of (LA-1) inferior interative computation (x11 ', y11 ', z11 ') -1Value in the territory, Montgomery sends to territory, Montgomery multiplication submodule 706, and its x11 ' that returns, the two value at affine coordinate system of y11 ' are sent to territory, Montgomery multiplication submodule 706 with 1 respectively; With x12 ', y12 ' and the z12 ' in the coordinate as a result of (LB-1) inferior interative computation (x12 ', y12 ', z12 ') -1Value in the territory, Montgomery sends to territory, Montgomery multiplication submodule 706, and its x12 ' that returns, the two value at affine coordinate system of y12 ' are sent to territory, Montgomery multiplication submodule 706 with 1 respectively; The two sends to access control center as [s '] G at the coordinate of finite field (x11 ', y11 ') in the value of finite field the x11 ' that territory, Montgomery multiplication submodule 706 is returned, y11 '; The two sends to access control center 601 as [t] PA at the coordinate of finite field (x12 ', y12 ') in the value of finite field the x12 ' that territory, Montgomery multiplication submodule 706 is returned, y12 '; An interative computation wherein comprises: respectively with the coordinate of [s '] G and [t] PA (x11 ', y11 ', z11 '), (x12 '; Y12 '; Z12 ') currency sends to projective system two point doubling submodules 704, be under the situation of binary one at the current bit of s ', with projective system two point doubling submodules 704 return (x11 ', y11 '; Z11 ') currency sends to the projection mooring points and adds submodule 705, is under the situation of binary one at the current bit of t; The currency of (x12 ', y12 ', z12 ') that projective system two point doubling submodules 704 are returned sends to the projection mooring points and adds submodule 705;
Territory conversion submodule 702 is used for; Respectively with x3 ', y3 ', 1 and x6 ', y6 ', 1 value in finite field convert value x4 ', y4 ', z4 ' and x7 ', y7 ', the z7 ' in each territory, comfortable Montgomery into, and it is returned point doubling control submodule 701; Respectively with z11 ' -1And z12 ' -1Value in finite field converts its value in the territory, Montgomery into, and it is returned point doubling control submodule 701;
The projection mooring points adds submodule 705 and is used for, with the input (x11 ', y11 '; Z11 ') currency carries out point add operation with (x4 ', y4 ', z4 '); Operation result is sent to point doubling control submodule 701 as the currency of new (x11 ', y11 ', z11 '); The currency of (x12 ', y12 ', z12 ') of input is carried out point add operation with (x7 ', y7 ', z7 '), operation result is sent to point doubling control submodule 701 as the currency of new (x12 ', y12 ', z12 ');
Projective system two point doubling submodules 704 are used for, to the coordinate of [s '] G and [t] PA of input (x11 ', y11 '; Z11 '), the currency of (x12 ', y12 ', z12 ') carries out two point doublings respectively; With operation result respectively as (x11 ', y11 ', z11 ') and (x12 '; Y12 ', z12 ') currency is back to point doubling control submodule 701;
Territory, Montgomery multiplication submodule 706 is used for, and z11 ' and 1 is carried out the multiplying of territory, Montgomery, and the z11 ' that obtains is sent to point doubling control submodule 701 in the value of finite field; Z12 ' and 1 is carried out the multiplying of territory, Montgomery, the z12 ' that obtains is sent to point doubling control submodule 701 in the value of finite field; To x11 ' and z11 ' -1The value in each territory, comfortable Montgomery, y11 ' and z11 ' -1The value in each territory, comfortable Montgomery is carried out the multiplying of territory, Montgomery respectively, and the two returns point doubling control submodule 701 in the value of affine coordinate system with the x11 ' that obtains, y11 '; Point doubling is controlled x11 ' that submodule 701 sends, y11 ', and the two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system, and the x11 ' that obtains, the two value in finite field of y11 ' are turned back to point doubling control submodule 701; To x12 ' and z12 ' -1The two value, y12 ' and z12 ' in the territory, Montgomery -1The two carries out the multiplying of territory, Montgomery respectively in the value in territory, Montgomery, and the two returns point doubling control submodule 701 in the value of affine coordinate system with the x12 ' that obtains, y12 '; Point doubling is controlled x12 ' that submodule 701 sends, y12 ', and the two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system, and the x12 ' that obtains, the two value in finite field of y12 ' are turned back to point doubling control submodule 701;
The finite field submodule 703 of inverting is used for, and respectively z11 ' and z12 ' is carried out inversion operation in the value of finite field, with the z11 ' that obtains -1And z12 ' -1Value in finite field sends to point doubling control submodule 701.
This shows that point doubling control submodule is the control core of this point doubling module, the operation time sequence of each module of may command, in each intermodule Data transmission, reception and dateout.Compare with point doubling module shown in Figure 4; This point doubling module is except being used for the digital signature authentication system; Be used for the coordinate of two points is carried out point doubling, and the number of point doubling different (the point doubling module among Fig. 4 is that G is carried out the k point doubling, and this point doubling module is used for G is carried out s ' point doubling and PA is carried out the t point doubling); And the used data of computing different outside, Fig. 4 is identical on function with the point doubling module shown in the Ben Tu.
In this digital signature authentication system, point adds module 604 and is used for [s '] G and [t] PA of input are carried out point add operation, and the result of point add operation is coordinate (x1 ', y1 '), exports it to access control center 601.Because input is the data in the finite field under the affine coordinate system here, carries out the point add operation more complicated, therefore, the present invention can carry out point add operation to the territory, Montgomery under the projective coordinate system with data conversion, can improve operation efficiency like this.
Fig. 8 adds the structure chart of module for the digital signature authentication system mid point of the first territory of p provided by the invention SM2 elliptic curve.As shown in Figure 8, this point adds module 604 and comprises: point adds control submodule 801, territory conversion submodule 805, projection mooring points and adds submodule 802, territory, Montgomery multiplication submodule 804, the finite field submodule 803 of inverting; Wherein,
Point adds control submodule 801 and is used for, coordinate under affine coordinate system of [s '] G that Receipt Validation control centre 601 sends and [t] PA (x11 ', y11 ') and (x12 '; Y12 '), with the two convert into respectively coordinate under each comfortable projective coordinate system (x11 ', y11 '; 1) and (x12 '; Y12 ', 1), and with x11 ', y11 ', 1 and x12 ', y12 ', 1 send to territory conversion submodule 805; With the territory change x11 ' that submodule 805 returns, y11 ', 1 and x12 ', y12 ', 1 value x111 ', y111 ', z111 ' and x121 ', y121 ', z121 ' in the territory, Montgomery send to the projection mooring points and add submodule 802; The z131 ' that the projection mooring points is added in the coordinate under projective coordinate system of [s '] G+ [t] PA that submodule 802 returns (x131 ', y131 ', z131 ') sends to territory, Montgomery multiplication submodule 804; The z131 ' that territory, Montgomery multiplication submodule 804 is returned sends to the finite field submodule 803 of inverting in the value of finite field; With the finite field z131 ' that submodule 803 returns that inverts -1Value in finite field sends to territory conversion submodule 805; With x131 ', y131 ' and the z131 ' in the coordinate of [s '] G+ [t] PA under projective coordinate system (x131 ', y131 ', z131 ') -1Value in the territory, Montgomery sends to territory, Montgomery multiplication submodule 804, and its x131 ' that returns, the two value at affine coordinate system of y131 ' are sent to territory, Montgomery multiplication submodule 804 with 1 respectively; The two sends to access control center 601 in the value of finite field as (x1 ', y1 ') x131 ' that territory, Montgomery multiplication submodule 804 is returned, y131 ';
Territory conversion submodule 805 is used for; Respectively with x11 ', y11 ', 1 and x12 ', y12 ', 1 value in finite field convert value x111 ', y111 ', z111 ' and x121 ', y121 ', the z121 ' in each territory, comfortable Montgomery into, and its reentry point is added control submodule 801; With z131 ' -1Value in finite field converts its value in the territory, Montgomery into, and with z131 ' -1Value reentry point in the territory, Montgomery adds control submodule 801;
The projection mooring points adds submodule 802 and is used for; X111 ', y111 ', z111 ' and x121 ', y121 ', the z121 ' of input are carried out point add operation; With operation result as the coordinate of [s '] G+ [t] PA under projective coordinate system (x131 '; Y131 ', z131 ') send to a little to add and control submodule 801;
Territory, Montgomery multiplication submodule 804 is used for, and the z131 ' and 1 of input is carried out the multiplying of territory, Montgomery, the z131 ' that obtains is sent to a little to add in the value of finite field control submodule 801; To x131 ' and z11 ' -1The value in each territory, comfortable Montgomery, y131 ' and z11 ' -1The value in each territory, comfortable Montgomery is carried out the multiplying of territory, Montgomery respectively, and the x131 ' that obtains, the two value reentry point at affine coordinate system of y131 ' are added control submodule 801; Point is added x131 ' that control submodule 801 sends, y131 ', and the two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system, the x131 ' that obtains, the two value in finite field of y131 ' is turned back to a little to add control submodule 801;
The finite field submodule 803 of inverting is used for, and the z131 ' of input is carried out inversion operation in the value of finite field, with the z131 ' that obtains -1Send in the value of finite field and a little to add control submodule 801.
This shows that this point adds in the module, it is the control core that point adds the control submodule, the operation time sequence of each module of may command, in each intermodule Data transmission, reception and dateout.
This point adds module [s '] G and [t] PA of input is carried out point add operation, and the process that obtains operation result (coordinate (x1 ', y1 ')) is:
Point add the control submodule receive coordinate under affine coordinate system of [s '] G and [t] PA (x11 '; Y11 ') and (x12 ', y12 '), with the two convert into respectively coordinate under each comfortable projective coordinate system (x11 '; Y11 '; 1) and (x12 ', y12 ', 1); Then with x11 ', y11 ', 1 and x12 ', y12 ', 1 liang of group data send to territory conversion submodule respectively, make it these two groups of data are transformed to value x111 ', y111 ', z111 ' and x121 ', y121 ', the z121 ' in territory, Montgomery respectively;
Like this; Point adds the control submodule and just can the value x111 ' under these projective coordinate systems, y111 ', z111 ' and x121 ', y121 ', z121 ' be sent to the projection mooring points and add submodule; Make it under projective coordinate system, carry out point add operation to these two groups of data; Obtain the coordinate of [s '] G+ [t] PA under projective coordinate system (x131 ', y131 ', z131 ');
Next, point adds that the control submodule will do is to convert the coordinate of [s '] G+ [t] PA under projective coordinate system (x131 ', y131 ', z131 ') into coordinate under the affine coordinate system (x1 ', y1 '), sends to access control center 601.This transfer process comprises the steps:
Point adds the z131 ' of control submodule in will (x131 ', y131 ', z131 ') and sends to the finite field submodule of inverting in the value of finite field, to obtain the reciprocal value z131 ' of z131 ' -1Value in finite field;
Point adds the control submodule with z131 ' -1Value in finite field sends to territory conversion submodule, makes it with z131 ' -1Value transform in finite field is z131 ' -1Value in the territory, Montgomery;
Then, point adds x131 ', y131 ' and the z131 ' of control submodule in will (x131 ', y131 ', z131 ') -1Value in the territory, Montgomery sends to territory, Montgomery multiplication submodule, makes it at first to x131 ' and z11 ' -1Value, y131 ' and z11 ' in the territory, Montgomery -1Value in the territory, Montgomery is carried out the multiplying of territory, Montgomery respectively, obtains x131 ', the two value at affine coordinate system of y131 '; Then the two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system with x131 ', y131 ', obtains x131 ', the two value in finite field of y131 ';
At last, point adds the control submodule just can the two sends to the access control center in the value of finite field as (x1 ', y1 ') with x131 ', y131 ', has realized the point add operation to [s '] G and [t] PA.
Can be found out that by digital signature generation system shown in Figure 2 and digital signature authentication system shown in Figure 6 there is the identical module of some functions in the two, these modules comprise: point doubling module and cryptographic hash module.Since the present invention the digital signature generation system and the digital signature authentication system that will realize be used to guarantee the safety of data transmission between signer and authentication; Thereby communicating pair all will be equipped with a cover digital signature generation system; Also all to be equipped with a cover digital signature verification system; Generating we's digital signature, and checking the other side digital signature of sending.Therefore, can the identical module of function in two kinds of systems be merged, the digital signature that forms the first territory of a kind of p SM2 elliptic curve generates, the checking hybrid system.
Fig. 9 is that the digital signature of the first territory of p provided by the invention SM2 elliptic curve generates, the structure chart of checking hybrid system.The rank of the elliptic curve here are n, and base is G, and signer has PKI PA and private key dA.As shown in Figure 9, this system comprises: signature control centre 901, access control center 902, random number generation module 904, s generation module 905, cryptographic hash module 907, point doubling module 906, upper strata final election module 903, point add module 908; Cryptographic hash module 907 in this system, point doubling module 906 all have signature generate pattern and signature verification pattern; Wherein,
Signature control centre 901 is used for, and sends signature generate pattern signal to upper strata final election module 903; To treat that signature information m and signer Hash Value ZA splice, with the splicing message m that obtains ' send to cryptographic hash module 907 through upper strata final election module 903; Calculate r according to r=(e+x1) mod n; R is sent to s generation module 905; Under the situation of r=0, r+k=n or s=0, notice random number generation module 904 regenerates k; K is sent to s generation module 905; K is sent to point doubling module 906 through upper strata final election module 903; R and s are exported as the digital signature of m;
Access control center 902 is used for, and sends the signature verification mode signal to upper strata final election module 903; With the r ' that receives and s ' digital signature as the message M ' to be verified of digital signature generation system output; Judge r ' and s ' whether all 1 and (n-1) between; M ' and signer Hash Value ZA ' are spliced, the authentication splicing message
Figure BDA0000057887730000201
that obtains is sent to cryptographic hash module 907 through upper strata final election module 903; Confirm t according to t=(r '+s ') mod n, judge whether t is 0; S ' and t are sent to point doubling module 906 through upper strata final election module 903, and [s '] G that point doubling module 906 is returned sends to [t] PA and a little adds module 908; Confirm R, and judge whether R equates with r ' according to R=(e '+x1 ') mod n; Judge r ' not 1 and (n-1) between, s ' not 1 and (n-1) between, t is 0, during arbitrary situation in unequal of R and r ', the message that the output digital signature authentication is not passed through, when above-mentioned each situation does not all occur, the message that the output digital signature authentication is passed through;
Cryptographic hash module 907 is used for, and under the signature generate pattern, m ' is carried out the cryptographic hash computing, with the forwarding of the splicing message Hash Value e that generates through upper strata final election module 903, delivers to signature control centre 901; Under the signature verification pattern;
Figure BDA0000057887730000202
carried out the cryptographic hash computing; With the forwarding of the authentication splicing message Hash Value e ' that generates, deliver to access control center 902 through upper strata final election module 903;
Random number generation module 904 is used for, and the random number k that generates is sent to signature control centre 901;
Point doubling module 906 is used for, and under the signature generate pattern, G is carried out the k point doubling, and (x1 y1) as operation result [k] G, through the forwarding of upper strata final election module 903, delivers to signature control centre 901 with the coordinate that generates; Under the signature verification pattern, G is carried out s ' point doubling, with the forwarding of the operation result that obtains [s '] G, deliver to access control center 902 through upper strata final election module 903; PA is carried out the t point doubling,, deliver to access control center 902 forwarding of the operation result that obtains [t] PA through upper strata final election module 903;
S generation module 905 is used for, according to s=[(1+dA) -1(k-rdA)] mod n generates s, and the s that generates is sent to signature control centre 901;
Point adds module 908 and is used for, and [s '] G and [t] PA of input carried out point add operation, and operation result (x1 ', y1 ') is sent to access control center 902;
Upper strata final election module 903 is used for, and according to signature generate pattern signal, the mode of operation of cryptographic hash module 907, point doubling module 906 is confirmed as the signature generate pattern; According to the signature verification mode signal, the mode of operation of cryptographic hash module 907, point doubling module 906 is confirmed as the signature verification pattern.
This shows; This hybrid system is through being provided with upper strata final election module; Thereby carried out point doubling module and cryptographic hash module multiplexing; Promptly in this system, the part that point doubling module and cryptographic hash module promptly can be used as in the digital signature generation system is carried out work, and a part that can be used as again in the digital signature verification algorithm is carried out work.Two-way communication between signature control centre, access control center and this two multiplexing modules is transmitted by upper strata final election module respectively; The mode of operation that upper strata final election module is provided with these two multiplexing modules can be controlled in signature control centre, access control center, with its be set to respectively sign generate pattern and signature verification pattern.
Under the signature generate pattern; Signature control centre 901, random number generation module 904, s generation module 905, cryptographic hash module 907, point doubling module 906, upper strata final election module 903 have constituted the digital signature generation system of p unit territory SM2 elliptic curve jointly; If do not consider the data forwarding of upper strata final election module 903 and the function of definite mode of operation; With its removal; Signature control centre 901 is directly communicated with other four modules, and then this digital signature generation system is digital signature generation system shown in Figure 2.
Equally; Under the signature verification pattern; Access control center 902 in this hybrid system, cryptographic hash module 907, point doubling module 906, upper strata final election module 903, point add the digital signature authentication system that module 908 has constituted the first territory of a kind of p SM2 elliptic curve jointly; If do not consider the data forwarding of upper strata final election module 903 and the function of definite mode of operation, it to be removed, this digital signature authentication system is digital signature authentication system shown in Figure 6.
Hybrid system shown in Figure 9 is provided with a final election module, has promptly realized the multiplexing of cryptographic hash module and point doubling module, and therefore, the present invention has practiced thrift hardware resource greatly, has reduced area of chip, and this helps the miniaturization of this equipment and integrated.
Comparison diagram 3,4,7 and 8 can know that these modules further comprise the identical or close submodule of some functions, also can carry out according to the mode of Fig. 9 multiplexing, thereby further economize on hardware resource reduces chip area.
Figure 10 is that the digital signature of the first territory of p provided by the invention SM2 elliptic curve generates, the structure chart of the most preferred embodiment of checking hybrid system.Shown in figure 10; This system can regard as Fig. 3,4,7,8 and 9 comprehensive; Its except possess with Fig. 9 in the identical signature control centre 1001 of function, access control center 1002, upper strata final election module 1003, random number generation module 1004, cryptographic hash module 1007; Also further comprise lower floor's final election module 1010, be used to realize invert submodule 1013 and projection mooring points of territory conversion submodule 1011, territory, Montgomery multiplication submodule 1012, finite field added the multiplexing of submodule 1014.
This system comprises: add module shared territory conversion submodule 1011, territory, Montgomery multiplication submodule 1012, the finite field submodule 1013 of inverting by s generation module, point doubling module, point, added the shared projection mooring points of module and added submodule 1014 by point doubling module, point;
The s generation module comprises: s generates control submodule 1005; The point doubling module comprises: point doubling control submodule 1006, projective system two point doubling submodules 1009; Point adds module and comprises: point adds control submodule 1008;
S generates control submodule 1005 and is used for, and under the signature generate pattern, sends s generate pattern signal to lower floor's final election module 1010; The r of reception signature control centre 1001 outputs and k are in the value of finite field; (1+dA) sent to the finite field submodule 1013 of inverting in the value of finite field through lower floor's final election module 1010; With r, dA, (1+dA) -1Send to territory conversion submodule 1011 in the value of finite field through lower floor's final election module 1010 with k; The value in r and each territory, comfortable Montgomery of dA is sent to territory, Montgomery multiplication submodule 1012 through lower floor's final election module 1010; Carry out subtraction with value and its (rdA) that returns through lower floor's final election module 1010 of k in the value in territory, Montgomery, obtain (k-rdA) value in the territory, Montgomery in the territory, Montgomery; With (1+dA) -1(k-rdA) value in each territory, comfortable Montgomery sends to territory, Montgomery multiplication submodule 1012 through lower floor's final election module 1010, and with its through lower floor's final election module 1010 return [(1+dA) -1(k-rdA)] value and 1 at affine coordinate system sends to territory, Montgomery multiplication submodule 1012 through lower floor's final election module 1010 again; With s=[(1+dA) -1(k-rdA)] mod n sends to signature control centre 1001 at the value s of finite field;
Point doubling control submodule 1006 is used for, and under the signature generate pattern, sends point doubling signature Seize ACK message to lower floor's final election module 1010; (x y) converts coordinate (x2, y2,1) under the projective coordinate system into, and x2, y2,1 are sent to territory conversion submodule 1011 through lower floor's final election module 1010 with the coordinate of G under affine coordinate system; Will (x3, y3 is z3) as coordinate (x1, y1, z1) the initial value of [k] G in the territory, Montgomery; Confirm the binary bits length L of k; With the initial value of the inferior higher bit position in the binary form of k as its current bit; Inferior higher bit position from the binary form of k begins; Bit of each reduction till its lowest bit position, carries out (L-1) inferior interative computation as current bit; (z1 in z1) sends to territory, Montgomery multiplication submodule 1012 through lower floor's final election module 1010 for x1, y1 with the coordinate as a result of (L-1) inferior interative computation; The z1 that territory, Montgomery multiplication submodule 1012 is returned sends to the finite field submodule 1013 of inverting in the value of finite field through lower floor's final election module 1010; With the finite field z1 that submodule 1013 returns that inverts -1Value in finite field sends to territory conversion submodule 1011 through lower floor's final election module 1010; With the coordinate as a result of (L-1) inferior interative computation (x1, y1, x1, y1 and z1 in z1) -1Value in the territory, Montgomery sends to territory, Montgomery multiplication submodule 1012 through lower floor's final election module 1010, and its x1 that returns, the two value at affine coordinate system of y1 are sent to territory, Montgomery multiplication submodule 1012 with 1 through lower floor's final election module 1010 respectively; The x1 that territory, Montgomery multiplication submodule 1012 is returned, y1 the two (x1 y1) is forwarded to signature control centre 1001 through upper strata final election module 1003 at the coordinate of finite field as [k] G in the value of finite field; An interative computation wherein comprises: with current (x1; Y1; Z1) send to projective system two point doubling submodules 1009, be under the situation of binary one at current bit, the output coordinate that projective system two point doubling submodules 1009 are returned sends to the projection mooring points through lower floor's final election module 1010 and adds submodule 1014; Under the signature verification pattern, send point doubling checking Seize ACK message to lower floor's final election module 1010; With coordinate under affine coordinate system of G, PA (x2 '; Y2 '), (x5 ', y5 ') convert into respectively coordinate under the projective coordinate system (x3 ', y3 '; 1), (x6 '; Y6 ', 1), and respectively with x3 ', y3 ', 1 and x6 ', y6 ', 1 send to territory conversion submodule 1011 through lower floor's final election module 1010; Will (x4 ', y4 ', z4 ') and (x7 '; Y7 ', z7 ') sending to the projection mooring points through lower floor's final election module 1010 respectively adds submodule 1014, and with its respectively as [s '] G and [t] PA the coordinate in territory, Montgomery (x11 '; Y11 '; Z11 ') and the initial value of (x12 ', y12 ', z12 '); Confirm binary bits length L A and the LB of s ' and t respectively; Respectively with the inferior higher bit position in the binary form of LA and LB as the initial value of current bit separately; And begin from separately inferior higher bit position respectively; An each bit conduct current bit separately that reduces; Till lowest bit position separately, carry out (LA-1) and (LB-1) inferior interative computation respectively; Respectively with (LA-1) and (LB-1) z11 ' and the z12 ' among the coordinate as a result of inferior interative computation (x11 ', y11 ', z11 ') and (x12 ', y12 ', z12 ') send to territory, Montgomery multiplication submodule 1012 through lower floor's final election module 1010; Z11 ' that respectively territory, Montgomery multiplication submodule 1012 is returned and z12 ' send to the finite field submodule 1013 of inverting in the value of finite field through lower floor's final election module 1010; Respectively with the finite field z11 ' that submodule 1013 returns that inverts -1And z12 ' -1Value in finite field sends to territory conversion submodule 1011 through lower floor's final election module 1010; With x11 ', y11 ' and the z11 ' in the coordinate as a result of (LA-1) inferior interative computation (x11 ', y11 ', z11 ') -1Value in the territory, Montgomery sends to territory, Montgomery multiplication submodule 1012 through lower floor's final election module 1010, and its x11 ' that returns, the two value at affine coordinate system of y11 ' are sent to territory, Montgomery multiplication submodule 1012 with 1 through lower floor's final election module 1010 respectively; With x12 ', y12 ' and the z12 ' in the coordinate as a result of (LB-1) inferior interative computation (x12 ', y12 ', z12 ') -1Value in the territory, Montgomery sends to territory, Montgomery multiplication submodule 1012 through lower floor's final election module 1010, and its x12 ' that returns, the two value at affine coordinate system of y12 ' are sent to territory, Montgomery multiplication submodule 1012 with 1 through lower floor's final election module 1010 respectively; The two sends to access control center 1002 at the coordinate of finite field (x11 ', y11 ') through upper strata final election module 1003 as [s '] G in the value of finite field the x11 ' that territory, Montgomery multiplication submodule 1012 is returned, y11 '; The two sends to access control center 1002 at the coordinate of finite field (x12 ', y12 ') through upper strata final election module 1003 as [t] PA in the value of finite field the x12 ' that territory, Montgomery multiplication submodule 1012 is returned, y12 '; An interative computation wherein comprises: respectively with the coordinate of [s '] G and [t] PA (x11 '; Y11 '; Z11 '), the currency of (x12 ', y12 ', z12 ') sends to projective system two point doubling submodules 1009, is under the situation of binary one at the current bit of s '; With projective system two point doubling submodules 1009 return (x11 '; Y11 ', z11 ') currency sends to the projection mooring points through lower floor's final election module 1010 and adds submodule 1014, is under the situation of binary one at the current bit of t, with projective system two point doubling submodules 1009 return (x12 '; Y12 ', z12 ') currency sends to the projection mooring points through lower floor's final election module 1010 and adds submodule 1014;
Projective system two point doubling submodules 1009 are used for, and under the signature generate pattern, input coordinate are carried out two point doublings, and operation result is back to point doubling control submodule 1006 as output coordinate; Under the signature verification pattern, to the coordinate of [s '] G and [t] PA of input (x11 ', y11 '; Z11 '), the currency of (x12 ', y12 ', z12 ') carries out two point doublings respectively; With operation result respectively as (x11 ', y11 ', z11 ') and (x12 '; Y12 ', z12 ') currency is back to point doubling control submodule 1006;
Point adds control submodule 1008 and is used for, and sends point to lower floor's final election module 1010 and adds mode signal; Coordinate under affine coordinate system of [s '] G that Receipt Validation control centre 1002 sends and [t] PA (x11 ', y11 ') and (x12 ', y12 '); With the two convert into respectively coordinate under each comfortable projective coordinate system (x11 '; Y11 ', 1) and (x12 ', y12 '; 1), and with x11 ', y11 ', 1 and x12 ', y12 ', 1 send to territory conversion submodule 1011 through lower floor's final election module 1010; With the territory change x11 ' that submodule 1011 returns, y11 ', 1 and x12 ', y12 ', 1 value x111 ', y111 ', z111 ' and x121 ', y121 ', z121 ' in the territory, Montgomery send to the projection mooring points through lower floor's final election module 1010 and add submodule 1014; The z131 ' that the projection mooring points is added in the coordinate under projective coordinate system of [s '] G+ [t] PA that submodule 1014 returns (x131 ', y131 ', z131 ') sends to territory, Montgomery multiplication submodule 1012 through lower floor's final election module 1010; The z131 ' that territory, Montgomery multiplication submodule 1012 is returned sends to the finite field submodule 1013 of inverting in the value of finite field through lower floor's final election module 1010; With the finite field z131 ' that submodule 1013 returns that inverts -1Value in finite field sends to territory conversion submodule 1011 through lower floor's final election module 1010; With x131 ', y131 ' and the z131 ' in the coordinate of [s '] G+ [t] PA under projective coordinate system (x131 ', y131 ', z131 ') -1Value in the territory, Montgomery sends to territory, Montgomery multiplication submodule 1012 through lower floor's final election module 1010, and its x131 ' that returns, the two value at affine coordinate system of y131 ' are sent to territory, Montgomery multiplication submodule 1012 with 1 through lower floor's final election module 1010 respectively; The two sends to access control center 1002 in the value of finite field as (x1 ', y1 ') x131 ' that territory, Montgomery multiplication submodule 1012 is returned, y131 ';
Lower floor's final election module 1010 is used for; According to s generate pattern signal; The invert mode of operation of submodule 1013 of submodule 1011, territory, Montgomery multiplication submodule 1012, finite field is changed in the territory confirmed as the s generate pattern, and the return information of each module is forwarded to s generates control submodule 1005; According to point doubling signature Seize ACK message, invert mode of operation that submodule 1013, projection mooring points add submodule 1014 of submodule 1011, territory, Montgomery multiplication submodule 1012, finite field is changed in the territory confirmed as the point doubling signature and take pattern; According to point doubling checking Seize ACK message, invert mode of operation that submodule 1013, projection mooring points add submodule 1014 of submodule 1011, territory, Montgomery multiplication submodule 1012, finite field is changed in the territory confirmed as the point doubling checking and take pattern; Add mode signal according to point, invert mode of operation that submodule 1013, projection mooring points add submodule 1014 of submodule 1011, territory, Montgomery multiplication submodule 1012, finite field is changed in the territory confirmed as and a little add pattern;
Territory conversion submodule 1011 is used for, under the s generate pattern, with (1+dA) -1, r, dA and k convert the value in each territory, comfortable Montgomery respectively in the value of finite field, be forwarded to s through lower floor's final election module 1010 and generate control submodule 1005; Take under the pattern at the point doubling signature, convert x2, y2,1 value value x3, y3, the z3 of each territory, comfortable Montgomery into respectively, and it is returned point doubling through lower floor's final election module 1010 control submodule 1006 in finite field; With z1 -1Value in finite field converts its value in the territory, Montgomery into, and it is returned point doubling control submodule 1006 through lower floor's final election module 1010; Take under the pattern in the point doubling checking; Respectively with x3 ', y3 ', 1 and x6 ', y6 ', 1 value in finite field convert value x4 ', y4 ', z4 ' and x7 ', y7 ', the z7 ' in each territory, comfortable Montgomery into, and it is returned point doubling control submodule 1006 through lower floor's final election module 1010; Respectively with z11 ' -1And z12 ' -1Value in finite field converts its value in the territory, Montgomery into, and it is returned point doubling control submodule 1006 through lower floor's final election module 1010; Add under the pattern at point; Respectively with x11 ', y11 ', 1 and x12 ', y12 ', 1 value in finite field convert value x111 ', y111 ', z111 ' and x121 ', y121 ', the z121 ' in each territory, comfortable Montgomery into, and it is added control submodule 1008 through lower floor's final election module 1010 reentry points; With z131 ' -1Value in finite field converts its value in the territory, Montgomery into, and with z131 ' -1Value in the territory, Montgomery adds control submodule 1008 through lower floor's final election module 1010 reentry points;
Territory, Montgomery multiplication submodule 1012 is used for; Under the s generate pattern; The two carries out the multiplying of territory, Montgomery in the value in territory, Montgomery to r and dA, (rdA) that obtain is returned s in the value in territory, Montgomery through lower floor's final election module 1010 generate control submodule 1005; With (1+dA) -1(k-rdA) the two carries out the multiplying of territory, Montgomery in the value in territory, Montgomery, with obtain [(1+dA) -1(k-rdA)] return s in the value of affine coordinate system through lower floor's final election module 1010 and generate control submodule 1005; To [(1+dA) -1(k-rdA)] carry out the multiplying of territory, Montgomery in the value and 1 of affine coordinate system, [(1+dA) with the s=that obtains -1(k-rdA)] mod n is forwarded to s at the value s of finite field through lower floor's final election module 1010 and generates control submodule 1005; Here, because to (1+dA) -1(k-rdA) the two territory, Montgomery multiplying of carrying out in the value in territory, Montgomery obtain for product [(1+dA) -1(k-rdA)] in the value of finite field, thereby [(1+dA) -1(k-rdA)] inevitable less than n, i.e. this computing has comprised asks modular arithmetic, thereby need not [(1+dA) -1(k-rdA)] carry out the modular arithmetic of asking, be s=[(1+dA) n -1(k-rdA)] mod n is at the value s of finite field; Take under the pattern at the point doubling signature, z1 and 1 is carried out the multiplying of territory, Montgomery, the z1 that obtains is sent to point doubling control submodule 1006 in the value of finite field through lower floor's final election module 1010; To x1 and z1 -1Value, y1 and the z1 in each territory, comfortable Montgomery -1The value in each territory, comfortable Montgomery is carried out the multiplying of territory, Montgomery respectively, and the two returns point doubling control submodule 1006 in the value of affine coordinate system through lower floor's final election module 1010 with the x1 that obtains, y1; The two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system with x1, y1, and the x1 that obtains, the two value in finite field of y1 are turned back to point doubling control submodule 1006 through lower floor's final election module 1010; Take under the pattern in the point doubling checking, z11 ' and 1 is carried out the multiplying of territory, Montgomery, the z11 ' that obtains is sent to point doubling control submodule 1006 in the value of finite field through lower floor's final election module 1010; Z12 ' and 1 is carried out the multiplying of territory, Montgomery, the z12 ' that obtains is sent to point doubling control submodule 1006 in the value of finite field through lower floor's final election module 1010; To x11 ' and z11 ' -1The two value, y11 ' and z11 ' in the territory, Montgomery -1The two carries out the multiplying of territory, Montgomery respectively in the value in territory, Montgomery, and the two returns point doubling control submodule 1006 in the value of affine coordinate system through lower floor's final election module 1010 with the x11 ' that obtains, y11 '; The two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system with x11 ', y11 ', and the x11 ' that obtains, the two value in finite field of y11 ' are turned back to point doubling control submodule 1006 through lower floor's final election module 1010; To x12 ' and z12 ' -1The two value, y12 ' and z12 ' in the territory, Montgomery -1The two carries out the multiplying of territory, Montgomery respectively in the value in territory, Montgomery, and the two returns point doubling control submodule 1006 in the value of affine coordinate system through lower floor's final election module 1010 with the x12 ' that obtains, y12 '; The two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system with x12 ', y12 ', and the x12 ' that obtains, the two value in finite field of y12 ' are turned back to point doubling control submodule 1006 through lower floor's final election module 1010; Add under the pattern at point, the z131 ' and 1 of input is carried out the multiplying of territory, Montgomery, the z131 ' that obtains is sent to a little to add through lower floor's final election module 1010 in the value of finite field control submodule 1008; To x131 ' and z11 ' -1The two value, y131 ' and z11 ' in the territory, Montgomery -1The two carries out the multiplying of territory, Montgomery respectively in the value in territory, Montgomery, and the x131 ' that obtains, the two value at affine coordinate system of y131 ' are added control submodule 1008 through lower floor's final election module 1010 reentry points; The two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system with x131 ', y131 ', and the x131 ' that obtains, the two value in finite field of y131 ' are turned back to through lower floor's final election module 1010 and a little add control submodule 1008;
The finite field submodule 1013 of inverting is used for, and under the s generate pattern, (1+dA) is carried out inversion operation in the value of finite field, with (1+dA) that obtain -1Value in finite field is forwarded to s generation control submodule 1005 through lower floor's final election module 1010; Take under the pattern at the point doubling signature, z1 is carried out inversion operation in the value of finite field, the z1 that obtains -1Value in finite field sends to point doubling control submodule 1006 through lower floor's final election module 1010; Take under the pattern in the point doubling checking, respectively z11 ' and z12 ' are carried out inversion operation in the value of finite field, the z11 ' that obtains -1And z12 ' -1Value in finite field sends to point doubling control submodule 1006 through lower floor's final election module 1010; Add under the pattern at point, the z131 ' that imports is carried out inversion operation in the value of finite field, the z131 ' that obtains -1Send to through lower floor's final election module 1010 in the value of finite field and a little to add control submodule 1008;
The projection mooring points adds submodule 1014 and is used for, take under the pattern at point doubling signature, with input coordinate with (x3, y3 z3) carry out point add operation, and operation result is sent to point doubling control submodule 1006 through lower floor's final election module 1010; Take under the pattern in point doubling checking, with input (x11 ', y11 '; Z11 ') currency with (x4 '; Y4 ', z4 ') carry out point add operation, with operation result as new (x11 '; Y11 ', z11 ') currency sends to point doubling control submodule 1006 through lower floor's final election module 1010; With the currency of (x12 ', y12 ', z12 ') of input with (x7 '; Y7 ', z7 ') carry out point add operation, with operation result as new (x12 '; Y12 ', z12 ') currency sends to point doubling control submodule 1006 through lower floor's final election module 1010; Add under the pattern at point; X111 ', y111 ', z111 ' and x121 ', y121 ', the z121 ' of input are carried out point add operation; With operation result as the coordinate of [s '] G+ [t] PA under projective coordinate system (x131 '; Y131 ', z131 ') sends to through lower floor's final election module 1010 and a little add control submodule 1008.
Can find out by Figure 10; The present invention is through being provided with lower floor's final election module; Realized that s generates control submodule, point doubling control submodule, point and adds the control submodule submodule, territory, Montgomery multiplication submodule, finite field the multiplexing of submodule of inverting changed in the territory, realized that also point doubling control submodule, point add the control submodule projection mooring points is added the multiplexing of submodule.These multiplexing resource consumptions that significantly reduce system hardware also greatly reduce the area of hardware.
It is pointed out that two point doublings of the present invention, data from finite field be transformed into the territory, Montgomery, data are prior art by the technology that affine coordinate system converts projective coordinate system into, its calculating process is not specifically described at this.
This shows that the present invention has the following advantages:
(1) among the present invention, because message m can be spliced with treating that signature information m and signer Hash Value ZA are spliced in signature control centre ', by the cryptographic hash module it is carried out the hash computing; Obtain splicing message Hash Value e, the random number generation module generates random number k, and the point doubling module is carried out the k point doubling to the basic G of elliptic curve; The generation coordinate (x1, y1), like this; Signature control centre can obtain r according to r=(e+x1) mod n, if this r satisfies r=0 and r+k=0 all is false, then this r is the signature section in the digital signature of m; Otherwise signature control centre notice random number generation module regenerates random number k; The s generation module can be according to s=[(1+dA) -1(k-rdA)] mod n generates s, and under the invalid situation of s=0, this s is No. two signature sections in the digital signature of m.Like this, signature control centre can export r and s as the digital signature of m.Therefore, the enough hardware of signature control centre, cryptographic hash module, random number generation module, point doubling module, s generation module that comprise of the present invention's ability is realized the Digital Signature Algorithm in the SM2 ellipse curve public key cipher algorithm.
(2) because system provided by the invention can realize the Digital Signature Algorithm the SM2 ellipse curve public key cipher algorithm from hardware, thereby arithmetic speed realizes more quick, also safer than software.
(3) because system provided by the invention can realize the Digital Signature Algorithm the SM2 ellipse curve public key cipher algorithm from hardware; The available amount of calculation littler than prior art, faster speed, littler keys sizes, lower bandwidth guarantee data transmission safety, thereby the present invention has broad application prospects.
(4) the present invention carries out s and generates and point doubling under projective coordinate system, in the territory, Montgomery, can improve arithmetic speed, improves the efficient that digital signature generates.
(5) the present invention is through being provided with two final election modules, the system that realized multiplexing to a plurality of hardware submodules, and therefore, the present invention has practiced thrift hardware resource greatly, has reduced area of chip, and this helps the miniaturization of this equipment and integrated.
The above is merely preferred embodiment of the present invention, and is in order to restriction the present invention, not all within spirit of the present invention and principle, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (8)

1. the digital signature generation system of p unit territory SM2 elliptic curve, said digital signature comprises a signature section r and No. two signature section s; It is characterized in that this system comprises: signature control centre, cryptographic hash module, random number generation module, point doubling module, s generation module; Wherein,
Said signature control centre is used for, and will treat that signature information m and signer Hash Value ZA splice, with the splicing message m that obtains ' send to said cryptographic hash module; Calculate r according to r=(e+x1) mod n; R is sent to said s generation module; Under the situation of r=0, r+k=n or s=0, notify said random number generation module to regenerate k; K is sent to said point doubling module, s generation module; R and s are exported as the digital signature of m;
Said cryptographic hash module is used for, and m ' is carried out the cryptographic hash computing, and the splicing message Hash Value e that generates is sent to said signature control centre;
Said random number generation module is used for, and the random number k that generates is sent to said signature control centre;
Said point doubling module is used for, and the basic G of said elliptic curve is carried out the k point doubling, and (x1 y1) sends to said signature control centre as operation result [k] G with the coordinate that generates;
Said s generation module is used for, according to s=[(1+dA) -1(k-rdA)] mod n generates s, and the s that generates is sent to said signature control centre;
Wherein, n is the rank of said elliptic curve, and dA is the private key of signer.
2. system according to claim 1 is characterized in that, said s generation module comprises: s generates control submodule, territory conversion submodule, territory, Montgomery multiplication submodule, the finite field submodule of inverting;
Said s generates the control submodule and is used for, and receives r and the k of the transmission of the said signature control centre value in finite field; (1+dA) sent to the said finite field submodule of inverting in the value of finite field; With r, dA, k, (1+dA) -1Value in finite field sends to said territory conversion submodule; The value in r and each territory, comfortable Montgomery of dA is sent to territory, said Montgomery multiplication submodule, and (rdA) that return with it in the value in territory, Montgomery with k carries out subtraction in the value in territory, Montgomery, obtains (k-rdA) value in the territory, Montgomery; With (1+dA) -1(k-rdA) value in each territory, comfortable Montgomery sends to territory, said Montgomery multiplication submodule, and with its return [(1+dA) -1(k-rdA)] value and 1 at affine coordinate system sends to territory, said Montgomery multiplication submodule; With s=[(1+dA) -1(k-rdA)] mod n sends to said signature control centre at the value s of finite field;
Said territory conversion submodule is used for, with (1+dA) -1, r, dA and k convert the value in each territory, comfortable Montgomery respectively in the value of finite field, send to said s and generate the control submodule;
Territory, said Montgomery multiplication submodule is used for, and the two carries out the multiplying of territory, Montgomery in the value in territory, Montgomery to r and dA, (rdA) that obtain is returned said s in the value in territory, Montgomery generate the control submodule; With (1+dA) -1(k-rdA) the two carries out the multiplying of territory, Montgomery in the value in territory, Montgomery, with obtain [(1+dA) -1(k-rdA)] return said s in the value of affine coordinate system and generate the control submodule; To [(1+dA) -1(k-rdA)] carry out the multiplying of territory, Montgomery in the value and 1 of affine coordinate system, [(1+dA) with the s=that obtains -1(k-rdA)] mod n sends to said s at the value s of finite field and generates the control submodule;
The said finite field submodule of inverting is used for, and (1+dA) is carried out inversion operation in the value of finite field, with (1+dA) that obtain -1Value in finite field sends to said s generation control submodule.
3. system according to claim 1 and 2; It is characterized in that said point doubling module comprises: point doubling control submodule, territory conversion submodule, territory, Montgomery multiplication submodule, projection mooring points add submodule, projective system two point doubling submodules, the finite field submodule of inverting; Wherein,
Said point doubling control submodule is used for, and (x y) converts coordinate (x2, y2,1) under the projective coordinate system into, and x2, y2,1 are sent to said territory changes submodule with the coordinate of G under affine coordinate system; Will (x3, y3 is z3) as coordinate (x1, y1, z1) the initial value of [k] G in the territory, Montgomery; Confirm the binary bits length L of k; With the initial value of the inferior higher bit position in the binary form of k as its current bit; Inferior higher bit position from the binary form of said k begins; Bit of each reduction till its lowest bit position, carries out (L-1) inferior interative computation as current bit; (z1 in z1) sends to territory, said Montgomery multiplication submodule for x1, y1 with the coordinate as a result of said (L-1) inferior interative computation; The z1 that territory, said Montgomery multiplication submodule is returned sends to the said finite field submodule of inverting in the value of finite field; With the said finite field z1 that submodule returns that inverts -1Value in finite field sends to said territory conversion submodule; With the coordinate as a result of said (L-1) inferior interative computation (x1, y1, x1, y1 and z1 in z1) -1The value in each territory, comfortable Montgomery sends to territory, said Montgomery multiplication submodule, and its x1 that returns, the two value at affine coordinate system of y1 are sent to territory, said Montgomery multiplication submodule with 1 respectively; The x1 that territory, said Montgomery multiplication submodule is returned, y1 the two (x1 y1) sends to said signature control centre at the coordinate of finite field as [k] G in the value of finite field; Once described interative computation wherein comprises: with current (x1; Y1; Z1) send to said projective system two point doubling submodules, be under the situation of binary one at said current bit, the output coordinate that said projective system two point doubling submodules are returned sends to said projection mooring points and adds submodule;
Said territory conversion submodule is used for, and converts x2, y2,1 value in finite field value x3, y3, the z3 of each territory, comfortable Montgomery into respectively, and it is returned said point doubling control submodule; With z1 -1Value in finite field converts its value in the territory, Montgomery into, and it is returned said point doubling control submodule;
Said projection mooring points adds submodule and is used for, with input coordinate with (x3, y3 z3) carry out point add operation, and operation result is sent to said point doubling control submodule;
Said projective system two point doubling submodules are used for, and input coordinate is carried out two point doublings, and operation result is back to said point doubling control submodule as output coordinate;
Territory, said Montgomery multiplication submodule is used for, and z1 and 1 is carried out the multiplying of territory, Montgomery, and the z1 that obtains is sent to said point doubling control submodule in the value of finite field; To x1 and z1 -1The two value, y1 and z1 in the territory, Montgomery -1The two carries out the multiplying of territory, Montgomery respectively in the value in territory, Montgomery, and the two returns said point doubling control submodule in the value of affine coordinate system with the x1 that obtains, y1; The two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system the x1 that said point doubling control submodule is sent, y1, and the x1 that obtains, the two value in finite field of y1 are turned back to said point doubling control submodule;
The said finite field submodule of inverting is used for, and z1 is carried out inversion operation in the value of finite field, with the z1 that obtains -1Value in finite field sends to said point doubling control submodule.
4. the digital signature authentication system of p unit territory SM2 elliptic curve; This system is used for the digital signature of verifying that the described digital signature generation system of the arbitrary claim of claim 1-3 is generated; It is characterized in that this system comprises: access control center, cryptographic hash module, point doubling module, point add module; Wherein,
Said access control center is used for, with the r ' that receives and the s ' digital signature as the message M ' to be verified of said digital signature generation system output; Judge r ' and s ' whether all 1 and (n-1) between; M ' and signer Hash Value ZA ' are spliced, the authentication splicing message
Figure FDA0000057887720000031
that obtains is sent to said cryptographic hash module; Confirm t according to t=(r '+s ') mod n, judge whether t is 0; S ' and t are sent to said point doubling module, and [s '] G that said point doubling module is returned sends to said point with [t] PA and adds module; Confirm R, and judge whether R equates with r ' according to R=(e '+x1 ') mod n; Judge r ' not 1 and (n-1) between, s ' not 1 and (n-1) between, t is 0, during arbitrary situation in unequal of R and r ', the message that the output digital signature authentication is not passed through, when above-mentioned each situation does not all occur, the message that the output digital signature authentication is passed through; Wherein, n is the rank of said elliptic curve;
Said cryptographic hash module is used for;
Figure FDA0000057887720000032
carried out the cryptographic hash computing, the authentication splicing message Hash Value e ' that generates is sent to said access control center;
Said point doubling module is used for, and the basic G of said elliptic curve is carried out s ' point doubling, and G sends to said access control center with the operation result that obtains [s ']; PKI PA to signer carries out the t point doubling, and PA sends to said access control center with the operation result that obtains [t];
Said point adds module and is used for, and [s '] G and [t] PA of input carried out point add operation, and operation result (x1 ', y1 ') is sent to said access control center.
5. system according to claim 4; It is characterized in that said point doubling module comprises: point doubling control submodule, territory conversion submodule, territory, Montgomery multiplication submodule, projection mooring points add submodule, projective system two point doubling submodules, the finite field submodule of inverting; Wherein,
Said point doubling control submodule is used for, with coordinate under affine coordinate system of G, PA (x2 ', y2 '), (x5 '; Y5 ') convert into respectively coordinate under the projective coordinate system (x3 '; Y3 ', 1), (x6 ', y6 '; 1), and respectively with x3 ', y3 ', 1 and x6 ', y6 ', 1 send to said territory conversion submodule; Will (x4 ', y4 ', z4 ') and (x7 ', y7 '; Z7 ') send to said projection mooring points respectively and add submodule, and with its respectively as [s '] G and [t] PA the coordinate in territory, Montgomery (x11 ', y11 '; Z11 ') and the initial value of (x12 ', y12 ', z12 '); Confirm binary bits length L A and the LB of s ' and t respectively; Respectively with the inferior higher bit position in the binary form of LA and LB as the initial value of current bit separately; And begin from separately inferior higher bit position respectively; An each bit conduct current bit separately that reduces; Till lowest bit position separately, carry out (LA-1) and (LB-1) inferior interative computation respectively; Respectively with said (LA-1) and (LB-1) z11 ' and the z12 ' among the coordinate as a result of inferior interative computation (x11 ', y11 ', z11 ') and (x12 ', y12 ', z12 ') send to territory, said Montgomery multiplication submodule; Z11 ' that respectively territory, said Montgomery multiplication submodule is returned and z12 ' send to the said finite field submodule of inverting in the value of finite field; Respectively with the said finite field z11 ' that submodule returns that inverts -1And z12 ' -1Value in finite field sends to said territory conversion submodule; With x11 ', y11 ' and the z11 ' in the coordinate as a result of said (LA-1) inferior interative computation (x11 ', y11 ', z11 ') -1Value in the territory, Montgomery sends to territory, said Montgomery multiplication submodule, and its x11 ' that returns, the two value at affine coordinate system of y11 ' are sent to territory, said Montgomery multiplication submodule with 1 respectively; With x12 ', y12 ' and the z12 ' in the coordinate as a result of said (LB-1) inferior interative computation (x12 ', y12 ', z12 ') -1Value in the territory, Montgomery sends to territory, said Montgomery multiplication submodule, and its x12 ' that returns, the two value at affine coordinate system of y12 ' are sent to territory, said Montgomery multiplication submodule with 1 respectively; The two sends to said access control center as [s '] G at the coordinate of finite field (x11 ', y11 ') in the value of finite field the x11 ' that territory, said Montgomery multiplication submodule is returned, y11 '; The two sends to said access control center as [t] PA at the coordinate of finite field (x12 ', y12 ') in the value of finite field the x12 ' that territory, said Montgomery multiplication submodule is returned, y12 '; Once described interative computation wherein comprises: respectively with the coordinate of [s '] G and [t] PA (x11 ', y11 ', z11 '), (x12 '; Y12 '; Z12 ') currency sends to said projective system two point doubling submodules, be under the situation of binary one at the current bit of s ', with said projective system two point doubling submodules return (x11 ', y11 '; Z11 ') currency sends to said projection mooring points and adds submodule, is under the situation of binary one at the current bit of t; The currency of (x12 ', y12 ', z12 ') that said projective system two point doubling submodules are returned sends to said projection mooring points and adds submodule;
Said territory conversion submodule is used for; Respectively with x3 ', y3 ', 1 and x6 ', y6 ', 1 value in finite field convert value x4 ', y4 ', z4 ' and x7 ', y7 ', the z7 ' in each territory, comfortable Montgomery into, and it is returned said point doubling control submodule; Respectively with z11 ' -1And z12 ' -1Value in finite field converts its value in the territory, Montgomery into, and it is returned said point doubling control submodule;
Said projection mooring points adds submodule and is used for, with the input (x11 ', y11 '; Z11 ') currency carries out point add operation with (x4 ', y4 ', z4 '); Operation result is sent to said point doubling control submodule as the currency of new (x11 ', y11 ', z11 '); The currency of (x12 ', y12 ', z12 ') of input is carried out point add operation with (x7 ', y7 ', z7 '), operation result is sent to said point doubling control submodule as the currency of new (x12 ', y12 ', z12 ');
Said projective system two point doubling submodules are used for, to the coordinate of [s '] G and [t] PA of input (x11 ', y11 '; Z11 '), the currency of (x12 ', y12 ', z12 ') carries out two point doublings respectively; With operation result respectively as (x11 ', y11 ', z11 ') and (x12 '; Y12 ', z12 ') currency is back to said point doubling control submodule;
Territory, said Montgomery multiplication submodule is used for, and z11 ' and 1 is carried out the multiplying of territory, Montgomery, and the z11 ' that obtains is sent to said point doubling control submodule in the value of finite field; Z12 ' and 1 is carried out the multiplying of territory, Montgomery, the z12 ' that obtains is sent to said point doubling control submodule in the value of finite field; To x11 ' and z11 ' -1The value in each territory, comfortable Montgomery, y11 ' and z11 ' -1The value in each territory, comfortable Montgomery is carried out the multiplying of territory, Montgomery respectively, and the two returns said point doubling control submodule in the value of affine coordinate system with the x11 ' that obtains, y11 '; The two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system the x11 ' that said point doubling control submodule is sent, y11 ', and the x11 ' that obtains, the two value in finite field of y11 ' are turned back to said point doubling control submodule; To x12 ' and z12 ' -1The two value, y12 ' and z12 ' in the territory, Montgomery -1The two carries out the multiplying of territory, Montgomery respectively in the value in territory, Montgomery, and the two returns said point doubling control submodule in the value of affine coordinate system with the x12 ' that obtains, y12 '; The two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system the x12 ' that said point doubling control submodule is sent, y12 ', and the x12 ' that obtains, the two value in finite field of y12 ' are turned back to said point doubling control submodule;
The said finite field submodule of inverting is used for, and respectively z11 ' and z12 ' is carried out inversion operation in the value of finite field, with the z11 ' that obtains -1And z12 ' -1Value in finite field sends to said point doubling control submodule.
6. system according to claim 4 is characterized in that, said point adds module and comprises: point adds control submodule, territory conversion submodule, projection mooring points and adds submodule, territory, Montgomery multiplication submodule, the finite field submodule of inverting; Wherein,
Said point adds the control submodule and is used for, receive coordinate under affine coordinate system of [s '] G of sending at said access control center and [t] PA (x11 ', y11 ') and (x12 '; Y12 '), with the two convert into respectively coordinate under each comfortable projective coordinate system (x11 ', y11 '; 1) and (x12 '; Y12 ', 1), and with x11 ', y11 ', 1 and x12 ', y12 ', 1 send to said territory conversion submodule; The x11 ' that said territory conversion submodule is returned, y11 ', 1 and x12 ', y12 ', 1 value x111 ', y111 ', z111 ' and x121 ', y121 ', z121 ' in the territory, Montgomery send to said projection mooring points and add submodule; The z131 ' that said projection mooring points is added in the coordinate under projective coordinate system of [s '] G+ [t] PA that submodule returns (x131 ', y131 ', z131 ') sends to territory, said Montgomery multiplication submodule; The z131 ' that territory, said Montgomery multiplication submodule is returned sends to the said finite field submodule of inverting in the value of finite field; With the said finite field z131 ' that submodule returns that inverts -1Value in finite field sends to said territory conversion submodule; With x131 ', y131 ' and the z131 ' in the coordinate of [s '] G+ [t] PA under projective coordinate system (x131 ', y131 ', z131 ') -1Value in the territory, Montgomery sends to territory, said Montgomery multiplication submodule, and its x131 ' that returns, the two value at affine coordinate system of y131 ' are sent to territory, said Montgomery multiplication submodule with 1 respectively; The two sends to said access control center in the value of finite field as (x1 ', y1 ') x131 ' that territory, said Montgomery multiplication submodule is returned, y131 ';
Said territory conversion submodule is used for; Respectively with x11 ', y11 ', 1 and x12 ', y12 ', 1 value in finite field convert value x111 ', y111 ', z111 ' and x121 ', y121 ', the z121 ' in each territory, comfortable Montgomery into, and it returned said point add the control submodule; With z131 ' -1Value in finite field converts its value in the territory, Montgomery into, and with z131 ' -1Return said point in the value in territory, Montgomery and add the control submodule;
Said projection mooring points adds submodule and is used for; X111 ', y111 ', z111 ' and x121 ', y121 ', the z121 ' of input are carried out point add operation; With operation result as the coordinate of [s '] G+ [t] PA under projective coordinate system (x131 '; Y131 ', z131 ') sending to said point adds the control submodule;
Territory, said Montgomery multiplication submodule is used for, and the z131 ' and 1 of input is carried out the multiplying of territory, Montgomery, the z131 ' that obtains is sent to said point in the value of finite field add the control submodule; To x131 ' and z11 ' -1The value in each territory, comfortable Montgomery, y131 ' and z11 ' -1The value in each territory, comfortable Montgomery is carried out the multiplying of territory, Montgomery respectively, and the two returns said point in the value of affine coordinate system and adds the control submodule with the x131 ' that obtains, y131 '; Said point is added x131 ' that the control submodule sends, y131 ', and the two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system, the x131 ' that obtains, the two value in finite field of y131 ' is turned back to said point add the control submodule;
The said finite field submodule of inverting is used for, and the z131 ' of input is carried out inversion operation in the value of finite field, with the z131 ' that obtains -1Send to said point in the value of finite field and add the control submodule.
7. the digital signature of a p unit territory SM2 elliptic curve generates, verifies hybrid system, and the rank of said elliptic curve are n, and base is G, and signer has PKI PA and private key dA; It is characterized in that this system comprises: signature control centre, access control center, random number generation module, s generation module, cryptographic hash module, point doubling module, upper strata final election module, point add module; Said cryptographic hash module, point doubling module all have signature generate pattern and signature verification pattern; Wherein,
Said signature control centre is used for, and sends signature generate pattern signal to said upper strata final election module; To treat that signature information m and signer Hash Value ZA splice, with the splicing message m that obtains ' send to said cryptographic hash module through said upper strata final election module; Calculate r according to r=(e+x1) mod n; R is sent to said s generation module; Under the situation of r=0, r+k=n or s=0, notify said random number generation module to regenerate k; K is sent to said s generation module; K is sent to said point doubling module through said upper strata final election module; R and s are exported as the digital signature of m;
Said access control center is used for, and sends the signature verification mode signal to said upper strata final election module; With the r ' that receives and s ' digital signature as the message M ' to be verified of said digital signature generation system output; Judge r ' and s ' whether all 1 and (n-1) between; M ' and signer Hash Value ZA ' are spliced, the authentication splicing message
Figure FDA0000057887720000071
that obtains is sent to said cryptographic hash module through said upper strata final election module; Confirm t according to t=(r '+s ') mod n, judge whether t is 0; S ' and t are sent to said point doubling module through said upper strata final election module, and [s '] G that said point doubling module is returned sends to said point with [t] PA and adds module; Confirm R, and judge whether R equates with r ' according to R=(e '+x1 ') mod n; Judge r ' not 1 and (n-1) between, s ' not 1 and (n-1) between, t is 0, during arbitrary situation in unequal of R and r ', the message that the output digital signature authentication is not passed through, when above-mentioned each situation does not all occur, the message that the output digital signature authentication is passed through;
Said cryptographic hash module is used for, and under said signature generate pattern, m ' is carried out the cryptographic hash computing, with the forwarding of the splicing message Hash Value e that generates through said upper strata final election module, delivers to said signature control centre; Under said signature verification pattern;
Figure FDA0000057887720000072
carried out the cryptographic hash computing; With the forwarding of the authentication splicing message Hash Value e ' that generates, deliver to said access control center through said upper strata final election module;
Said random number generation module is used for, and the random number k that generates is sent to said signature control centre;
Said point doubling module is used for, and under said signature generate pattern, G is carried out the k point doubling, and (x1 y1) as operation result [k] G, through the forwarding of said upper strata final election module, delivers to said signature control centre with the coordinate that generates; Under said signature verification pattern, G is carried out s ' point doubling, with the forwarding of the operation result that obtains [s '] G, deliver to said access control center through said upper strata final election module; PA is carried out the t point doubling,, deliver to said access control center the forwarding of the operation result that obtains [t] PA through said upper strata final election module;
Said s generation module is used for, according to s=[(1+dA) -1(k-rdA)] mod n generates s, and the s that generates is sent to said signature control centre;
Said point adds module and is used for, and [s '] G and [t] PA of input carried out point add operation, and operation result (x1 ', y1 ') is sent to said access control center;
Said upper strata final election module is used for, and according to said signature generate pattern signal, the mode of operation of said cryptographic hash module, point doubling module is confirmed as the signature generate pattern; According to said signature verification mode signal, the mode of operation of said cryptographic hash module, point doubling module is confirmed as the signature verification pattern.
8. system according to claim 7 is characterized in that, this system further comprises lower floor's final election module; This system comprises: add module shared territory conversion submodule, territory, Montgomery multiplication submodule, the finite field submodule of inverting by said s generation module, point doubling module, point, added the shared projection mooring points of module and added submodule by said point doubling module, point;
Said s generation module comprises: s generates the control submodule; Said point doubling module comprises: point doubling control submodule, projective system two point doubling submodules; Said point adds module and comprises: point adds the control submodule;
Said s generates the control submodule and is used for, and under said signature generate pattern, sends s generate pattern signal to said lower floor final election module; Receive r and the k of the output of said signature control centre value in finite field; (1+dA) sent to the said finite field submodule of inverting in the value of finite field through said lower floor final election module; With r, dA, (1+dA) -1Send to said territory conversion submodule in the value of finite field through said lower floor final election module with k; The value in r and each territory, comfortable Montgomery of dA is sent to territory, said Montgomery multiplication submodule through said lower floor final election module; Carry out subtraction with value and its (rdA) that returns through said lower floor final election module of k in the value in territory, Montgomery, obtain (k-rdA) value in the territory, Montgomery in the territory, Montgomery; With (1+dA) -1(k-rdA) value in each territory, comfortable Montgomery sends to territory, said Montgomery multiplication submodule through said lower floor final election module, and with its through said lower floor final election module return [(1+dA) -1(k-rdA)] value and 1 at affine coordinate system sends to territory, said Montgomery multiplication submodule through said lower floor final election module again;
Said point doubling control submodule is used for, and under said signature generate pattern, sends point doubling signature Seize ACK message to said lower floor final election module; (x y) converts coordinate (x2, y2,1) under the projective coordinate system into, and x2, y2,1 are sent to said territory conversion submodule through said lower floor final election module with the coordinate of G under affine coordinate system; Will (x3, y3 is z3) as coordinate (x1, y1, z1) the initial value of [k] G in the territory, Montgomery; Confirm the binary bits length L of k; With the initial value of the inferior higher bit position in the binary form of k as its current bit; Inferior higher bit position from the binary form of said k begins; Bit of each reduction till its lowest bit position, carries out (L-1) inferior interative computation as current bit; (z1 in z1) sends to territory, said Montgomery multiplication submodule through said lower floor final election module for x1, y1 with the coordinate as a result of said (L-1) inferior interative computation; The z1 that territory, said Montgomery multiplication submodule is returned sends to the said finite field submodule of inverting in the value of finite field through said lower floor final election module; With the said finite field z1 that submodule returns that inverts -1Value in finite field sends to said territory conversion submodule through said lower floor final election module; With the coordinate as a result of said (L-1) inferior interative computation (x1, y1, x1, y1 and z1 in z1) -1Value in the territory, Montgomery sends to territory, said Montgomery multiplication submodule through said lower floor final election module, and its x1 that returns, the two value at affine coordinate system of y1 are sent to territory, said Montgomery multiplication submodule with 1 through said lower floor final election module respectively; The x1 that territory, said Montgomery multiplication submodule is returned, y1 the two the value of finite field as [k] G the coordinate of finite field (x1, y1) through said upper strata final election module forwards to said signature control centre; Once described interative computation wherein comprises: with current (x1; Y1; Z1) send to said projective system two point doubling submodules, be under the situation of binary one at said current bit, the output coordinate that said projective system two point doubling submodules are returned sends to said projection mooring points through said lower floor final election module and adds submodule; Under said signature verification pattern, send point doubling checking Seize ACK message to said lower floor final election module; With coordinate under affine coordinate system of G, PA (x2 '; Y2 '), (x5 ', y5 ') convert into respectively coordinate under the projective coordinate system (x3 ', y3 '; 1), (x6 '; Y6 ', 1), and respectively with x3 ', y3 ', 1 and x6 ', y6 ', 1 send to said territory conversion submodule through said lower floor final election module; Will (x4 ', y4 ', z4 ') and (x7 '; Y7 ', z7 ') sending to said projection mooring points through said lower floor final election module respectively adds submodule, and with its respectively as [s '] G and [t] PA the coordinate in territory, Montgomery (x11 '; Y11 '; Z11 ') and the initial value of (x12 ', y12 ', z12 '); Confirm binary bits length L A and the LB of s ' and t respectively; Respectively with the inferior higher bit position in the binary form of LA and LB as the initial value of current bit separately; And begin from separately inferior higher bit position respectively; An each bit conduct current bit separately that reduces; Till lowest bit position separately, carry out (LA-1) and (LB-1) inferior interative computation respectively; Respectively with said (LA-1) and (LB-1) z11 ' and the z12 ' among the coordinate as a result of inferior interative computation (x11 ', y11 ', z11 ') and (x12 ', y12 ', z12 ') send to territory, said Montgomery multiplication submodule through said lower floor final election module; Z11 ' that respectively territory, said Montgomery multiplication submodule is returned and z12 ' send to the said finite field submodule of inverting in the value of finite field through said lower floor final election module; Respectively with the said finite field z11 ' that submodule returns that inverts -1And z12 ' -1Value in finite field sends to said territory conversion submodule through said lower floor final election module; With x11 ', y11 ' and the z11 ' in the coordinate as a result of said (LA-1) inferior interative computation (x11 ', y11 ', z11 ') -1Value in the territory, Montgomery sends to territory, said Montgomery multiplication submodule through said lower floor final election module, and its x11 ' that returns, the two value at affine coordinate system of y11 ' are sent to territory, said Montgomery multiplication submodule with 1 through said lower floor final election module respectively; With x12 ', y12 ' and the z12 ' in the coordinate as a result of said (LB-1) inferior interative computation (x12 ', y12 ', z12 ') -1Value in the territory, Montgomery sends to territory, said Montgomery multiplication submodule through said lower floor final election module, and its x12 ' that returns, the two value at affine coordinate system of y12 ' are sent to territory, said Montgomery multiplication submodule with 1 through said lower floor final election module respectively; The two sends to said access control center at the coordinate of finite field (x11 ', y11 ') through said upper strata final election module as [s '] G in the value of finite field the x11 ' that territory, said Montgomery multiplication submodule is returned, y11 '; The two sends to said access control center at the coordinate of finite field (x12 ', y12 ') through said upper strata final election module as [t] PA in the value of finite field the x12 ' that territory, said Montgomery multiplication submodule is returned, y12 '; Once described interative computation wherein comprises: respectively with the coordinate of [s '] G and [t] PA (x11 '; Y11 '; Z11 '), the currency of (x12 ', y12 ', z12 ') sends to said projective system two point doubling submodules, is under the situation of binary one at the current bit of s '; With said projective system two point doubling submodules return (x11 '; Y11 ', z11 ') currency sends to said projection mooring points through said lower floor final election module and adds submodule, is under the situation of binary one at the current bit of t, with said projective system two point doubling submodules return (x12 '; Y12 ', z12 ') currency sends to said projection mooring points through said lower floor final election module and adds submodule;
Said projective system two point doubling submodules are used for, and under the signature generate pattern, input coordinate are carried out two point doublings, and operation result is back to said point doubling control submodule as output coordinate; Under the signature verification pattern, to the coordinate of [s '] G and [t] PA of input (x11 ', y11 '; Z11 '), the currency of (x12 ', y12 ', z12 ') carries out two point doublings respectively; With operation result respectively as (x11 ', y11 ', z11 ') and (x12 '; Y12 ', z12 ') currency is back to said point doubling control submodule;
Said point adds the control submodule and is used for, and sends point to said lower floor final election module and adds mode signal; Receive coordinate under affine coordinate system of [s '] G of sending at said access control center and [t] PA (x11 ', y11 ') and (x12 ', y12 '); With the two convert into respectively coordinate under each comfortable projective coordinate system (x11 '; Y11 ', 1) and (x12 ', y12 '; 1), and with x11 ', y11 ', 1 and x12 ', y12 ', 1 send to said territory conversion submodule through said lower floor final election module; The x11 ' that said territory conversion submodule is returned, y11 ', 1 and x12 ', y12 ', 1 value x111 ', y111 ', z111 ' and x121 ', y121 ', z121 ' in the territory, Montgomery send to said projection mooring points through said lower floor final election module and add submodule; The z131 ' that said projection mooring points is added in the coordinate under projective coordinate system of [s '] G+ [t] PA that submodule returns (x131 ', y131 ', z131 ') sends to territory, said Montgomery multiplication submodule through said lower floor final election module; The z131 ' that territory, said Montgomery multiplication submodule is returned sends to the said finite field submodule of inverting in the value of finite field through said lower floor final election module; With the said finite field z131 ' that submodule returns that inverts -1Value in finite field sends to said territory conversion submodule through said lower floor final election module; With x131 ', y131 ' and the z131 ' in the coordinate of [s '] G+ [t] PA under projective coordinate system (x131 ', y131 ', z131 ') -1Value in the territory, Montgomery sends to territory, said Montgomery multiplication submodule through said lower floor final election module, and its x131 ' that returns, the two value at affine coordinate system of y131 ' are sent to territory, said Montgomery multiplication submodule with 1 through said lower floor final election module respectively; The two sends to said access control center in the value of finite field as (x1 ', y1 ') x131 ' that territory, said Montgomery multiplication submodule is returned, y131 ';
Said lower floor final election module is used for; According to said s generate pattern signal; The invert mode of operation of submodule of said territory conversion submodule, territory, Montgomery multiplication submodule, finite field is confirmed as the s generate pattern, and the return information of each module is forwarded to said s generates the control submodule; According to said point doubling signature Seize ACK message, invert mode of operation that submodule, projection mooring points add submodule of said territory conversion submodule, territory, Montgomery multiplication submodule, finite field is confirmed as the point doubling signature and taken pattern; According to said point doubling checking Seize ACK message, invert mode of operation that submodule, projection mooring points add submodule of said territory conversion submodule, territory, Montgomery multiplication submodule, finite field is confirmed as the point doubling checking and taken pattern; Add mode signal according to said point, invert mode of operation that submodule, projection mooring points add submodule of said territory conversion submodule, territory, Montgomery multiplication submodule, finite field is confirmed as and a little added pattern;
Said territory conversion submodule is used for, under said s generate pattern, with (1+dA) -1, r, dA and k convert the value in each territory, comfortable Montgomery respectively in the value of finite field, generates the control submodule through said lower floor final election module forwards to said s; Take under the pattern at said point doubling signature, convert x2, y2,1 value value x3, y3, the z3 of each territory, comfortable Montgomery into respectively, and it is returned said point doubling through said lower floor final election module control submodule in finite field; With z1 -1Value in finite field converts its value in the territory, Montgomery into, and it is returned said point doubling control submodule through said lower floor final election module; Take under the pattern in said point doubling checking; Respectively with x3 ', y3 ', 1 and x6 ', y6 ', 1 value in finite field convert value x4 ', y4 ', z4 ' and x7 ', y7 ', the z7 ' in each territory, comfortable Montgomery into, and it is returned said point doubling control submodule through said lower floor final election module; Respectively with z11 ' -1And z12 ' -1Value in finite field converts its value in the territory, Montgomery into, and it is returned said point doubling control submodule through said lower floor final election module; Add under the pattern at said point; Respectively with x11 ', y11 ', 1 and x12 ', y12 ', 1 value in finite field convert value x111 ', y111 ', z111 ' and x121 ', y121 ', the z121 ' in each territory, comfortable Montgomery into, and it returned said point through said lower floor final election module add the control submodule; With z13 ' -1Value in finite field converts its value in the territory, Montgomery into, and with z131 ' -1Return said point in the value in territory, Montgomery through said lower floor final election module and add the control submodule;
Territory, said Montgomery multiplication submodule is used for; Under said s generate pattern; The two carries out the multiplying of territory, Montgomery in the value in territory, Montgomery to r and dA, (rdA) that obtain is returned said s in the value in territory, Montgomery through said lower floor final election module generate the control submodule; With (1+dA) -1(k-rdA) the two carries out the multiplying of territory, Montgomery in the value in territory, Montgomery, with obtain [(1+dA) -1(k-rdA)] return said s in the value of affine coordinate system through said lower floor final election module and generate the control submodule; To [(1+dA) -1(k-rdA)] carry out the multiplying of territory, Montgomery in the value and 1 of affine coordinate system, [(1+dA) with the s=that obtains -1(k-rdA)] mod n generates to said s through said lower floor final election module forwards at the value s of finite field and controls submodule; Take under the pattern at said point doubling signature, z1 and 1 is carried out the multiplying of territory, Montgomery, the z1 that obtains is sent to said point doubling control submodule in the value of finite field through said lower floor final election module; To x1 and z1 -1Value, y1 and the z1 in each territory, comfortable Montgomery -1The value in each territory, comfortable Montgomery is carried out the multiplying of territory, Montgomery respectively, and the two returns said point doubling control submodule in the value of affine coordinate system through said lower floor final election module with the x1 that obtains, y1; The two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system with said x1, y1, and the x1 that obtains, the two value in finite field of y1 are turned back to said point doubling control submodule through said lower floor final election module; Take under the pattern in said point doubling checking, z11 ' and 1 is carried out the multiplying of territory, Montgomery, the z11 ' that obtains is sent to said point doubling control submodule in the value of finite field through said lower floor final election module; Z12 ' and 1 is carried out the multiplying of territory, Montgomery, the z12 ' that obtains is sent to said point doubling control submodule in the value of finite field through said lower floor final election module; To x11 ' and z11 ' -1The two value, y11 ' and z11 ' in the territory, Montgomery -1The two carries out the multiplying of territory, Montgomery respectively in the value in territory, Montgomery, and the two returns said point doubling control submodule in the value of affine coordinate system through said lower floor final election module with the x11 ' that obtains, y11 '; The two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system with said x11 ', y11 ', and the x11 ' that obtains, the two value in finite field of y11 ' are turned back to said point doubling control submodule through said lower floor final election module; To x12 ' and z12 ' -1The two value, y12 ' and z12 ' in the territory, Montgomery -1The two carries out the multiplying of territory, Montgomery respectively in the value in territory, Montgomery, and the two returns said point doubling control submodule in the value of affine coordinate system through said lower floor final election module with the x12 ' that obtains, y12 '; The two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system with said x12 ', y12 ', and the x12 ' that obtains, the two value in finite field of y12 ' are turned back to said point doubling control submodule through said lower floor final election module; Add under the pattern at said point, the z131 ' and 1 of input is carried out the multiplying of territory, Montgomery, the z131 ' that obtains is sent to said point in the value of finite field through said lower floor final election module add the control submodule; To x131 ' and z11 ' -1The two value, y131 ' and z11 ' in the territory, Montgomery -1The two carries out the multiplying of territory, Montgomery respectively in the value in territory, Montgomery, and the two returns said point in the value of affine coordinate system through said lower floor final election module and adds the control submodule with the x131 ' that obtains, y131 '; The two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system with said x131 ', y131 ', and the x131 ' that obtains, the two value in finite field of y131 ' are turned back to said point through said lower floor final election module and add the control submodule;
The said finite field submodule of inverting is used for, and under said s generate pattern, (1+dA) is carried out inversion operation in the value of finite field, with (1+dA) that obtain -1Value in finite field is controlled submodule through said lower floor final election module forwards to said s generation; Take under the pattern at said point doubling signature, z1 is carried out inversion operation in the value of finite field, the z1 that obtains -1Value in finite field sends to said point doubling control submodule through said lower floor final election module; Take under the pattern in said point doubling checking, respectively z11 ' and z12 ' are carried out inversion operation in the value of finite field, the z11 ' that obtains -1And z12 ' -1Value in finite field sends to said point doubling control submodule through said lower floor final election module; Add under the pattern at said point, the z131 ' that imports is carried out inversion operation in the value of finite field, the z131 ' that obtains -1Send to said point in the value of finite field through said lower floor final election module and add the control submodule;
Said projection mooring points adds submodule and is used for, take under the pattern at said point doubling signature, with input coordinate with (x3, y3 z3) carry out point add operation, and operation result is sent to said point doubling control submodule through said lower floor final election module; Take under the pattern in the checking of said point doubling, with input (x11 ', y11 '; Z11 ') currency with (x4 '; Y4 ', z4 ') carry out point add operation, with operation result as new (x11 '; Y11 ', z11 ') currency sends to said point doubling control submodule through said lower floor final election module; With the currency of (x12 ', y12 ', z12 ') of input with (x7 '; Y7 ', z7 ') carry out point add operation, with operation result as new (x12 '; Y12 ', z12 ') currency sends to said point doubling control submodule through said lower floor final election module; Add under the pattern at said point; X111 ', y111 ', z111 ' and x121 ', y121 ', the z121 ' of input are carried out point add operation; With operation result as the coordinate of [s '] G+ [t] PA under projective coordinate system (x131 '; Y131 ', z131 ') sending to said point through said lower floor final election module adds the control submodule.
CN201110107553.3A 2011-04-27 2011-04-27 System for generating, verifying and mixing digital signatures of p-element domain SM2 elliptic curves Active CN102761415B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110107553.3A CN102761415B (en) 2011-04-27 2011-04-27 System for generating, verifying and mixing digital signatures of p-element domain SM2 elliptic curves

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110107553.3A CN102761415B (en) 2011-04-27 2011-04-27 System for generating, verifying and mixing digital signatures of p-element domain SM2 elliptic curves

Publications (2)

Publication Number Publication Date
CN102761415A true CN102761415A (en) 2012-10-31
CN102761415B CN102761415B (en) 2015-04-08

Family

ID=47055742

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110107553.3A Active CN102761415B (en) 2011-04-27 2011-04-27 System for generating, verifying and mixing digital signatures of p-element domain SM2 elliptic curves

Country Status (1)

Country Link
CN (1) CN102761415B (en)

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103312510A (en) * 2013-05-20 2013-09-18 国家电网公司 Ultra-light authentication method for asymmetrical digital signature technology
CN103427997A (en) * 2013-08-16 2013-12-04 西安西电捷通无线网络通信股份有限公司 Method and device for generating digital signature
CN103490883A (en) * 2013-09-17 2014-01-01 华南理工大学 System and method for encryption/decryption of multivariable public key
CN103929305A (en) * 2013-01-16 2014-07-16 上海华虹集成电路有限责任公司 SM2 signature algorithm implementation method
CN104836670A (en) * 2015-05-12 2015-08-12 中国科学院软件研究所 SM2 signature algorithm security verification method based on random number unknown
CN104852805A (en) * 2015-05-11 2015-08-19 中国科学院软件研究所 SM2 signature algorithm protection method for resisting error attack based on lattice
CN106549769A (en) * 2016-12-08 2017-03-29 广东工业大学 SM2 ellipse curve signatures system under a kind of prime field Fp
CN106712968A (en) * 2017-02-22 2017-05-24 北京智慧云测科技有限公司 Secret key acquiring method, digital signature method and devices
CN106850198A (en) * 2017-01-16 2017-06-13 武汉理工大学 SM2 digital signature generation method and system based on the collaboration of many devices
CN103701598B (en) * 2013-12-05 2017-07-11 武汉信安珞珈科技有限公司 It is a kind of that endorsement method and digital signature device are checked based on SM2 signature algorithms
CN108718239A (en) * 2018-05-14 2018-10-30 河南科技大学 A kind of improved digital signature of elliptic curve method
CN109145644A (en) * 2018-08-28 2019-01-04 北京云测信息技术有限公司 Private key obscures and digital signature generation method, device, smart machine
CN110990896A (en) * 2019-12-03 2020-04-10 成都卫士通信息产业股份有限公司 Digital signature device, method, storage medium and equipment based on SM2 white box
CN111092730A (en) * 2018-10-24 2020-05-01 三星电子株式会社 Random number generator, encryption device and method for operating encryption device
CN111274613A (en) * 2020-01-20 2020-06-12 广州安研信息科技有限公司 Iterative SM2 digital signature generation method, system, medium, and apparatus
CN112118111A (en) * 2020-09-04 2020-12-22 中国科学院大学 SM2 digital signature method suitable for threshold calculation
CN113055189A (en) * 2021-06-02 2021-06-29 工业信息安全(四川)创新中心有限公司 SM2 digital signature verification failure reason judgment method, device, equipment and medium
CN113193962A (en) * 2021-04-30 2021-07-30 安徽师范大学 SM2 digital signature generation and verifier based on lightweight modular multiplication
CN113783702A (en) * 2021-09-28 2021-12-10 南京宁麒智能计算芯片研究院有限公司 Hardware implementation method and system for elliptic curve digital signature and signature verification
CN114205085A (en) * 2021-12-03 2022-03-18 东北大学 Optimization processing method of SM2 and transformation method of super book fabric platform

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1831754A (en) * 2005-11-04 2006-09-13 北京浦奥得数码技术有限公司 Elliptic curve cipher system and implementing method
US20070185950A1 (en) * 2006-02-09 2007-08-09 Masayuki Yoshino Modular multiplication processing apparatus
CN101296076A (en) * 2007-04-29 2008-10-29 四川虹微技术有限公司 Digital signature scheme based on ECC
CN101610153A (en) * 2008-06-20 2009-12-23 航天信息股份有限公司 Electronic signature authentication method based on ellipse curve signature algorithm
CN101753306A (en) * 2009-12-22 2010-06-23 上海大学 Digital signature authentication method for applying Montgomery elliptic curve
CN101931529A (en) * 2010-08-09 2010-12-29 中兴通讯股份有限公司 Data encryption method, data decryption method and nodes

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1831754A (en) * 2005-11-04 2006-09-13 北京浦奥得数码技术有限公司 Elliptic curve cipher system and implementing method
US20070185950A1 (en) * 2006-02-09 2007-08-09 Masayuki Yoshino Modular multiplication processing apparatus
CN101296076A (en) * 2007-04-29 2008-10-29 四川虹微技术有限公司 Digital signature scheme based on ECC
CN101610153A (en) * 2008-06-20 2009-12-23 航天信息股份有限公司 Electronic signature authentication method based on ellipse curve signature algorithm
CN101753306A (en) * 2009-12-22 2010-06-23 上海大学 Digital signature authentication method for applying Montgomery elliptic curve
CN101931529A (en) * 2010-08-09 2010-12-29 中兴通讯股份有限公司 Data encryption method, data decryption method and nodes

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王潮,时向勇,牛志华: "基于Montgomery曲线改进ECDSA算法的研究", 《通信学报》 *

Cited By (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103929305A (en) * 2013-01-16 2014-07-16 上海华虹集成电路有限责任公司 SM2 signature algorithm implementation method
CN103312510A (en) * 2013-05-20 2013-09-18 国家电网公司 Ultra-light authentication method for asymmetrical digital signature technology
CN103427997A (en) * 2013-08-16 2013-12-04 西安西电捷通无线网络通信股份有限公司 Method and device for generating digital signature
WO2015021934A1 (en) * 2013-08-16 2015-02-19 西安西电捷通无线网络通信股份有限公司 Method and device for generating digital signature
CN103427997B (en) * 2013-08-16 2016-06-22 西安西电捷通无线网络通信股份有限公司 A kind of method generating digital signature and device
JP2016528555A (en) * 2013-08-16 2016-09-15 西安西▲電▼捷通▲無▼綫▲網▼絡通信股▲分▼有限公司China Iwncomm Co., Ltd. Method and apparatus for generating digital signature
US10038561B2 (en) 2013-08-16 2018-07-31 China Iwncomm Co., Ltd. Method and device for generating digital signature
CN103490883A (en) * 2013-09-17 2014-01-01 华南理工大学 System and method for encryption/decryption of multivariable public key
CN103490883B (en) * 2013-09-17 2016-10-05 华南理工大学 A kind of multi-variable public key ciphering/decryption system and encrypting/decrypting method
CN103701598B (en) * 2013-12-05 2017-07-11 武汉信安珞珈科技有限公司 It is a kind of that endorsement method and digital signature device are checked based on SM2 signature algorithms
CN104852805B (en) * 2015-05-11 2019-03-22 中国科学院软件研究所 A kind of SM2 signature algorithm means of defence for resisting the fault analysis based on lattice
CN104852805A (en) * 2015-05-11 2015-08-19 中国科学院软件研究所 SM2 signature algorithm protection method for resisting error attack based on lattice
CN104836670B (en) * 2015-05-12 2017-12-08 中国科学院软件研究所 A kind of SM2 signature algorithm security verification method unknown based on random number
CN104836670A (en) * 2015-05-12 2015-08-12 中国科学院软件研究所 SM2 signature algorithm security verification method based on random number unknown
CN106549769A (en) * 2016-12-08 2017-03-29 广东工业大学 SM2 ellipse curve signatures system under a kind of prime field Fp
CN106850198B (en) * 2017-01-16 2019-10-25 武汉理工大学 SM2 digital signature generation method and system based on the collaboration of more devices
CN106850198A (en) * 2017-01-16 2017-06-13 武汉理工大学 SM2 digital signature generation method and system based on the collaboration of many devices
CN106712968A (en) * 2017-02-22 2017-05-24 北京智慧云测科技有限公司 Secret key acquiring method, digital signature method and devices
CN106712968B (en) * 2017-02-22 2019-08-30 北京智慧云测科技有限公司 Key acquisition method, digital signature method and device
CN108718239A (en) * 2018-05-14 2018-10-30 河南科技大学 A kind of improved digital signature of elliptic curve method
CN109145644A (en) * 2018-08-28 2019-01-04 北京云测信息技术有限公司 Private key obscures and digital signature generation method, device, smart machine
CN111092730A (en) * 2018-10-24 2020-05-01 三星电子株式会社 Random number generator, encryption device and method for operating encryption device
CN110990896A (en) * 2019-12-03 2020-04-10 成都卫士通信息产业股份有限公司 Digital signature device, method, storage medium and equipment based on SM2 white box
CN111274613A (en) * 2020-01-20 2020-06-12 广州安研信息科技有限公司 Iterative SM2 digital signature generation method, system, medium, and apparatus
CN112118111A (en) * 2020-09-04 2020-12-22 中国科学院大学 SM2 digital signature method suitable for threshold calculation
CN112118111B (en) * 2020-09-04 2023-10-13 中国科学院大学 SM2 digital signature method suitable for threshold calculation
CN113193962A (en) * 2021-04-30 2021-07-30 安徽师范大学 SM2 digital signature generation and verifier based on lightweight modular multiplication
CN113055189A (en) * 2021-06-02 2021-06-29 工业信息安全(四川)创新中心有限公司 SM2 digital signature verification failure reason judgment method, device, equipment and medium
CN113055189B (en) * 2021-06-02 2021-08-10 工业信息安全(四川)创新中心有限公司 SM2 digital signature verification failure reason judgment method, device, equipment and medium
CN113783702A (en) * 2021-09-28 2021-12-10 南京宁麒智能计算芯片研究院有限公司 Hardware implementation method and system for elliptic curve digital signature and signature verification
CN114205085A (en) * 2021-12-03 2022-03-18 东北大学 Optimization processing method of SM2 and transformation method of super book fabric platform

Also Published As

Publication number Publication date
CN102761415B (en) 2015-04-08

Similar Documents

Publication Publication Date Title
CN102761415B (en) System for generating, verifying and mixing digital signatures of p-element domain SM2 elliptic curves
CN102761413B (en) Implementation system of p-element domain SM2 elliptic curve public key cryptographic algorithm
CN105099672B (en) Mixed encryption method and the device for realizing this method
CN110247757B (en) Block chain processing method, device and system based on cryptographic algorithm
US6490352B1 (en) Cryptographic elliptic curve apparatus and method
CN110545279A (en) block chain transaction method, device and system with privacy and supervision functions
Li et al. Provably secure certificate-based signature scheme without pairings
Abidi et al. Implementation of elliptic curve digital signature algorithm (ECDSA)
GB2265285A (en) Public key cryptographic method for communication and electronic signatures
WO2009026771A1 (en) The method for negotiating the key, encrypting and decrypting the information, signing and authenticating the information
CN113660087B (en) SM9 identification cipher algorithm hardware realization system based on finite field
CN111277415A (en) Privacy protection method and device based on block chain intelligent contract
CN102761412A (en) P-element domain SM2 elliptic curve public key encryption, decryption and encryption-decryption hybrid system
Jeng et al. An ECC-based blind signature scheme
CN112632630A (en) SM 2-based collaborative signature calculation method and device
Koppula et al. Secure digital signature scheme based on elliptic curves for internet of things
KR100699836B1 (en) Apparatus and method to counter Different Faults AnalysisDFA in scalar multiplication
Sarwar et al. Lightweight ECC with Fragile Zero-Watermarking for Internet of Things Security
CN108055134B (en) Collaborative computing method and system for elliptic curve point multiplication and pairing operation
Moon et al. Fast VLSI arithmetic algorithms for high-security elliptic curve cryptographic applications
CN102761411B (en) P element field SM2 elliptic curve key agreement system
KR100817048B1 (en) Method and apparatus of Different Faults AnalysisDFA countermeasure based on different point representation for Elliptic Curve CryptographyECC
US20150281256A1 (en) Batch verification method and apparatus thereof
JP5314449B2 (en) Electronic signature verification system, electronic signature device, verification device, electronic signature verification method, electronic signature method, verification method, electronic signature program, verification program
Ahirwal et al. Signcryption scheme that utilizes elliptic curve for both encryption and signature generation

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant