CN102761415B - System for generating, verifying and mixing digital signatures of p-element domain SM2 elliptic curves - Google Patents

System for generating, verifying and mixing digital signatures of p-element domain SM2 elliptic curves Download PDF

Info

Publication number
CN102761415B
CN102761415B CN201110107553.3A CN201110107553A CN102761415B CN 102761415 B CN102761415 B CN 102761415B CN 201110107553 A CN201110107553 A CN 201110107553A CN 102761415 B CN102761415 B CN 102761415B
Authority
CN
China
Prior art keywords
territory
submodule
value
montgomery
sent
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201110107553.3A
Other languages
Chinese (zh)
Other versions
CN102761415A (en
Inventor
徐树民
屈善新
刘振
王绍麟
田心
刘建巍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aisino Corp
Original Assignee
Aisino Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aisino Corp filed Critical Aisino Corp
Priority to CN201110107553.3A priority Critical patent/CN102761415B/en
Publication of CN102761415A publication Critical patent/CN102761415A/en
Application granted granted Critical
Publication of CN102761415B publication Critical patent/CN102761415B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention relates to a system for generating, verifying and mixing digital signatures of p-element domain SM2 elliptic curves. The system functions through the following steps: m' which is obtained by combining a message (m) to be signed with a signer hash value (ZA) is sent to a password hash module; r which is obtained through r=(e+x1)mod n is sent to an s generation module; when r=0, r+k=n or s=0, a random number generation module is notified to regenerate k; r and s are used as signature control centers for output of the digital signature of m; password hash computation is performed to m' to generate the password hash module of the combined message hash value e; the random number generation module of the random number k is generated; k doubling computation is performed to the base G of an elliptic curve; the generated coordinate (x1,y1) is used as the doubling computation module of the result [k]G; and the s generation module is generated according to s=[(1+dA)<-1>*(k-r*dA)] mod n, where n is the order of the elliptic curve, and dA is the private key of the signer. According to the invention, the digital signature algorithm in the SM2 elliptic curve public-key algorithm can be achieved through hardware.

Description

The digital signature of p unit territory SM2 elliptic curve generates, verifies and hybrid system
Technical field
The present invention relates to field of information security technology, the digital signature particularly relating to a kind of p unit territory SM2 elliptic curve generates, verifies and hybrid system.
Background technology
Along with the development of the communication technology and the information processing technology, the fail safe of information in transmitting procedure more and more receives publicity, and needs to carry out guarantee information by the information processing technology and is not ravesdropping in communication process, distorts and copys.Cryptographic technique can solve the requirement of this respect.
Since Diffie and Hellmann in 1976 proposes the concept of public-key cryptosystem, there is the common key cryptosystem safely and effectively that 3 classes are generally acknowledged, its mathematical problem relied on is respectively integer factors resolution problem (IFP), discrete logarithm problem (DLP) and elliptic curves discrete logarithm problem (ECDLP), and corresponding algorithm is RSA Algorithm, DSA Digital Signature Algorithm, elliptic curve (ECC) successively.These three kinds of problems all ensure the fail safe of key based on the NPC problem (Non-deterministicPolynomial Complete problem) of computational complexity.Relative to other two kinds of algorithms, the security performance of ECC is higher, amount of calculation is less, and faster, required for when fail safe the is identical keys sizes of processing speed is less, lower to the requirement of bandwidth, and therefore, ECC system has more wide application prospect.
SM2 ellipse curve public key cipher algorithm is a kind of ECC algorithm that national Password Management office issues, and it comprises Digital Signature Algorithm, IKE and public key encryption algorithm three part.But the flow process of what national Password Management office had announced is only SM2 ellipse curve public key cipher algorithm, not yet occurs at present any it being used hard-wired hardware device, is difficult to this outstanding algorithm is put to application.
Summary of the invention
The digital signature that technical problem to be solved by this invention is to provide a kind of p unit territory SM2 elliptic curve generates, verifies and hybrid system, can realize the Digital Signature Algorithm in SM2 ellipse curve public key cipher algorithm with hardware.
The technical scheme that the present invention solves the problems of the technologies described above is as follows: the digital signature generation system of a kind of p unit territory SM2 elliptic curve, and described digital signature comprises signature section r and No. two signature section s; This system comprises: signature control centre, cryptographic Hash module, random number generation module, point doubling module, s generation module; Wherein,
Described signature control centre is used for, and message m to be signed and signer Hash Value ZA is spliced, the splicing message m by obtaining ' be sent to described cryptographic Hash module; R is calculated according to r=(e+x1) mod n; R is sent to described s generation module; When r=0, r+k=n or s=0, notify that described random number generation module regenerates k; K is sent to described point doubling module, s generation module; R and s is exported as the digital signature of m;
Described cryptographic Hash module is used for, and carries out cryptographic Hash computing to m ', and the splicing message Hash Value e of generation is sent to described signature control centre;
Described random number generation module is used for, and the random number k of generation is sent to described signature control centre;
Described point doubling module is used for, and carries out k point doubling to the base G of described elliptic curve, and the coordinate (x1, y1) generated is sent to described signature control centre as operation result [k] G;
Described s generation module is used for, according to s=[(1+dA) -1(k-rdA)] mod n generates s, the s of generation is sent to described signature control centre;
Wherein, n is the rank of described elliptic curve, and dA is the private key of signer.
The invention has the beneficial effects as follows: in the present invention, message m is spliced ' because message m to be signed and signer Hash Value ZA can be spliced into by signature control centre, by cryptographic Hash module, hash computing is carried out to it, obtain splicing message Hash Value e, random number generation module generates random number k, the base G of point doubling module to elliptic curve carries out k point doubling, generate coordinate (x1, y1), like this, signature control centre can obtain r according to r=(e+x1) mod n, all be false if this r meets r=0 and r+k=0, then this r is a signature section in the digital signature of m, otherwise, signature control centre notice random number generation module regenerates random number k, s generation module can according to s=[(1+dA) -1(k-rdA)] mod n generates s, and in the invalid situation of s=0, this s is No. two signature sections in the digital signature of m.Like this, r and s can export as the digital signature of m by signature control centre.Therefore, the present invention can with comprise signature control centre, cryptographic Hash module, random number generation module, point doubling module, s generation module hardware realize in SM2 ellipse curve public key cipher algorithm Digital Signature Algorithm.
Present invention also offers the digital signature authentication system of a kind of p unit territory SM2 elliptic curve, this system is for verifying the digital signature that above-mentioned digital signature generation system generates, and this system comprises: access control center, cryptographic Hash module, point doubling module, point add module; Wherein,
Described access control center is used for, using the digital signature of the message M ' to be verified that the r ' received and s ' exports as described digital signature generation system; Judge r ' and s ' whether all between 1 and (n-1); M ' and signer Hash Value ZA ' are spliced, by the authentication splicing message obtained be sent to described cryptographic Hash module; Determine t according to t=(r '+s ') mod n, judge whether t is 0; S ' and t is sent to described point doubling module, and [s '] G described point doubling module returned and [t] PA is sent to described point and adds module; Determine R according to R=(e '+x1 ') mod n, and judge that whether R is equal with r '; Judge r ' not between 1 and (n-1), s ' not between 1 and (n-1), t is 0, R and r ' unequal in arbitrary situation time, export the message that digital signature authentication is not passed through, when above-mentioned each situation does not all occur, export the message that digital signature authentication is passed through; Wherein, n is the rank of described elliptic curve;
Described cryptographic Hash module is used for, right carry out cryptographic Hash computing, the authentication generated splicing message Hash Value e ' is sent to described access control center;
Described point doubling module is used for, and carries out s ' point doubling to the base G of described elliptic curve, and the operation result obtained [s '] G is sent to described access control center; T point doubling is carried out to the PKI PA of signer, the operation result obtained [t] PA is sent to described access control center;
Described point add module for, point add operation is carried out to [s '] G of input and [t] PA, operation result (x1 ', y1 ') is sent to described access control center.
In addition, the digital signature that present invention also offers a kind of p unit territory SM2 elliptic curve generates, checking hybrid system, and the rank of described elliptic curve are n, and base is G, and signer has PKI PA and private key dA; This system comprises: signature control centre, access control center, random number generation module, s generation module, cryptographic Hash module, point doubling module, upper strata final election module, point add module; Described cryptographic Hash module, point doubling module all have signature generate pattern and signature verification pattern; Wherein,
Described signature control centre is used for, and sends signature generate pattern signal to described upper strata final election module; Message m to be signed and signer Hash Value ZA are spliced, the splicing message m by obtaining ' be sent to described cryptographic Hash module by described upper strata final election module; R is calculated according to r=(e+x1) mod n; R is sent to described s generation module; When r=0, r+k=n or s=0, notify that described random number generation module regenerates k; K is sent to described s generation module; K is sent to described point doubling module by described upper strata final election module; R and s is exported as the digital signature of m;
Described access control center is used for, and sends signature verification mode signal to described upper strata final election module; Using the digital signature of the message M ' to be verified that the r ' received and s ' exports as described digital signature generation system; Judge r ' and s ' whether all between 1 and (n-1); M ' and signer Hash Value ZA ' are spliced, by the authentication splicing message obtained described cryptographic Hash module is sent to by described upper strata final election module; Determine t according to t=(r '+s ') mod n, judge whether t is 0; S ' and t is sent to described point doubling module by described upper strata final election module, and [s '] G described point doubling module returned and [t] PA is sent to described point and adds module; Determine R according to R=(e '+x1 ') mod n, and judge that whether R is equal with r '; Judge r ' not between 1 and (n-1), s ' not between 1 and (n-1), t is 0, R and r ' unequal in arbitrary situation time, export the message that digital signature authentication is not passed through, when above-mentioned each situation does not all occur, export the message that digital signature authentication is passed through;
Described cryptographic Hash module is used for, and under described signature generate pattern, carries out cryptographic Hash computing to m ', by the splicing message Hash Value e of generation by the forwarding of described upper strata final election module, delivers to described signature control centre; Under described signature verification pattern, right carry out cryptographic Hash computing, the authentication generated is spliced message Hash Value e ' by the forwarding of described upper strata final election module, deliver to described access control center;
Described random number generation module is used for, and the random number k of generation is sent to described signature control centre;
Described point doubling module is used for, and under described signature generate pattern, carries out k point doubling to G, using the coordinate (x1, y1) of generation as operation result [k] G, by the forwarding of described upper strata final election module, delivers to described signature control centre; Under described signature verification pattern, s ' point doubling is carried out to G, by operation result [s '] G that obtains by the forwarding of described upper strata final election module, deliver to described access control center; T point doubling is carried out to PA, by operation result [t] PA that obtains by the forwarding of described upper strata final election module, delivers to described access control center;
Described s generation module is used for, according to s=[(1+dA) -1(k-rdA)] mod n generates s, the s of generation is sent to described signature control centre;
Described point add module for, point add operation is carried out to [s '] G of input and [t] PA, operation result (x1 ', y1 ') is sent to described access control center;
Described upper strata final election module is used for, and according to described signature generate pattern signal, the mode of operation of described cryptographic Hash module, point doubling module is defined as generate pattern of signing; According to described signature verification mode signal, the mode of operation of described cryptographic Hash module, point doubling module is defined as signature verification pattern.
Accompanying drawing explanation
Fig. 1 is the flow chart of the digital signature generating algorithm in the SM2 ellipse curve public key cipher algorithm of national Password Management office announcement;
Fig. 2 is the structure chart of the digital signature generation system of the p unit territory SM2 elliptic curve that the present invention proposes;
Fig. 3 is the structure chart of s generation module in the digital signature generation system of the p unit territory SM2 elliptic curve that the present invention proposes;
Fig. 4 is the structure chart of point doubling module in the digital signature generation system of the p unit territory SM2 elliptic curve that the present invention proposes;
Fig. 5 is the flow chart of the digital signature verification algorithm in the SM2 ellipse curve public key cipher algorithm of national Password Management office announcement;
Fig. 6 is the structure chart of the digital signature authentication system of p provided by the invention unit territory SM2 elliptic curve;
Fig. 7 is the structure chart of point doubling module in the digital signature authentication system of p provided by the invention unit territory SM2 elliptic curve;
Fig. 8 is the structure chart that the digital signature authentication system mid point of p provided by the invention unit territory SM2 elliptic curve adds module;
Fig. 9 is that the digital signature of p provided by the invention unit territory SM2 elliptic curve generates, the structure chart of checking hybrid system;
Figure 10 is that the digital signature of p provided by the invention unit territory SM2 elliptic curve generates, the structure chart of the most preferred embodiment of checking hybrid system.
Embodiment
Be described principle of the present invention and feature below in conjunction with accompanying drawing, example, only for explaining the present invention, is not intended to limit scope of the present invention.
Fig. 1 is the flow chart of the digital signature generating algorithm in the SM2 ellipse curve public key cipher algorithm of national Password Management office announcement.In p unit territory, the equation of elliptic curve is y 2=x 3+ ax+b, p be here be greater than 3 prime number, a and b be p unit territory in numerical value, and meet (4a 3+ 27b 2) mod p is not 0.Elliptic curve in the present invention all refers to the elliptic curve in p unit territory.
Digital signature is some data be attached in message to be signed, or to data cell make the result of cryptographic transformation, when normally using, digital signature can provide following service: (1) confirms the source of data; (2) integrality of verification msg; (3) ensure that signer can not be denied.
As shown in Figure 1, this algorithm comprises the following steps:
Step 101: Hash Value ZA, the signer PKI PA of the base G of known elliptic curve, the rank n of elliptic curve, message m to be signed, signer and private key dA.
This step is the confirmation step of a precognition amount.Wherein, the base G of elliptic curve and rank n is the characteristic quantity of the elliptic curve described in ellipse curve public key cipher algorithm; Message m to be signed is the message needing to carry out digital signature protection, namely usually said data clear text; Signer Hash Value ZA be to the abscissa of the abscissa of parameter a and b in the distinguished mark of signer and length thereof, p unit territory elliptic curve equation, G and ordinate, signer PKI PA and ordinate splicing after Bit String carry out cryptographic Hash calculating after the Hash Value that obtains, here hash computing is a computing arbitrary Bit String of length being mapped as fixed-length bits string (i.e. Hash Value), this computing meets irreversibility and input and output unicity, can ensure the safety of data.SM2 ellipse curve public key cipher algorithm is a kind of rivest, shamir, adelman, and need PKI and private key two keys, the data that private key can have been deciphered by public key encryption, the data that PKI also can have been deciphered by encrypted private key, dA and PA is private key and the PKI of signer.
Step 102: ZA and m is spliced into splicing message m '.
This step is stitched together by the Bit String of ZA and m, forms a Bit String, m can be spliced after the last position Bit String of ZA.
Step 103: carry out cryptographic Hash algorithm to m ', obtains splicing message Hash Value e.
This step is the step of carrying out cryptographic Hash computing, and the length of the e of output can be 192 bits, also can be 256 bits.
Step 104: produce the random number k between 1 and (n-1).
This step produces random number k, and this random number must be less than the rank n of elliptic curve, and is positive integer.
Step 105: carry out k point doubling to G, obtains coordinate (x1, y1).
Here, k point doubling refers to and carries out to point same on elliptic curve the computing that adds for k time, this point is the point on elliptic curve, as the base G of the elliptic curve in this step, and the result of computing gained is also the coordinate of the point on this elliptic curve, the i.e. coordinate (x1, y1) that obtains of this step.
Step 106: calculate r according to r=(e+x1) mod n.
Here, r is a part for the digital signature of m, and the present invention can be referred to as a signature section.
Step 107: judge whether r=0 or r+k=n sets up.
Here, no matter r=0 sets up or r+k=n establishment, or the two is all set up, and all the k of description of step 104 generation is improper, thus when judged result is for being, returning and performing step 104, otherwise, perform step 108.
Step 108: according to s=[(1+dA) -1(k-rdA)] mod n calculates s.
Here, s is another part of the digital signature of m, and the present invention is referred to as No. two signature sections.
Step 109: judge whether s is 0.
Here, s 0 means that the random number k that step 104 generates is improper, thus when judged result is for being, returning and performing step 104, otherwise, perform step 110.
Step 110: r and s is exported as the digital signature of m.
Here, r and s can form a message and export, and also can export with m simultaneously.
Corresponding to the digital signature generating algorithm shown in Fig. 1, the invention provides the digital signature generation system of a kind of p unit territory SM2 elliptic curve, for utilizing hardware to realize this algorithm.Fig. 2 is the structure chart of the digital signature generation system of the p unit territory SM2 elliptic curve that the present invention proposes.Here elliptic curve is the elliptic curve in p unit territory, and it has base G, and its rank are n.Here digital signature is the digital signature generated after carrying out digital signature computing for message m to be signed, comprises signature section r and No. two signature section s.In this system, signer has signer private key dA and signer PKI PA, and wherein, the abscissa xA of PA and ordinate yA, as a part for hash computing input bit string, imports signer Hash Value ZA through hash computing.
As shown in Figure 2, this system comprises: signature control centre 201, cryptographic Hash module 204, random number generation module 202, point doubling module 203, s generation module 205; Wherein,
Signature control centre 201 for, message m to be signed and signer Hash Value ZA are spliced, the splicing message m by obtaining ' be sent to cryptographic Hash module 204; R is calculated according to r=(e+x1) mod n; R is sent to s generation module 205; When r=0, r+k=n or s=0, notice random number generation module 202 regenerates k; K is sent to point doubling module 203, s generation module 205; R and s is exported as the digital signature of m;
Cryptographic Hash module 204 for, cryptographic Hash computing is carried out to m ', the splicing message Hash Value e of generation is sent to signature control centre 201;
Random number generation module 202 for, the random number k of generation is sent to signature control centre 201;
Point doubling module 203 for, k point doubling is carried out to the base G of elliptic curve, using generate coordinate (x1, y1) as operation result [k] G be sent to signature control centre 201;
S generation module 205 for, according to s=[(1+dA) -1(k-rdA)] mod n generates s, the s of generation is sent to signature control centre 201.
Here, the step 102 that message m to be signed and signer Hash Value ZA carry out in the computing of splicing and Fig. 1 by signature control centre is corresponding, being the computing of a formation Bit String of being stitched together by the Bit String of ZA and m, can be spliced by m after the last position Bit String of ZA.The function that signature control centre calculates a signature section r according to r=(e+x1) mod n is corresponding with the step 106 in Fig. 1, when r=0, r+k=n or s=0, notice random number generation module regenerates k, corresponding with step 107 and 109, signature control centre can arrange the order of judgement, thus makes step 107 and 109 points open execution.R and s exports as the digital signature of m by signature control centre, is corresponding with the step 110 in Fig. 1.As can be seen here, signature control centre is the control core of whole system, and have the work schedule arranging each module, the legitimacy judging the digital signature generated, export the functions such as digital signature, it also has the receiving function of data, control command.
Mod in the present invention is modulo operator, execution be ask modular arithmetic.
Cryptographic Hash module is used for carrying out cryptographic Hash computing to m ', and generate splicing message Hash Value e, this is corresponding with the step 103 in Fig. 1.Here the Hash Value e that cryptographic Hash computing generates can be 192 bits, can be also 256 bits, thus meet the different needs.
It is corresponding with the step 104 in Fig. 1 that random number generation module generates random number k, and k must be less than the rank n of elliptic curve, and is positive number.Here random number generation module can adopt national Password Management office to ratify the randomizer used, and it can stochastic generation random number.
The base G of point doubling module to elliptic curve carries out k point doubling, by the coordinate (x1 generated, y1) be corresponding with the step 105 in Fig. 1 as operation result [k] G, here operation result (x1, y1) be also the coordinate of point on this elliptic curve, k is the random numeral between 1 and (n-1) produced, and the operation result of point doubling module is the coordinate of the point on elliptic curve.
S generation module is according to s=[(1+dA) -1(k-rdA)] mod n generates the computing of No. two signature section s, corresponding with step 108.
As can be seen here, corresponding module in system is at the base G of precognition elliptic curve, the rank n of elliptic curve, message m to be signed, the Hash Value ZA of signer, under the prerequisite of signer PKI PA and private key dA (corresponding with the step 101 in Fig. 1), each module in this system can perform each step in Fig. 1 respectively, the work schedule of each module is arranged by signature control centre, thus make each module can carry out work according to the algorithm flow shown in Fig. 1, thus according to the digital signature generating algorithm in SM2 ellipse curve public key cipher algorithm, generate digital signature r and the s of message to be signed.
In the present invention, message m is spliced ' because message m to be signed and signer Hash Value ZA can be spliced into by signature control centre, by cryptographic Hash module, hash computing is carried out to it, obtain splicing message Hash Value e, random number generation module generates random number k, the base G of point doubling module to elliptic curve carries out k point doubling, generate coordinate (x1, y1), like this, signature control centre can obtain r according to r=(e+x1) mod n, all be false if this r meets r=0 and r+k=0, then this r is a signature section in the digital signature of m, otherwise, signature control centre notice random number generation module regenerates random number k, s generation module can according to s=[(1+dA) -1(k-rdA)] mod n generates s, and in the invalid situation of s=0, this s is No. two signature sections in the digital signature of m.Like this, r and s can export as the digital signature of m by signature control centre.Therefore, the present invention can with comprise signature control centre, cryptographic Hash module, random number generation module, point doubling module, s generation module hardware realize in SM2 ellipse curve public key cipher algorithm Digital Signature Algorithm.
Can realize the Digital Signature Algorithm in SM2 ellipse curve public key cipher algorithm from hardware due to system provided by the invention, thus arithmetic speed is more quicker than software simulating, also safer.
In addition, the Digital Signature Algorithm in SM2 ellipse curve public key cipher algorithm can be realized from hardware due to system provided by the invention, can ensure the safety of transfer of data by amount of calculation, the faster speed less than prior art, less keys sizes, lower bandwidth, thus the present invention has broad application prospects.
S generation module 205 in Fig. 2 is under the control of the sequential of signature control centre 201 arrangement, according to s=[(1+dA) -1(k-rdA)] mod n generates s, and the s of generation is sent to signature control centre 201.It is according to s=[(1+dA) -1(k-rdA) computing that] mod n carries out comprises: the inversion operation to (1+dA), the scalar multiplication computing to r and dA, subtraction between k and (rdA), to (1+dA) -1(k-rdA) scalar multiplication computing, because the p unit territory at elliptic curve place is the finite field under affine coordinate system, carry out these computing more complicated, the time of meeting at substantial, thus corresponding computing is carried out under needing to be transformed into other suitable computing environment, such as in territory, Montgomery, carry out computing, this can improve arithmetic speed, improves the efficiency that digital signature generates.
Fig. 3 is the structure chart of s generation module in the digital signature generation system of the p unit territory SM2 elliptic curve that the present invention proposes.As shown in Figure 3, s generation module 205 comprises: s generates and controls submodule 301, territory transform subblock 302, territory, Montgomery multiplication submodule 303, finite field inversions submodule 304;
S generate control submodule 301 for, receive r and k that signature control centre 201 sends in the value of finite field; (1+dA) is sent to finite field inversions submodule 304 in the value of finite field; By r, dA, (1+dA) -1territory transform subblock 302 is sent in the value of finite field with k; The value in territory, each for r and dA comfortable Montgomery is sent to territory, Montgomery multiplication submodule 303, carry out subtraction by (rdA) value in territory, Montgomery that k returns with it in the value in territory, Montgomery, obtain (k-rdA) value in territory, Montgomery; By (1+dA) -1(k-rdA) value in territory, each comfortable Montgomery is sent to territory, Montgomery multiplication submodule 303, and [(1+dA) that returned -1(k-rdA)] territory, Montgomery multiplication submodule 303 is sent in the value and 1 of affine coordinate system; By s=[(1+dA) -1(k-rdA)] mod n is sent to signature control centre 201 at the value s of finite field;
Territory transform subblock 302 for, by (1+dA) -1, r, dA and k be converted to the value in territory, each comfortable Montgomery respectively in the value of finite field, be sent to s and generate and control submodule 301;
Territory, Montgomery multiplication submodule 303 for, the multiplying of territory, Montgomery is carried out to the value of both r and dA in territory, Montgomery, by (rdA) that obtain the value in territory, Montgomery return s generate control submodule 301; By (1+dA) -1(k-rdA) value in territory, Montgomery both carries out the multiplying of territory, Montgomery, by [(1+dA) that obtain -1(k-rdA)] return s in the value of affine coordinate system and generate control submodule 301; To [(1+dA) -1(k-rdA)] multiplying of territory, Montgomery is carried out in the value and 1 of affine coordinate system, by the s=[(1+dA) obtained -1(k-rdA)] mod n is sent to s at the value s in finite field and generates control submodule 301; Here, due to (1+dA) -1(k-rdA) operation result that the value in territory, Montgomery both carries out territory, Montgomery multiplication is [(1+dA) -1(k-rdA)] in the value of finite field, this means that it must be no more than n, what thus also imply that it carries out n asks modular arithmetic, and therefore, territory, Montgomery multiplication submodule 303 can by [(1+dA) -1(k-rdA)] in the value of finite field as s=[(1+dA) -1(k-rdA)] mod n is sent to s at the value s of finite field and generates control submodule 301.
Finite field inversions submodule 304 for, in the value of finite field, inversion operation is carried out to (1+dA), by (1+dA) that obtain -1be sent to s in the value of finite field and generate control submodule 301.
Inversion operation in the present invention meets following operation rule: if the scalar product of variable u and v in finite field meets uv=1 mod n, then variable u is called the inversion amount of v, is designated as v=u -1.
As can be seen here, this s generation module utilizes finite field inversions submodule, carries out inversion operation to (1+dA) in the value of finite field, obtains its reciprocal value in finite field (1+dA) -1, then by data, as r, dA, (1+dA) -1and k, be sent to territory transform subblock, data are transformed into territory, Montgomery from finite field, and then these data are sent to territory, Montgomery multiplication submodule, realize its scalar multiplication computing in territory, Montgomery, and obtaining the value of product in finite field, after scalar multiplication computing terminates, s generates control submodule can turn back to signature control centre by the s obtained in the value of finite field.Here s generates and controls submodule is the control core generating s, and it has the function receiving and export data, transmit data, control the operation time sequence of each module at each intermodule.
What point doubling module 203 in Fig. 2 realized is the function of the base G of elliptic curve being carried out to k point doubling, and k point doubling carries out to point same on elliptic curve the computing that adds for k time, and the point carrying out adding for k time computing is here the base G of elliptic curve.K point doubling more complicated to be carried out to the point on elliptic curve in the finite field under affine coordinate system, operand is very large, thus consuming time very long, similar to the processing mode of s generation module, each point of computing in k point doubling also can transform in other suitable environment and carry out by the present invention, such as, transforms in the territory, Montgomery under projective coordinate system and carries out, be conducive to like this improving arithmetic speed, improve digital signature formation efficiency of the present invention.
Fig. 4 is the structure chart of point doubling module in the digital signature generation system of the p unit territory SM2 elliptic curve that the present invention proposes.As shown in Figure 4, point doubling module 203 comprises: point doubling control submodule 401, territory transform subblock 406, territory, Montgomery multiplication submodule 404, projection mooring points add submodule 402, projective system two point doubling submodule 403, finite field inversions submodule 405; Wherein,
Point doubling control submodule 401 for, the coordinate (x, y) of G under affine coordinate system is converted to the coordinate (x2, y2,1) under projective coordinate system, and x2, y2,1 is sent to territory transform subblock 406; By (x3, y3, z3) as the initial value of [k] G at the coordinate (x1, y1, z1) in territory, Montgomery; Determine the binary bits length L of k; Using the initial value of the secondary higher bit position in the binary form of k as its current bit position, from the secondary higher bit position in the binary form of k, each reduction bit, as current bit position, till its lowest bit position, carries out (L-1) secondary interative computation; Z1 in the result coordinate (x1, y1, z1) of secondary to (L-1) interative computation is sent to territory, Montgomery multiplication submodule 404; The z1 that territory, Montgomery multiplication submodule 404 returns is sent to finite field inversions submodule 405 in the value of finite field; By the z1 that finite field inversions submodule 405 returns -1territory transform subblock 406 is sent in the value of finite field; By x1, y1 and z1 in the result coordinate (x1, y1, z1) of secondary to (L-1) interative computation -1the value in territory, each comfortable Montgomery is sent to territory, Montgomery multiplication submodule 404, and both x1, y1 of being returned are sent to territory, Montgomery multiplication submodule 404 respectively in the value of affine coordinate system with 1; Both x1, y1 of being returned by territory, Montgomery multiplication submodule 404 are sent to signature control centre 201 as [k] G at the coordinate (x1, y1) of finite field in the value of finite field; An interative computation wherein comprises: by current (x1, y1, z1) be sent to projective system two point doubling submodule 403, when current bit position is binary one, the output coordinate that projective system two point doubling submodule 403 returns is sent to projection mooring points and adds submodule 402;
Territory transform subblock 406 for, x2, y2,1 are converted to respectively value x3, y3, the z3 in territory, each comfortable Montgomery in the value of finite field, and returned point doubling control submodule 401; By z1 -1be converted to its value in territory, Montgomery in the value of finite field, and returned point doubling and control submodule 401;
Projection mooring points add submodule 402 for, input coordinate and (x3, y3, z3) are carried out point add operation, operation result are sent to point doubling and control submodule 401;
Projective system two point doubling submodule 403 for, two point doublings are carried out to input coordinate, using operation result as output coordinate be back to point doubling control submodule 401;
Territory, Montgomery multiplication submodule 404 for, the multiplying of territory, Montgomery is carried out to z1 and 1, by the z1 obtained the value of finite field be sent to point doubling control submodule 401; To x1 and z1 -1the two value, y1 and z1 in territory, Montgomery -1the two value in territory, Montgomery carries out the multiplying of territory, Montgomery respectively, both x1, y1 of obtaining is returned point doubling in the value of affine coordinate system and controls submodule 401; Point doubling is controlled both x1, y1 that submodule 401 sends and carry out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system, both x1, y1 of obtaining are turned back to point doubling in the value of finite field and controls submodule 401;
Finite field inversions submodule 405 for, inversion operation is carried out, by the z1 obtained in the value of finite field to z1 -1be sent to point doubling in the value of finite field and control submodule 401.
As can be seen here, the method that point doubling module 203 couples of G carry out k point doubling is: point doubling controls submodule by the coordinate (x of G under affine coordinate system, y) coordinate (x2, y2,1) under projective coordinate system is converted to, each coordinate is the value in finite field, then by the value x2 of territory transform subblock by finite field, y2,1 value x3, y3, z3 being transformed to territory, Montgomery respectively, like this, just ensuing iterative computation can be carried out easily.The process of this iterative computation comprises initial assignment phase and (L-1) secondary iterative computation stage, initial assignment phase comprises: by the coordinate (x3 in territory, Montgomery, y3, z3) as the coordinate (x1 of [k] G in territory, Montgomery, y1, z1) initial value, determine the binary bits length L of k, using the initial value (here, in the binary form of k, the highest-order bit of k be binary number 1) of the secondary higher bit position in the binary form of k as the current bit position of k, follow-up (L-1) secondary iterative computation stage will carry out (L-1) secondary interative computation, in the binary form of this interative computation k, the sequence number of bit is cyclic variable, the initial value of this cyclic variable is the secondary higher bit position in the binary form of above-mentioned k, moving direction is the direction towards lowest bit position, the quantity of each movement is 1, namely cyclic variable moves a bit towards the direction of lowest bit position at every turn, simultaneously, the current bit position of k is along with the change of cyclic variable, also be gradually become lowest bit position time higher bit position from the binary form of k, each change is also a bit.Iterative process is carried out in the territory, Montgomery under projective coordinate system.One time interative computation process comprises: current coordinate (x1, y1, z1) is sent to projective system two point doubling submodule, makes it carry out two point doublings to input coordinate, operation result is returned point doubling and controls submodule; When the current bit position of k is binary number 1, the result that projective system two point doubling submodule returns is sent to projection mooring points and adds submodule, make it to input coordinate and (x3, y3, z3) carry out a point add operation, result is back to point doubling and controls submodule.After (L-1) secondary interative computation terminates, need operation result coordinate (x1, y1, z1) z1 in carries out inversion operation, so that the finite field data switched back to by x1 and y1 under affine coordinate system export, in the present invention, point doubling controls submodule and z1 is sent into territory, Montgomery multiplication submodule, it is made to carry out the multiplying of territory, Montgomery to z1 and 1, obtain the value of z1 in finite field, then in finite field, inversion operation is carried out to this value by finite field inversions submodule, obtain z1 -1in the value of finite field, then by territory transform subblock, this value is converted, become z1 -1in the value in territory, Montgomery.Through this computing, can by x1, y1 and z1 -1territory, Montgomery multiplication submodule is sent to, by it respectively to x1 and z1 in the value in territory, Montgomery -1at value, y1 and the z1 in territory, Montgomery -1value in territory, Montgomery carries out the multiplying of territory, Montgomery respectively, obtain both x1, y1 value at affine coordinate system, then both x1, y1 are carried out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system, finally obtain both x1, y1 value in finite field, like this, point doubling module 203 just by the k point doubling to G, obtains the coordinate (x1 of a point on elliptic curve, y1), x1 and y1 is here the value under affine coordinate system in finite field.
In this point doubling process, it is control core that point doubling controls submodule, is responsible for data in the transmission of intermodule and reception, each arrangement of module work sequential, the output etc. of result of calculation.
The digital signature generation system of above-mentioned p unit territory SM2 elliptic curve generates the digital signature r and s that wait to sign close message m, verifies it with regard to needing special signature verification system, thus whether safe judge in data transmission procedure.For this reason, national Password Management office also discloses the digital signature verification algorithm in SM2 ellipse curve public key cipher algorithm.Fig. 5 is the flow chart of the digital signature verification algorithm in the SM2 ellipse curve public key cipher algorithm of national Password Management office announcement.As shown in Figure 5, this algorithm comprises the following steps:
Step 501: the base G of known elliptic curve, the rank n of elliptic curve, message M ' to be verified, authentication Hash Value ZA ', signer PKI PA, digital signature r ' to be verified and s '.
Similar to the step 101 in Fig. 1, this step is also the confirmation step of a precognition amount.Wherein, identical with described in step 101 of the base G of elliptic curve and rank n, is the characteristic quantity of the elliptic curve described in ellipse curve public key cipher algorithm; Message M ' to be verified is for needing the message of carrying out digital signature authentication, namely usually said data ciphertext, this digital signature verification algorithm is namely for verifying the authenticity of M ', if by checking, illustrate that M ' is transmitted by signer and is not believable by the fact of distorting halfway, otherwise, checking is not passed through, then illustrate that M ' may not be transmitted by signer, or midway is intercepted and captured, is distorted, was copied, because of but incredible; Identical with the computing of signer Hash Value ZA, authentication Hash Value ZA ' be also to the abscissa of the abscissa of parameter a and b in the distinguished mark of signer and length thereof, p unit territory elliptic curve equation, G and ordinate, signer PKI PA and ordinate splicing after Bit String carry out cryptographic Hash computing after the Hash Value that obtains, cryptographic Hash computing is here identical with the cryptographic Hash computing described in step 101.Different from the step 101 in digital signature generating algorithm, the parameter predicted is needed also to comprise digital signature r ' to be verified and s ' in digital signature verification algorithm, this digital signature is that authentication reception obtains, corresponding with M ', r ' wherein can think a signature section of digital signature to be verified, and s ' can think No. two signature sections of digital signature to be verified.
Step 502: judge r ' whether between 1 and n-1.
Here, r ' must be less than the rank n of elliptic curve, and for being greater than the positive integer of 0, therefore, if r ' is not between 1 and n-1, then performs step 512, judges that checking is not passed through, otherwise, perform step 503.
Step 503: judge s ' whether between 1 and n-1.
Here, identical with r ', s ' also must be less than the rank n of elliptic curve, and for being greater than the positive integer of 0, therefore, if s ' is not between 1 and n-1, then performs step 512, judges that checking is not passed through, otherwise, perform step 504.
Step 504: ZA ' and M ' is spliced into authentication and splices message.
What this step performed is splicing computing, is spliced by M ' after ZA ' most end bit.
Step 505: cryptographic Hash computing is carried out to authentication splicing message, the side's of being verified splicing message Hash Value e '.
This step is the step of carrying out cryptographic Hash computing, and the length of the e ' of output can be 192 bits, also can be 256 bits.
Step 506: calculate t according to t=(r '+s ') mod n.
Step 507: judge whether t is 0.
Here, set up if judged result is t=0, then perform step 512, be judged as that checking is not passed through, otherwise, perform step 508.
Step 508: according to calculating (x1 ', y1 ')=[s '] G+ [t] PA coordinates computed (x1 ', y1 ').
Here [s '] G and [t] PA is respectively the s ' point doubling to G and the t point doubling to PA, and because operation result is coordinate a little, thus plus sige is wherein point add operation.
Step 509: determine R according to R=(e '+x1 ') mod n.
Step 510: judge that whether R is equal with r '.
The judged result of this step if YES, then performs step 511, judges to be verified, otherwise performs step 512, is judged as that checking is not passed through.
Step 511: be judged as being verified.
Step 512: be judged as that checking is not passed through.
This algorithm is the digital signature verification algorithm corresponding with the digital signature generating algorithm shown in Fig. 1, and any hardware device that can realize this digital signature verification algorithm also not yet appears in prior art.
Corresponding with the digital signature generation system of above-mentioned p first territory SM2 elliptic curve, the present invention proposes the digital signature authentication system of a kind of p unit territory SM2 elliptic curve, the digital signature r that the digital signature generation system for the p unit territory SM2 elliptic curve described in proof diagram 2 generates and s.
Fig. 6 is the structure chart of the digital signature authentication system of p provided by the invention unit territory SM2 elliptic curve.As shown in Figure 6, this system comprises: access control center 601, cryptographic Hash module 602, point doubling module 603, point add module 604; Wherein,
Access control center 601 for, using the digital signature of message M ' to be verified that the r ' received and s ' exports as digital signature generation system; Judge r ' and s ' whether all between 1 and (n-1); M ' and signer Hash Value ZA ' are spliced, by the authentication splicing message obtained be sent to cryptographic Hash module 602; Determine t according to t=(r '+s ') mod n, judge whether t is 0; S ' and t is sent to point doubling module 603, and [s '] G point doubling module 603 returned and [t] PA is sent to and a little adds module 604; Determine R according to R=(e '+x1 ') mod n, and judge that whether R is equal with r '; Judge r ' not between 1 and (n-1), s ' not between 1 and (n-1), t is 0, R and r ' unequal in arbitrary situation time, export the message that digital signature authentication is not passed through, when above-mentioned each situation does not all occur, export the message that digital signature authentication is passed through; Wherein, n is the rank of elliptic curve;
Cryptographic Hash module 602 for, right carry out cryptographic Hash computing, the authentication generated splicing message Hash Value e ' is sent to access control center 601;
Point doubling module 603 for, s ' point doubling is carried out to the base G of elliptic curve, the operation result obtained [s '] G is sent to access control center 601; T point doubling is carried out to the PKI PA of signer, the operation result obtained [t] PA is sent to access control center 601;
Point add module 604 for, point add operation is carried out to [s '] G of input and [t] PA, operation result (x1 ', y1 ') is sent to access control center 601.
In this system, access control center is the control core realizing digital signature verification algorithm, and it is responsible for arranging the work schedule of each module, in each intermodule swap data, the authenticity etc. receiving data, certifying digital signature.Cryptographic Hash module is the module realizing cryptographic Hash computing, point doubling module is the module realizing point doubling, it is the module realizing point add operation that point adds module, and these modules all work under the control at access control center, thus realize digital signature verification algorithm.
At base G, the rank n of elliptic curve, the signer PKI PA of known elliptic curve, obtain authentication Hash Value ZA ', and when receiving message M ' to be verified, digital signature r ' to be verified and s ' (corresponding with step 501), access control center can judge r ' and s ' whether all between 1 and (n-1), thus realizes the function of step 502 and 503; M ' and authentication Hash Value ZA ' also splice by access control center, realize the function of step 504; Authentication is spliced message by access control center be sent to cryptographic Hash module, make it right carry out cryptographic Hash computing, generate authentication splicing message Hash Value e ', this is corresponding with step 505; T is determined according to t=(r '+s ') mod n in access control center, and judges whether t is 0, can realize the function of step 506 and 507; S ' and t is sent to point doubling module by access control center, it is made to carry out s ' point doubling and t point doubling to G and PA respectively, then two are returned results to be sent to and a little add module, make it return results two and carry out point add operation, obtain operation result (x1 ', y1 '), realize the function of step 508; R is determined according to R=(e '+x1 ') mod n in access control center, and judges that whether R is equal with r ', thus can realize the function of step 509 and 510; When occur r ' not between 1 and (n-1), s ' not between 1 and (n-1), t is 0, R and r ' unequal in arbitrary situation time, access control center exports the message that digital signature authentication is not passed through, otherwise, above-mentioned arbitrary situation does not all occur, then export the message that digital signature authentication is passed through, this is corresponding with step 512 and 511 difference.As can be seen here, the digital signature authentication system shown in Fig. 6 can realize the digital signature verification algorithm shown in Fig. 5.
Similar to the digital signature generation system shown in Fig. 2, the point doubling module in this digital signature authentication system is also the module of carrying out point doubling, and what it realized is carry out s ' point doubling to G and carry out t point doubling to PA.
Fig. 7 is the structure chart of point doubling module in the digital signature authentication system of p provided by the invention unit territory SM2 elliptic curve.As shown in Figure 7, this point doubling module 603 comprises: point doubling control submodule 701, territory transform subblock 702, territory, Montgomery multiplication submodule 706, projection mooring points add submodule 705, projective system two point doubling submodule 704, finite field inversions submodule 703; Wherein,
Point doubling control submodule 701 for, by G, PA coordinate under affine coordinate system (x2 ', y2 '), (x5 ', y5 ') be converted to respectively coordinate under projective coordinate system (x3 ', y3 ', 1), (x6 ', y6 ', 1), and respectively by x3 ', y3 ', 1 and x6 ', y6 ', 1 be sent to territory transform subblock 702, will (x4 ', y4 ', z4 ') and (x7 ', y7 ', z7 ') be sent to projection mooring points respectively and add submodule 705, and using it as [s '] G and [t] PA territory, Montgomery coordinate (x11 ', y11 ', z11 ') and the initial value of (x12 ', y12 ', z12 '), determine binary bits length LA and the LB of s ' and t respectively, respectively using the initial value of the secondary higher bit position in the binary form of LA and LB as respective current bit position, and respectively from respective secondary higher bit position, each reduction bit is as respective current bit position, till respective lowest bit position, carry out (LA-1) and (LB-1) secondary interative computation respectively, respectively by the result coordinate of (LA-1) and (LB-1) secondary interative computation (x11 ', y11 ', z11 ') and (x12 ', y12 ', z12 ') in z11 ' and z12 ' be sent to territory, Montgomery multiplication submodule 706, the z11 ' returned by territory, Montgomery multiplication submodule 706 respectively and z12 ' is sent to finite field inversions submodule 703 in the value of finite field, respectively by z11 ' that finite field inversions submodule 703 returns -1with z12 ' -1territory transform subblock 702 is sent in the value of finite field, by x11 ', y11 ' and z11 ' in the result coordinate of secondary to (LA-1) interative computation (x11 ', y11 ', z11 ') -1be sent to territory, Montgomery multiplication submodule 706 in the value in territory, Montgomery, both the x11 ' returned, y11 ' are sent to territory, Montgomery multiplication submodule 706 respectively in the value of affine coordinate system with 1, by x12 ', y12 ' and z12 ' in the result coordinate of secondary to (LB-1) interative computation (x12 ', y12 ', z12 ') -1be sent to territory, Montgomery multiplication submodule 706 in the value in territory, Montgomery, both the x12 ' returned, y12 ' are sent to territory, Montgomery multiplication submodule 706 respectively in the value of affine coordinate system with 1, x11 ', y11 ' that territory, Montgomery multiplication submodule 706 is returned the two be sent to access control center as [s '] G at the coordinate (x11 ', y11 ') of finite field in the value of finite field, x12 ', y12 ' that territory, Montgomery multiplication submodule 706 is returned the two be sent to access control center 601 as [t] PA at the coordinate (x12 ', y12 ') of finite field in the value of finite field, an interative computation wherein comprises: respectively by the coordinate of [s '] G and [t] PA (x11 ', y11 ', z11 '), (x12 ', y12 ', z12 ') currency be sent to projective system two point doubling submodule 704, when the current bit position of s ' is binary one, projective system two point doubling submodule 704 is returned (x11 ', y11 ', z11 ') currency be sent to projection mooring points and add submodule 705, when the current bit position of t is binary one, projective system two point doubling submodule 704 is returned (x12 ', y12 ', z12 ') currency be sent to projection mooring points and add submodule 705,
Territory transform subblock 702 for, respectively by x3 ', y3 ', 1 and x6 ', y6 ', 1 be converted to value x4 ', the y4 ' in territory, each comfortable Montgomery, z4 ' and x7 ', y7 ', z7 ' in the value of finite field, and returned point doubling and controlled submodule 701; Respectively by z11 ' -1with z12 ' -1be converted to its value in territory, Montgomery in the value of finite field, and returned point doubling and control submodule 701;
Projection mooring points add submodule 705 for, by input (x11 ', y11 ', z11 ') currency with (x4 ', y4 ', z4 ') carry out point add operation, using operation result as new (x11 ', y11 ', z11 ') currency be sent to point doubling control submodule 701; By the currency of (x12 ', y12 ', z12 ') of input with (x7 ', y7 ', z7 ') carry out point add operation, using operation result as new (x12 ', y12 ', z12 ') currency be sent to point doubling control submodule 701;
Projective system two point doubling submodule 704 for, to input [s '] G and [t] PA coordinate (x11 ', y11 ', z11 '), (x12 ', y12 ', z12 ') currency carry out two point doublings respectively, using operation result as (x11 ', y11 ', z11 ') and (x12 ', y12 ', z12 ') currency be back to point doubling control submodule 701;
Territory, Montgomery multiplication submodule 706 for, the multiplying of territory, Montgomery is carried out to z11 ' and 1, by the z11 ' obtained the value of finite field be sent to point doubling control submodule 701; The multiplying of territory, Montgomery is carried out to z12 ' and 1, the z12 ' obtained is sent to point doubling in the value of finite field and controls submodule 701; To x11 ' and z11 ' -1the value in territory, each comfortable Montgomery, y11 ' and z11 ' -1the value in territory, each comfortable Montgomery carries out the multiplying of territory, Montgomery respectively, and by the x11 ' obtained, y11 ', the two returns point doubling in the value of affine coordinate system and controls submodule 701; The two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system point doubling to be controlled x11 ', y11 ' that submodule 701 sends, and by the x11 ' obtained, y11 ', the two turns back to point doubling in the value of finite field and controls submodule 701; To x12 ' and z12 ' -1the two value in territory, Montgomery, y12 ' and z12 ' -1the two value in territory, Montgomery carries out the multiplying of territory, Montgomery respectively, and by the x12 ' obtained, y12 ', the two returns point doubling in the value of affine coordinate system and controls submodule 701; The two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system point doubling to be controlled x12 ', y12 ' that submodule 701 sends, and by the x12 ' obtained, y12 ', the two turns back to point doubling in the value of finite field and controls submodule 701;
Finite field inversions submodule 703 for, respectively inversion operation is carried out, by the z11 ' obtained in the value of finite field to z11 ' and z12 ' -1with z12 ' -1be sent to point doubling in the value of finite field and control submodule 701.
As can be seen here, point doubling controls the control core that submodule is this point doubling module, can control the operation time sequence of each module, transmit data at each intermodule, receive and export data.Compared with the point doubling module shown in Fig. 4, this point doubling module is except for digital signature authentication system, for carrying out point doubling to the coordinate of two points, and the number difference of point doubling (the point doubling module in Fig. 4 carries out k point doubling to G, this point doubling module is used for carrying out s ' point doubling to G and carrying out t point doubling to PA), and computing data used different outside, the point doubling module shown in Fig. 4 and Ben Tu is functionally identical.
In this digital signature authentication system, point adds module 604 for carrying out point add operation to [s '] G of input and [t] PA, and the result of point add operation is coordinate (x1 ', y1 '), is exported to access control center 601.Be data in finite field under affine coordinate system due to what input here, carry out point add operation more complicated, therefore, point add operation can be carried out in the territory, Montgomery under data transformation to projective coordinate system by the present invention, can improve operation efficiency like this.
Fig. 8 is the structure chart that the digital signature authentication system mid point of p provided by the invention unit territory SM2 elliptic curve adds module.As shown in Figure 8, this point adds module 604 and comprises: point add control submodule 801, territory transform subblock 805, projection mooring points add submodule 802, territory, Montgomery multiplication submodule 804, finite field inversions submodule 803; Wherein,
Point add control submodule 801 for, Receipt Validation control centre 601 send [s '] G and the coordinate of [t] PA under affine coordinate system (x11 ', y11 ') and (x12 ', y12 '), the two is converted to respectively coordinate under each comfortable projective coordinate system (x11 ', y11 ', 1) and (x12 ', y12 ', 1), and by x11 ', y11 ', 1 and x12 ', y12 ', 1 be sent to territory transform subblock 805; X11 ', y11 ' that territory transform subblock 805 is returned, 1 and x12 ', y12 ', 1 value x111 ', y111 ', z111 ' and x121 ' in territory, Montgomery, y121 ', z121 ' be sent to projection mooring points and add submodule 802; The z131 ' added by projection mooring points in the coordinate of [s '] G+ [t] PA under projective coordinate system that submodule 802 returns (x131 ', y131 ', z131 ') is sent to territory, Montgomery multiplication submodule 804; The z131 ' that territory, Montgomery multiplication submodule 804 returns is sent to finite field inversions submodule 803 in the value of finite field; By the z131 ' that finite field inversions submodule 803 returns -1territory transform subblock 805 is sent in the value of finite field; By x131 ', y131 ' and z131 ' in the coordinate of [s '] G+ [t] PA under projective coordinate system (x131 ', y131 ', z131 ') -1be sent to territory, Montgomery multiplication submodule 804 in the value in territory, Montgomery, both the x131 ' returned, y131 ' are sent to territory, Montgomery multiplication submodule 804 respectively in the value of affine coordinate system with 1; X131 ', y131 ' that territory, Montgomery multiplication submodule 804 is returned the two be sent to access control center 601 in the value of finite field as (x1 ', y1 ');
Territory transform subblock 805 for, respectively by x11 ', y11 ', 1 and x12 ', y12 ', 1 be converted to value x111 ', the y111 ' in territory, each comfortable Montgomery, z111 ' and x121 ', y121 ', z121 ' in the value of finite field, and its reentry point added control submodule 801; By z131 ' -1its value in territory, Montgomery is converted in the value of finite field, and by z131 ' -1add at the value reentry point in territory, Montgomery and control submodule 801;
Projection mooring points add submodule 802 for, x111 ', the y111 ' of input, z111 ' and x121 ', y121 ', z121 ' are carried out point add operation, using operation result as the coordinate of [s '] G+ [t] PA under projective coordinate system (x131 ', y131 ', z131 ') be sent to a little add control submodule 801;
Territory, Montgomery multiplication submodule 804 for, to input z131 ' and 1 carry out the multiplying of territory, Montgomery, by the z131 ' obtained the value of finite field be sent to a little add control submodule 801; To x131 ' and z11 ' -1the value in territory, each comfortable Montgomery, y131 ' and z11 ' -1the value in territory, each comfortable Montgomery carries out the multiplying of territory, Montgomery respectively, and by the x131 ' obtained, y131 ', the two adds control submodule 801 at the value reentry point of affine coordinate system; Added by point and control submodule 801 x131 ', the y131 ' that send the two carries out the multiplying of territory, Montgomery respectively in the value of affine coordinate system with 1, by the x131 ' obtained, y131 ', the two to turn back in the value of finite field and a little adds control submodule 801;
Finite field inversions submodule 803 for, to input z131 ' carry out inversion operation, by the z131 ' obtained in the value of finite field -1be sent to a little to add in the value of finite field and control submodule 801.
As can be seen here, this point adds in module, and it is control core that point adds control submodule, can control the operation time sequence of each module, transmit data at each intermodule, receive and export data.
This point adds module and carries out point add operation to [s '] G of input and [t] PA, and the process obtaining operation result (coordinate (x1 ', y1 ')) is:
Point add control submodule receive [s '] G and the coordinate of [t] PA under affine coordinate system (x11 ', y11 ') and (x12 ', y12 '), the two is converted to respectively coordinate under each comfortable projective coordinate system (x11 ', y11 ', 1) and (x12 ', y12 ', 1), then by x11 ', y11 ', 1 and x12 ', y12 ', 1 liang group data be sent to territory transform subblock respectively, make its value x111 ', y111 ' these two groups of data being transformed to respectively territory, Montgomery, z111 ' and x121 ', y121 ', z121 ';
Like this, point adds control submodule and just the value x111 ' under these projective coordinate systems, y111 ', z111 ' and x121 ', y121 ', z121 ' can be sent to projection mooring points and add submodule, it is made under projective coordinate system, to carry out point add operation to these two groups of data, obtain the coordinate of [s '] G+ [t] PA under projective coordinate system (x131 ', y131 ', z131 ');
Next, point add control that submodule will do be the coordinate of [s '] G+ [t] PA under projective coordinate system (x131 ', y131 ', z131 ') is converted to coordinate under affine coordinate system (x1 ', y1 '), be sent to access control center 601.This transfer process comprises the steps:
Point adds and controls submodule the z131 ' in (x131 ', y131 ', z131 ') is sent to finite field inversions submodule in the value of finite field, to obtain the reciprocal value z131 ' of z131 ' -1in the value of finite field;
Point adds control submodule by z131 ' -1be sent to territory transform subblock in the value of finite field, make it by z131 ' -1be z131 ' at the value transform of finite field -1in the value in territory, Montgomery;
Then, point adds and controls submodule by x131 ', y131 ' and z131 ' in (x131 ', y131 ', z131 ') -1be sent to territory, Montgomery multiplication submodule in the value in territory, Montgomery, make it first to x131 ' and z11 ' -1value in territory, Montgomery, y131 ' and z11 ' -1value in territory, Montgomery carries out the multiplying of territory, Montgomery respectively, obtains the two value at affine coordinate system of x131 ', y131 '; Then by x131 ', y131 ', the two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system, obtains the two value in finite field of x131 ', y131 ';
Finally, point add control submodule just can the two be sent to access control center in the value of finite field as (x1 ', y1 ') using x131 ', y131 ', achieve the point add operation of [s '] G with [t] PA.
Digital signature generation system as shown in Figure 2 and the digital signature authentication system shown in Fig. 6 can be found out, the two exists the identical module of some functions, and these modules comprise: point doubling module and cryptographic Hash module.The digital signature generation system that will realize due to the present invention and digital signature authentication system are for ensureing the fail safe of the transfer of data between signer and authentication, thus communicating pair all will be equipped with a set of digital signature generation system, also a set of digital signature authentication system to be all equipped with, to generate the digital signature of we, and verify the digital signature that the other side sends.Therefore, module identical for function in two kinds of systems can be merged, the digital signature forming a kind of p unit territory SM2 elliptic curve generates, verifies hybrid system.
Fig. 9 is that the digital signature of p provided by the invention unit territory SM2 elliptic curve generates, the structure chart of checking hybrid system.The rank of elliptic curve are here n, and base is G, and signer has PKI PA and private key dA.As shown in Figure 9, this system comprises: signature control centre 901, access control center 902, random number generation module 904, s generation module 905, cryptographic Hash module 907, point doubling module 906, upper strata final election module 903, point add module 908; Cryptographic Hash module 907 in this system, point doubling module 906 all have signature generate pattern and signature verification pattern; Wherein,
Signature control centre 901 for, send signature generate pattern signal to upper strata final election module 903; Message m to be signed and signer Hash Value ZA are spliced, the splicing message m by obtaining ' be sent to cryptographic Hash module 907 by upper strata final election module 903; R is calculated according to r=(e+x1) mod n; R is sent to s generation module 905; When r=0, r+k=n or s=0, notice random number generation module 904 regenerates k; K is sent to s generation module 905; K is sent to point doubling module 906 by upper strata final election module 903; R and s is exported as the digital signature of m;
Access control center 902 for, send signature verification mode signal to upper strata final election module 903; Using the digital signature of the message M ' to be verified that the r ' received and s ' exports as digital signature generation system; Judge r ' and s ' whether all between 1 and (n-1); M ' and signer Hash Value ZA ' are spliced, by the authentication splicing message obtained cryptographic Hash module 907 is sent to by upper strata final election module 903; Determine t according to t=(r '+s ') mod n, judge whether t is 0; S ' and t is sent to point doubling module 906 by upper strata final election module 903, and [s '] G point doubling module 906 returned and [t] PA is sent to and a little adds module 908; Determine R according to R=(e '+x1 ') mod n, and judge that whether R is equal with r '; Judge r ' not between 1 and (n-1), s ' not between 1 and (n-1), t is 0, R and r ' unequal in arbitrary situation time, export the message that digital signature authentication is not passed through, when above-mentioned each situation does not all occur, export the message that digital signature authentication is passed through;
Cryptographic Hash module 907 for, under signature generate pattern, cryptographic Hash computing is carried out to m ', by the splicing message Hash Value e that generates by the forwarding of upper strata final election module 903, delivers to signature control centre 901; Under signature verification pattern, right carry out cryptographic Hash computing, the authentication generated is spliced message Hash Value e ' by the forwarding of upper strata final election module 903, deliver to access control center 902;
Random number generation module 904 for, the random number k of generation is sent to signature control centre 901;
Point doubling module 906 for, signature generate pattern under, k point doubling is carried out to G, using generate coordinate (x1, y1) as operation result [k] G, by the forwarding of upper strata final election module 903, deliver to signature control centre 901; Under signature verification pattern, s ' point doubling is carried out to G, by the forwarding that operation result [s '] G obtained passes through upper strata final election module 903, deliver to access control center 902; T point doubling is carried out to PA, by the forwarding that operation result [t] PA obtained passes through upper strata final election module 903, delivers to access control center 902;
S generation module 905 for, according to s=[(1+dA) -1(k-rdA)] mod n generates s, the s of generation is sent to signature control centre 901;
Point add module 908 for, point add operation is carried out to [s '] G of input and [t] PA, operation result (x1 ', y1 ') is sent to access control center 902;
Upper strata final election module 903 for, according to signature generate pattern signal, the mode of operation of cryptographic Hash module 907, point doubling module 906 is defined as generate pattern of signing; According to signature verification mode signal, the mode of operation of cryptographic Hash module 907, point doubling module 906 is defined as signature verification pattern.
As can be seen here, this hybrid system is by arranging upper strata final election module, thus point doubling module and cryptographic Hash module carried out multiplexing, namely within the system, the part that namely point doubling module and cryptographic Hash module can be used as in digital signature generation system carries out work, can carry out work again as the part in digital signature verification algorithm.Signature control centre, two-way communication between access control center and these two multiplexing modules are forwarded by upper strata final election module respectively, signature control centre, access control center can control upper strata final election module to arrange the mode of operation of these two multiplexing modules, it are set to respectively signature generate pattern and signature verification pattern.
Under signature generate pattern, signature control centre 901, random number generation module 904, s generation module 905, cryptographic Hash module 907, point doubling module 906, upper strata final election module 903 together constitute the digital signature generation system of p unit territory SM2 elliptic curve, if do not consider the data retransmission of upper strata final election module 903 and determine the function of mode of operation, removed, signature control centre 901 and other four modules are directly communicated, then this digital signature generation system is the digital signature generation system shown in Fig. 2.
Equally, under signature verification pattern, access control center 902 in this hybrid system, cryptographic Hash module 907, point doubling module 906, upper strata final election module 903, point add the digital signature authentication system that module 908 together constitutes a kind of p unit territory SM2 elliptic curve, if do not consider the data retransmission of upper strata final election module 903 and determine the function of mode of operation, removed, this digital signature authentication system is the digital signature authentication system shown in Fig. 6.
Hybrid system shown in Fig. 9 is provided with a final election module, and namely achieve the multiplexing of cryptographic Hash module and point doubling module, therefore, the present invention has saved hardware resource greatly, decreases the area of chip, and this is conducive to the miniaturization of this equipment and integrated.
Comparison diagram 3,4,7 and 8 known, these modules further comprise the identical or close submodule of some functions, also can carry out multiplexing according to the mode of Fig. 9, thus save hardware resource further, reduce chip area.
Figure 10 is that the digital signature of p provided by the invention unit territory SM2 elliptic curve generates, the structure chart of the most preferred embodiment of checking hybrid system.As shown in Figure 10, this system can regard as Fig. 3,4,7,8 and 9 comprehensive, it is except possessing the signature control centre 1001 identical with function in Fig. 9, access control center 1002, upper strata final election module 1003, random number generation module 1004, cryptographic Hash module 1007, also comprising lower floor's final election module 1010 further, for realizing, the multiplexing of submodule 1014 being added to territory transform subblock 1011, territory, Montgomery multiplication submodule 1012, finite field inversions submodule 1013 and projection mooring points.
This system comprises: add by s generation module, point doubling module, some territory transform subblock 1011, territory, Montgomery multiplication submodule 1012, the finite field inversions submodule 1013 that module shares, and the projection mooring points adding module shared by point doubling module, point adds submodule 1014;
S generation module comprises: s generates and controls submodule 1005; Point doubling module comprises: point doubling controls submodule 1006, projective system two point doubling submodule 1009; Point adds module and comprises: point adds control submodule 1008;
S generate control submodule 1005 for, signature generate pattern under, send s generate pattern signal to lower floor's final election module 1010; Receive the value of r and k in finite field of signature control centre 1001 output; (1+dA) is sent to finite field inversions submodule 1013 in the value of finite field by lower floor's final election module 1010; By r, dA, (1+dA) -1territory transform subblock 1011 is sent in the value of finite field by lower floor's final election module 1010 with k; The value in territory, each for r and dA comfortable Montgomery is sent to territory, Montgomery multiplication submodule 1012 by lower floor's final election module 1010, carry out subtraction with k in the value in territory, Montgomery and its (rdA) value in territory, Montgomery returned by lower floor's final election module 1010, obtain (k-rdA) value in territory, Montgomery; By (1+dA) -1(k-rdA) value in territory, each comfortable Montgomery is sent to territory, Montgomery multiplication submodule 1012 by lower floor's final election module 1010, and by [(1+dA) that it is returned by lower floor's final election module 1010 -1(k-rdA)] territory, Montgomery multiplication submodule 1012 is sent to by lower floor's final election module 1010 again in the value and 1 of affine coordinate system; By s=[(1+dA) -1(k-rdA)] mod n is sent to signature control centre 1001 at the value s of finite field;
Point doubling control submodule 1006 for, signature generate pattern under, to lower floor's final election module 1010 send point doubling signature Seize ACK message, the coordinate (x, y) of G under affine coordinate system is converted to the coordinate (x2, y2,1) under projective coordinate system, and x2, y2,1 are sent to territory transform subblock 1011 by lower floor's final election module 1010, by (x3, y3, z3) as the initial value of [k] G at the coordinate (x1, y1, z1) in territory, Montgomery, determine the binary bits length L of k, using the initial value of the secondary higher bit position in the binary form of k as its current bit position, from the secondary higher bit position in the binary form of k, each reduction bit, as current bit position, till its lowest bit position, carries out (L-1) secondary interative computation, z1 in the result coordinate (x1, y1, z1) of secondary to (L-1) interative computation is sent to territory, Montgomery multiplication submodule 1012 by lower floor's final election module 1010, the z1 returned by territory, Montgomery multiplication submodule 1012 is sent to finite field inversions submodule 1013 in the value of finite field by lower floor's final election module 1010, by the z1 that finite field inversions submodule 1013 returns -1territory transform subblock 1011 is sent to by lower floor's final election module 1010 in the value of finite field, by x1, y1 and z1 in the result coordinate (x1, y1, z1) of secondary to (L-1) interative computation -1value in territory, Montgomery is sent to territory, Montgomery multiplication submodule 1012 by lower floor's final election module 1010, and both x1, y1 of being returned are sent to territory, Montgomery multiplication submodule 1012 with 1 by lower floor's final election module 1010 respectively in the value of affine coordinate system, both x1, y1 of being returned by territory, Montgomery multiplication submodule 1012 are forwarded to signature control centre 1001 at the coordinate (x1, y1) of finite field by upper strata final election module 1003 as [k] G in the value of finite field, an interative computation wherein comprises: by current (x1, y1, z1) be sent to projective system two point doubling submodule 1009, when current bit position is binary one, the output coordinate that projective system two point doubling submodule 1009 returns is sent to projection mooring points by lower floor's final election module 1010 and adds submodule 1014, under signature verification pattern, send point doubling checking Seize ACK message to lower floor's final election module 1010, by G, PA coordinate under affine coordinate system (x2 ', y2 '), (x5 ', y5 ') be converted to respectively coordinate under projective coordinate system (x3 ', y3 ', 1), (x6 ', y6 ', 1), and respectively by x3 ', y3 ', 1 and x6 ', y6 ', 1 be sent to territory transform subblock 1011 by lower floor's final election module 1010, will (x4 ', y4 ', z4 ') and (x7 ', y7 ', z7 ') be sent to projection mooring points respectively by lower floor's final election module 1010 and add submodule 1014, and using it as [s '] G and [t] PA territory, Montgomery coordinate (x11 ', y11 ', z11 ') and the initial value of (x12 ', y12 ', z12 '), determine binary bits length LA and the LB of s ' and t respectively, respectively using the initial value of the secondary higher bit position in the binary form of LA and LB as respective current bit position, and respectively from respective secondary higher bit position, each reduction bit is as respective current bit position, till respective lowest bit position, carry out (LA-1) and (LB-1) secondary interative computation respectively, respectively by the result coordinate of (LA-1) and (LB-1) secondary interative computation (x11 ', y11 ', z11 ') and (x12 ', y12 ', z12 ') in z11 ' and z12 ' be sent to territory, Montgomery multiplication submodule 1012 by lower floor's final election module 1010, the z11 ' returned by territory, Montgomery multiplication submodule 1012 respectively and z12 ' is sent to finite field inversions submodule 1013 in the value of finite field by lower floor's final election module 1010, respectively by z11 ' that finite field inversions submodule 1013 returns -1with z12 ' -1territory transform subblock 1011 is sent to by lower floor's final election module 1010 in the value of finite field, by x11 ', y11 ' and z11 ' in the result coordinate of secondary to (LA-1) interative computation (x11 ', y11 ', z11 ') -1value in territory, Montgomery is sent to territory, Montgomery multiplication submodule 1012 by lower floor's final election module 1010, and both the x11 ' returned, y11 ' are sent to territory, Montgomery multiplication submodule 1012 with 1 by lower floor's final election module 1010 respectively in the value of affine coordinate system, by x12 ', y12 ' and z12 ' in the result coordinate of secondary to (LB-1) interative computation (x12 ', y12 ', z12 ') -1value in territory, Montgomery is sent to territory, Montgomery multiplication submodule 1012 by lower floor's final election module 1010, and both the x12 ' returned, y12 ' are sent to territory, Montgomery multiplication submodule 1012 with 1 by lower floor's final election module 1010 respectively in the value of affine coordinate system, x11 ', y11 ' that territory, Montgomery multiplication submodule 1012 is returned the two be sent to access control center 1002 at the coordinate (x11 ', y11 ') of finite field by upper strata final election module 1003 as [s '] G in the value of finite field, x12 ', y12 ' that territory, Montgomery multiplication submodule 1012 is returned the two be sent to access control center 1002 at the coordinate (x12 ', y12 ') of finite field by upper strata final election module 1003 as [t] PA in the value of finite field, an interative computation wherein comprises: respectively by the coordinate of [s '] G and [t] PA (x11 ', y11 ', z11 '), (x12 ', y12 ', z12 ') currency be sent to projective system two point doubling submodule 1009, when the current bit position of s ' is binary one, projective system two point doubling submodule 1009 is returned (x11 ', y11 ', z11 ') currency be sent to projection mooring points by lower floor's final election module 1010 and add submodule 1014, when the current bit position of t is binary one, projective system two point doubling submodule 1009 is returned (x12 ', y12 ', z12 ') currency be sent to projection mooring points by lower floor's final election module 1010 and add submodule 1014,
Projective system two point doubling submodule 1009 for, signature generate pattern under, two point doublings are carried out to input coordinate, using operation result as output coordinate be back to point doubling control submodule 1006; Under signature verification pattern, to input [s '] G and [t] PA coordinate (x11 ', y11 ', z11 '), (x12 ', y12 ', z12 ') currency carry out two point doublings respectively, using operation result as (x11 ', y11 ', z11 ') and (x12 ', y12 ', z12 ') currency be back to point doubling control submodule 1006;
Point add control submodule 1008 for, add mode signal to lower floor's final election module 1010 sending point; Receipt Validation control centre 1002 send [s '] G and the coordinate of [t] PA under affine coordinate system (x11 ', y11 ') and (x12 ', y12 '), the two is converted to respectively coordinate under each comfortable projective coordinate system (x11 ', y11 ', 1) and (x12 ', y12 ', 1), and by x11 ', y11 ', 1 and x12 ', y12 ', 1 be sent to territory transform subblock 1011 by lower floor's final election module 1010; X11 ', y11 ' that territory transform subblock 1011 is returned, 1 and x12 ', y12 ', 1 value x111 ', y111 ', z111 ' and x121 ' in territory, Montgomery, y121 ', z121 ' be sent to projection mooring points by lower floor's final election module 1010 and add submodule 1014; Projection mooring points is added the coordinate of [s '] G+ [t] PA under projective coordinate system that submodule 1014 returns (x131 ', y131 ', z131 ') in z131 ' be sent to territory, Montgomery multiplication submodule 1012 by lower floor's final election module 1010; The z131 ' returned by territory, Montgomery multiplication submodule 1012 is sent to finite field inversions submodule 1013 in the value of finite field by lower floor's final election module 1010; By the z131 ' that finite field inversions submodule 1013 returns -1territory transform subblock 1011 is sent to by lower floor's final election module 1010 in the value of finite field; By x131 ', y131 ' and z131 ' in the coordinate of [s '] G+ [t] PA under projective coordinate system (x131 ', y131 ', z131 ') -1value in territory, Montgomery is sent to territory, Montgomery multiplication submodule 1012 by lower floor's final election module 1010, and both the x131 ' returned, y131 ' are sent to territory, Montgomery multiplication submodule 1012 with 1 by lower floor's final election module 1010 respectively in the value of affine coordinate system; X131 ', y131 ' that territory, Montgomery multiplication submodule 1012 is returned the two be sent to access control center 1002 in the value of finite field as (x1 ', y1 ');
Lower floor's final election module 1010 for, according to s generate pattern signal, the mode of operation of territory transform subblock 1011, territory, Montgomery multiplication submodule 1012, finite field inversions submodule 1013 is defined as s generate pattern, and the return information of each module is forwarded to s generation control submodule 1005; According to point doubling signature Seize ACK message, mode of operation territory transform subblock 1011, territory, Montgomery multiplication submodule 1012, finite field inversions submodule 1013, projection mooring points being added submodule 1014 is defined as point doubling signature and takies pattern; According to point doubling checking Seize ACK message, mode of operation territory transform subblock 1011, territory, Montgomery multiplication submodule 1012, finite field inversions submodule 1013, projection mooring points being added submodule 1014 is defined as point doubling checking and takies pattern; Add mode signal according to point, mode of operation territory transform subblock 1011, territory, Montgomery multiplication submodule 1012, finite field inversions submodule 1013, projection mooring points being added submodule 1014 is defined as a little adding pattern;
Territory transform subblock 1011 for, under s generate pattern, by (1+dA) -1, r, dA and k be converted to the value in territory, each comfortable Montgomery respectively in the value of finite field, be forwarded to s by lower floor's final election module 1010 and generate and control submodule 1005; Under point doubling signature takies pattern, x2, y2,1 are converted to respectively value x3, y3, the z3 in territory, each comfortable Montgomery in the value of finite field, and it is returned point doubling control submodule 1006 by lower floor's final election module 1010; By z1 -1be converted to its value in territory, Montgomery in the value of finite field, and it is returned point doubling by lower floor's final election module 1010 control submodule 1006; Under point doubling checking takies pattern, respectively by x3 ', y3 ', 1 and x6 ', y6 ', 1 be converted to value x4 ', the y4 ' in territory, each comfortable Montgomery, z4 ' and x7 ', y7 ', z7 ' in the value of finite field, and it returned point doubling by lower floor's final election module 1010 control submodule 1006; Respectively by z11 ' -1with z12 ' -1be converted to its value in territory, Montgomery in the value of finite field, and it is returned point doubling by lower floor's final election module 1010 control submodule 1006; Under point adds pattern, respectively by x11 ', y11 ', 1 and x12 ', y12 ', 1 be converted to value x111 ', the y111 ' in territory, each comfortable Montgomery, z111 ' and x121 ', y121 ', z121 ' in the value of finite field, and it added by lower floor's final election module 1010 reentry point control submodule 1008; By z131 ' -1its value in territory, Montgomery is converted in the value of finite field, and by z131 ' -1value in territory, Montgomery adds control submodule 1008 by lower floor's final election module 1010 reentry point;
Territory, Montgomery multiplication submodule 1012 for, under s generate pattern, the multiplying of territory, Montgomery is carried out to the value of both r and dA in territory, Montgomery, (rdA) that obtain value in territory, Montgomery is returned s by lower floor's final election module 1010 and generates control submodule 1005; By (1+dA) -1(k-rdA) value in territory, Montgomery both carries out the multiplying of territory, Montgomery, by [(1+dA) that obtain -1(k-rdA)] return s in the value of affine coordinate system by lower floor's final election module 1010 and generate control submodule 1005; To [(1+dA) -1(k-rdA)] multiplying of territory, Montgomery is carried out in the value and 1 of affine coordinate system, by the s=[(1+dA) obtained -1(k-rdA)] mod n is forwarded to s at the value s of finite field by lower floor's final election module 1010 and generates control submodule 1005; Here, due to (1+dA) -1(k-rdA) what territory, the Montgomery multiplying that the value in territory, Montgomery both is carried out obtained is product [(1+dA) -1(k-rdA)] in the value of finite field, thus [(1+dA) -1(k-rdA)] must be no more than n, namely this computing has contained and has asked modular arithmetic, thus without the need to [(1+dA) -1(k-rdA)] carry out asking modular arithmetic to n, be s=[(1+dA) -1(k-rdA)] mod n is at the value s of finite field; Under point doubling signature takies pattern, the multiplying of territory, Montgomery is carried out to z1 and 1, the z1 obtained is sent to point doubling in the value of finite field by lower floor's final election module 1010 and controls submodule 1006; To x1 and z1 -1value, y1 and the z1 in territory, each comfortable Montgomery -1the value in territory, each comfortable Montgomery carries out the multiplying of territory, Montgomery respectively, both x1, y1 of obtaining is returned point doubling in the value of affine coordinate system by lower floor's final election module 1010 and controls submodule 1006; Both x1, y1 are carried out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system, both x1, y1 of obtaining is turned back to point doubling in the value of finite field by lower floor's final election module 1010 and controls submodule 1006; Under point doubling checking takies pattern, the multiplying of territory, Montgomery is carried out to z11 ' and 1, the z11 ' obtained is sent to point doubling in the value of finite field by lower floor's final election module 1010 and controls submodule 1006; The multiplying of territory, Montgomery is carried out to z12 ' and 1, the z12 ' obtained is sent to point doubling in the value of finite field by lower floor's final election module 1010 and controls submodule 1006; To x11 ' and z11 ' -1the two value in territory, Montgomery, y11 ' and z11 ' -1the two value in territory, Montgomery carries out the multiplying of territory, Montgomery respectively, and by the x11 ' obtained, y11 ', the two returns point doubling in the value of affine coordinate system by lower floor's final election module 1010 and controls submodule 1006; By x11 ', y11 ', the two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system, and by the x11 ' obtained, y11 ', the two turns back to point doubling in the value of finite field by lower floor's final election module 1010 and controls submodule 1006; To x12 ' and z12 ' -1the two value in territory, Montgomery, y12 ' and z12 ' -1the two value in territory, Montgomery carries out the multiplying of territory, Montgomery respectively, and by the x12 ' obtained, y12 ', the two returns point doubling in the value of affine coordinate system by lower floor's final election module 1010 and controls submodule 1006; By x12 ', y12 ', the two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system, and by the x12 ' obtained, y12 ', the two turns back to point doubling in the value of finite field by lower floor's final election module 1010 and controls submodule 1006; Under point adds pattern, to input z131 ' and 1 carry out the multiplying of territory, Montgomery, by the z131 ' obtained finite field value by lower floor's final election module 1010 be sent to a little add control submodule 1008; To x131 ' and z11 ' -1the two value in territory, Montgomery, y131 ' and z11 ' -1the two value in territory, Montgomery carries out the multiplying of territory, Montgomery respectively, the two value at affine coordinate system of the x131 ' obtained, y131 ' is added by lower floor's final election module 1010 reentry point and controls submodule 1008; By x131 ', y131 ', the two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system, the two value in finite field of the x131 ' obtained, y131 ' is turned back to a little to add by lower floor's final election module 1010 to control submodule 1008;
Finite field inversions submodule 1013 for, under s generate pattern, in the value of finite field, inversion operation is carried out to (1+dA), by (1+dA) that obtain -1be forwarded to s in the value of finite field by lower floor's final election module 1010 and generate control submodule 1005; Under point doubling signature takies pattern, inversion operation is carried out, by the z1 obtained in the value of finite field to z1 -1be sent to point doubling in the value of finite field by lower floor's final election module 1010 and control submodule 1006; Under point doubling checking takies pattern, respectively inversion operation is carried out, by the z11 ' obtained in the value of finite field to z11 ' and z12 ' -1with z12 ' -1be sent to point doubling in the value of finite field by lower floor's final election module 1010 and control submodule 1006; Under point adds pattern, inversion operation is carried out, by the z131 ' obtained in the value of finite field to the z131 ' of input -1finite field value by lower floor's final election module 1010 be sent to a little add control submodule 1008;
Projection mooring points add submodule 1014 for, under point doubling signature takies pattern, input coordinate and (x3, y3, z3) are carried out point add operation, operation result are sent to point doubling by lower floor's final election module 1010 and control submodule 1006; Under point doubling checking takies pattern, by input (x11 ', y11 ', z11 ') currency with (x4 ', y4 ', z4 ') carry out point add operation, using operation result as new (x11 ', y11 ', z11 ') currency by lower floor's final election module 1010 be sent to point doubling control submodule 1006; By input (x12 ', y12 ', z12 ') currency with (x7 ', y7 ', z7 ') carry out point add operation, operation result is sent to point doubling as the currency of new (x12 ', y12 ', z12 ') by lower floor's final election module 1010 and controls submodule 1006; Under point adds pattern, x111 ', the y111 ' of input, z111 ' and x121 ', y121 ', z121 ' are carried out point add operation, using operation result as the coordinate of [s '] G+ [t] PA under projective coordinate system (x131 ', y131 ', z131 ') by lower floor's final election module 1010 be sent to a little add control submodule 1008.
As seen from Figure 10, the present invention is by arranging lower floor's final election module, achieve s generate control submodule, point doubling control submodule, point add control submodule to territory transform subblock, territory, Montgomery multiplication submodule, finite field inversions submodule multiplexing, also achieve point doubling control submodule, point add control submodule the multiplexing of submodule is added to projection mooring points.These multiplexing resource consumptions greatly reducing system hardware, also greatly reduce the area of hardware.
It is pointed out that the technology that two point doublings of the present invention, data are transformed into territory, Montgomery from finite field, data are converted to projective coordinate system by affine coordinate system is prior art, its calculating process is not described specifically at this.
As can be seen here, the present invention has the following advantages:
(1) in the present invention, message m is spliced ' because message m to be signed and signer Hash Value ZA can be spliced into by signature control centre, by cryptographic Hash module, hash computing is carried out to it, obtain splicing message Hash Value e, random number generation module generates random number k, the base G of point doubling module to elliptic curve carries out k point doubling, generate coordinate (x1, y1), like this, signature control centre can obtain r according to r=(e+x1) mod n, all be false if this r meets r=0 and r+k=0, then this r is a signature section in the digital signature of m, otherwise, signature control centre notice random number generation module regenerates random number k, s generation module can according to s=[(1+dA) -1(k-rdA)] mod n generates s, and in the invalid situation of s=0, this s is No. two signature sections in the digital signature of m.Like this, r and s can export as the digital signature of m by signature control centre.Therefore, the present invention can with comprise signature control centre, cryptographic Hash module, random number generation module, point doubling module, s generation module hardware realize in SM2 ellipse curve public key cipher algorithm Digital Signature Algorithm.
(2) can realize the Digital Signature Algorithm in SM2 ellipse curve public key cipher algorithm from hardware due to system provided by the invention, thus arithmetic speed is more quicker than software simulating, also safer.
(3) Digital Signature Algorithm in SM2 ellipse curve public key cipher algorithm can be realized from hardware due to system provided by the invention, can ensure the safety of transfer of data by amount of calculation, the faster speed less than prior art, less keys sizes, lower bandwidth, thus the present invention has broad application prospects.
(4) the present invention carries out s generation and point doubling under projective coordinate system, in territory, Montgomery, can improve arithmetic speed, improves the efficiency that digital signature generates.
(5) the present invention is by arranging two final election modules, multiplexing to multiple hardware submodule of the system that achieves, and therefore, the present invention has saved hardware resource greatly, decreases the area of chip, and this is conducive to the miniaturization of this equipment and integrated.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (3)

1. a digital signature generation system for p unit territory SM2 elliptic curve, described digital signature comprises signature section r and No. two signature section s; It is characterized in that, this system comprises: signature control centre, cryptographic Hash module, random number generation module, point doubling module and s generation module; Wherein,
Described signature control centre is used for, and message m to be signed and signer Hash Value ZA is spliced, the splicing message m by obtaining ' be sent to described cryptographic Hash module; R is calculated according to r=(e+x1) mod n; R is sent to described s generation module; When r=0, r+k=n or s=0, notify that described random number generation module regenerates k; K is sent to described point doubling module and s generation module; R and s is exported as the digital signature of m;
Described cryptographic Hash module is used for, and carries out cryptographic Hash computing to m ', and the splicing message Hash Value e of generation is sent to described signature control centre;
Described random number generation module is used for, and the random number k of generation is sent to described signature control centre;
Described point doubling module is used for, k point doubling is carried out to the base G of described elliptic curve, by the coordinate (x1 generated, y1) described signature control centre is sent to as operation result [k] G, wherein, described point doubling module comprises: point doubling control submodule, territory transform subblock, territory, Montgomery multiplication submodule, projection mooring points add submodule, projective system two point doubling submodule and finite field inversions submodule; Wherein,
Point doubling controls submodule and is used for, and the coordinate (x, y) of G under affine coordinate system is converted to the coordinate (x2, y2,1) under projective coordinate system, and x2, y2,1 are sent to territory transform subblock; By (x3, y3, z3) as the initial value of [k] G at the coordinate (x1, y1, z1) in territory, Montgomery; Determine the binary bits length L of k; Using the initial value of the secondary higher bit position in the binary form of k as its current bit position, from the secondary higher bit position in the binary form of k, each reduction bit, as current bit position, till its lowest bit position, carries out (L-1) secondary interative computation; Z1 in the result coordinate (x1, y1, z1) of secondary to (L-1) interative computation is sent to territory, Montgomery multiplication submodule; The z1 that territory, Montgomery multiplication submodule returns is sent to finite field inversions submodule in the value of finite field; By the z1 that finite field inversions submodule returns -1territory transform subblock is sent in the value of finite field; By x1, y1 and z1 in the result coordinate (x1, y1, z1) of secondary to (L-1) interative computation -1the value in territory, each comfortable Montgomery is sent to territory, Montgomery multiplication submodule, and both x1, y1 of being returned are sent to territory, Montgomery multiplication submodule respectively in the value of affine coordinate system with 1; Both x1, y1 of being returned by territory, Montgomery multiplication submodule are sent to signature control centre as [k] G at the coordinate (x1, y1) of finite field in the value of finite field; An interative computation wherein comprises: current (x1, y1, z1) is sent to projective system two point doubling submodule; And when current bit position is binary one, the output coordinate that projective system two point doubling submodule returns is sent to projection mooring points and adds submodule;
Territory transform subblock is used for, and x2, y2,1 is converted to respectively value x3, y3, the z3 in territory, each comfortable Montgomery in the value of finite field, and is returned point doubling control submodule; By z1 -1be converted to its value in territory, Montgomery in the value of finite field, and returned point doubling and control submodule;
Projection mooring points add submodule for, input coordinate and (x3, y3, z3) are carried out point add operation, operation result are sent to point doubling and control submodule;
Projective system two point doubling submodule is used for, and carries out two point doublings to input coordinate, operation result is back to point doubling as output coordinate and controls submodule;
Territory, Montgomery multiplication submodule is used for, and carries out the multiplying of territory, Montgomery to z1 and 1, the z1 obtained is sent to point doubling in the value of finite field and controls submodule; To x1 and z1 -1the two value, y1 and z1 in territory, Montgomery -1the two value in territory, Montgomery carries out the multiplying of territory, Montgomery respectively, both x1, y1 of obtaining is returned point doubling in the value of affine coordinate system and controls submodule; Both x1, y1 of point doubling being controlled submodule transmission carry out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system, both x1, y1 of obtaining are turned back to point doubling in the value of finite field and controls submodule;
Finite field inversions submodule is used for, and carries out inversion operation, by the z1 obtained to z1 in the value of finite field -1be sent to point doubling in the value of finite field and control submodule;
Described s generation module is used for, according to s=[(1+dA) -1(k-rdA)] mod n generates s, and the s of generation is sent to described signature control centre, described s generation module comprises: s generates and controls submodule, territory transform subblock, territory, Montgomery multiplication submodule and finite field inversions submodule,
Described s generates control submodule and is used for, and receives the value of r and k in finite field of described signature control centre transmission; (1+dA) is sent to described finite field inversions submodule in the value of finite field; By r, dA, k, (1+dA) -1described territory transform subblock is sent in the value of finite field; The value in territory, each for r and dA comfortable Montgomery is sent to territory, described Montgomery multiplication submodule, carry out subtraction by (rdA) value in territory, Montgomery that k returns with it in the value in territory, Montgomery, obtain (k-rdA) value in territory, Montgomery; By (1+dA) -1(k-rdA) value in territory, each comfortable Montgomery is sent to territory, described Montgomery multiplication submodule, and [(1+dA) that returned -1(k-rdA)] territory, described Montgomery multiplication submodule is sent in the value and 1 of affine coordinate system; By s=[(1+dA) -1(k-rdA)] mod n is sent to described signature control centre at the value s of finite field;
Described territory transform subblock is used for, by (1+dA) -1, r, dA and k be converted to the value in territory, each comfortable Montgomery respectively in the value of finite field, be sent to described s and generate and control submodule;
Territory, described Montgomery multiplication submodule is used for, and carries out the multiplying of territory, Montgomery to the value of both r and dA in territory, Montgomery, (rdA) that obtain is returned described s in the value in territory, Montgomery and generates control submodule; By (1+dA) -1(k-rdA) value in territory, Montgomery both carries out the multiplying of territory, Montgomery, by [(1+dA) that obtain -1(k-rdA)] return described s in the value of affine coordinate system and generate control submodule; To [(1+dA) -1(k-rdA)] multiplying of territory, Montgomery is carried out in the value and 1 of affine coordinate system, by the s=[(1+dA) obtained -1(k-rdA)] mod n is sent to described s at the value s of finite field and generates control submodule;
Described finite field inversions submodule is used for, and carries out inversion operation to (1+dA) in the value of finite field, by (1+dA) that obtain -1be sent to described s in the value of finite field and generate control submodule;
Wherein, n is the rank of described elliptic curve, and dA is the private key of signer.
2. the digital signature authentication system of a p unit territory SM2 elliptic curve, this system is for verifying the digital signature that the digital signature generation system described in claim 1 generates, it is characterized in that, this system comprises: access control center, cryptographic Hash module, point doubling module and point add module; Wherein,
Described access control center is used for, using the digital signature of the message M ' to be verified that the r ' received and s ' exports as described digital signature generation system; Judge r ' and s ' whether all between 1 and (n-1); M ' and signer Hash Value ZA ' are spliced, by the authentication splicing message obtained be sent to described cryptographic Hash module; Determine t according to t=(r'+s') modn, judge whether t is 0; S ' and t is sent to described point doubling module, and [s'] G described point doubling module returned and [t] PA is sent to described point and adds module; Determine R according to R=(e'+x1') modn, and judge that whether R is equal with r '; Judge r ' not between 1 and (n-1), s ' not between 1 and (n-1), t is 0, R and r ' unequal in arbitrary situation time, export the message that digital signature authentication is not passed through, when above-mentioned each situation does not all occur, export the message that digital signature authentication is passed through; Wherein, n is the rank of described elliptic curve;
Described cryptographic Hash module is used for, right carry out cryptographic Hash computing, the authentication generated splicing message Hash Value e ' is sent to described access control center;
Described point doubling module is used for, and carries out s ' point doubling to the base G of described elliptic curve, and the operation result obtained [s'] G is sent to described access control center; T point doubling is carried out to the PKI PA of signer, the operation result obtained [t] PA is sent to described access control center, described point doubling module comprises: point doubling control submodule, territory transform subblock, territory, Montgomery multiplication submodule, projection mooring points add submodule, projective system two point doubling submodule and finite field inversions submodule, wherein
Described point doubling controls submodule and is used for, by G, PA coordinate under affine coordinate system (x2 ', y2 '), (x5 ', y5 ') be converted to respectively coordinate under projective coordinate system (x3 ', y3 ', 1), (x6 ', y6 ', 1), and respectively by x3 ', y3 ', 1 and x6 ', y6 ', 1 be sent to described territory transform subblock; Will (x4 ', y4 ', z4 ') and (x7 ', y7 ', z7 ') be sent to described projection mooring points respectively and add submodule, and using it as [s'] G and [t] PA territory, Montgomery coordinate (x11 ', y11 ', z11 ') and the initial value of (x12 ', y12 ', z12 '); Determine binary bits length LA and the LB of s ' and t respectively; Respectively using the initial value of the secondary higher bit position in the binary form of LA and LB as respective current bit position, and respectively from respective secondary higher bit position, each reduction bit is as respective current bit position, till respective lowest bit position, carry out (LA-1) and (LB-1) secondary interative computation respectively; Respectively by the result coordinate of described (LA-1) and (LB-1) secondary interative computation (x11 ', y11 ', z11 ') and (x12 ', y12 ', z12 ') in z11 ' and z12 ' be sent to territory, described Montgomery multiplication submodule; The z11 ' returned by territory, described Montgomery multiplication submodule respectively and z12 ' is sent to described finite field inversions submodule in the value of finite field; Respectively by z11' that described finite field inversions submodule returns -1and z12' -1described territory transform subblock is sent in the value of finite field; By x11 ', y11 ' and z11' in the result coordinate of described (LA-1) secondary interative computation (x11 ', y11 ', z11 ') -1be sent to territory, described Montgomery multiplication submodule in the value in territory, Montgomery, both the x11 ' returned, y11 ' are sent to territory, described Montgomery multiplication submodule respectively in the value of affine coordinate system with 1; By x12 ', y12 ' and z12' in the result coordinate of described (LB-1) secondary interative computation (x12 ', y12 ', z12 ') -1be sent to territory, described Montgomery multiplication submodule in the value in territory, Montgomery, both the x12 ' returned, y12 ' are sent to territory, described Montgomery multiplication submodule respectively in the value of affine coordinate system with 1; X11 ', y11 ' that territory, described Montgomery multiplication submodule is returned the two be sent to described access control center as [s'] G at the coordinate (x11 ', y11 ') of finite field in the value of finite field; X12 ', y12 ' that territory, described Montgomery multiplication submodule is returned the two be sent to described access control center as [t] PA at the coordinate (x12 ', y12 ') of finite field in the value of finite field; Once described interative computation wherein comprises: respectively will [s'] G and [t] PA coordinate (x11 ', y11 ', z11 '), the currency of (x12 ', y12 ', z12 ') is sent to described projective system two point doubling submodule; When the current bit position of s ' is binary one, the currency of (x11 ', y11 ', z11 ') that returned by described projective system two point doubling submodule is sent to described projection mooring points and adds submodule; And when the current bit position of t is binary one, the currency of (x12 ', y12 ', z12 ') that returned by described projective system two point doubling submodule is sent to described projection mooring points and adds submodule;
Described territory transform subblock is used for, respectively by x3 ', y3 ', 1 and x6 ', y6 ', 1 be converted to value x4 ', the y4 ' in territory, each comfortable Montgomery, z4 ' and x7 ', y7 ', z7 ' in the value of finite field, and returned described point doubling and controlled submodule; Respectively by z11' -1and z12' -1be converted to its value in territory, Montgomery in the value of finite field, and returned described point doubling and control submodule;
Described projection mooring points add submodule for, by input (x11 ', y11 ', z11 ') currency with (x4 ', y4 ', z4 ') carry out point add operation, using operation result as new (x11 ', y11 ', z11 ') currency be sent to described point doubling control submodule; By the currency of (x12 ', y12 ', z12 ') of input with (x7 ', y7 ', z7 ') carry out point add operation, using operation result as new (x12 ', y12 ', z12 ') currency be sent to described point doubling control submodule;
Described projective system two point doubling submodule is used for, to input [s'] G and [t] PA coordinate (x11 ', y11 ', z11 '), (x12 ', y12 ', z12 ') currency carry out two point doublings respectively, using operation result as (x11 ', y11 ', z11 ') and (x12 ', y12 ', z12 ') currency be back to described point doubling control submodule;
Territory, described Montgomery multiplication submodule is used for, and carries out the multiplying of territory, Montgomery to z11 ' and 1, the z11 ' obtained is sent to described point doubling in the value of finite field and controls submodule; The multiplying of territory, Montgomery is carried out to z12 ' and 1, the z12 ' obtained is sent to described point doubling in the value of finite field and controls submodule; To x11 ' and z11' -1value, the y11 ' and z11' in territory, each comfortable Montgomery -1the value in territory, each comfortable Montgomery carries out the multiplying of territory, Montgomery respectively, and by the x11 ' obtained, y11 ', the two returns described point doubling in the value of affine coordinate system and controls submodule; Both x11 ', the y11 ' that described point doubling are controlled submodule transmission carry out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system, and by the x11 ' obtained, y11 ', the two turns back to described point doubling in the value of finite field and controls submodule; To x12 ' and z12' -1the two value, y12 ' and z12' in territory, Montgomery -1the two value in territory, Montgomery carries out the multiplying of territory, Montgomery respectively, and by the x12 ' obtained, y12 ', the two returns described point doubling in the value of affine coordinate system and controls submodule; Both x12 ', the y12 ' that described point doubling are controlled submodule transmission carry out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system, and by the x12 ' obtained, y12 ', the two turns back to described point doubling in the value of finite field and controls submodule;
Described finite field inversions submodule is used for, and carries out inversion operation, by the z11' obtained respectively to z11 ' and z12 ' in the value of finite field -1and z12' -1be sent to described point doubling in the value of finite field and control submodule;
Described point add module for, with [t] PA, point add operation is carried out to [s'] G of input, by operation result (x1', y1') described access control center is sent to, wherein, described point adds module and comprises: point add control submodule, territory transform subblock, projection mooring points add submodule, territory, Montgomery multiplication submodule and finite field inversions submodule; Wherein,
Point add control submodule for, Receipt Validation control centre send [s'] G and the coordinate of [t] PA under affine coordinate system (x11 ', y11 ') and (x12 ', y12 '), the two is converted to respectively coordinate under each comfortable projective coordinate system (x11 ', y11 ', 1) and (x12 ', y12 ', 1), and by x11 ', y11 ', 1 and x12 ', y12 ', 1 be sent to territory transform subblock; X11 ', y11 ' that territory transform subblock is returned, 1 and x12 ', y12 ', 1 value x111 ', y111 ', z111 ' and x121 ' in territory, Montgomery, y121 ', z121 ' be sent to projection mooring points and add submodule; The z131 ' added by projection mooring points in the coordinate of [s'] G+ [t] PA under projective coordinate system that submodule returns (x131 ', y131 ', z131 ') is sent to territory, Montgomery multiplication submodule; The z131 ' that territory, Montgomery multiplication submodule returns is sent to finite field inversions submodule in the value of finite field; By the z131' that finite field inversions submodule returns -1territory transform subblock is sent in the value of finite field; By x131 ', y131 ' and z131' in the coordinate of [s'] G+ [t] PA under projective coordinate system (x131 ', y131 ', z131 ') -1be sent to territory, Montgomery multiplication submodule in the value in territory, Montgomery, both the x131 ' returned, y131 ' are sent to territory, Montgomery multiplication submodule respectively in the value of affine coordinate system with 1; Both the x131 ', the y131 ' that are returned by territory, Montgomery multiplication submodule are sent to access control center in the value of finite field as (x1', y1');
Territory transform subblock is used for, respectively by x11 ', y11 ', 1 and x12 ', y12 ', 1 be converted to value x111 ', the y111 ' in territory, each comfortable Montgomery, z111 ' and x121 ', y121 ', z121 ' in the value of finite field, and its reentry point is added control submodule; By z131' -1its value in territory, Montgomery is converted in the value of finite field, and by z131' -1control submodule is added at the value reentry point in territory, Montgomery;
Projection mooring points add submodule for, x111 ', the y111 ' of input, z111 ' and x121 ', y121 ', z121 ' are carried out point add operation, using operation result as the coordinate of [s'] G+ [t] PA under projective coordinate system (x131 ', y131 ', z131 ') be sent to and a little add control submodule;
Territory, Montgomery multiplication submodule is used for, and carries out the multiplying of territory, Montgomery, be sent to by the z131 ' obtained a little add control submodule in the value of finite field the z131 ' and 1 of input; To x131 ' and z11' -1value, the y131 ' and z11' in territory, each comfortable Montgomery -1the value in territory, each comfortable Montgomery carries out the multiplying of territory, Montgomery respectively, and by the x131 ' obtained, y131 ', the two adds control submodule at the value reentry point of affine coordinate system; Point is added both x131 ', y131 ' controlling submodule transmission and carry out the multiplying of territory, Montgomery respectively with 1 in the value of affine coordinate system, both the x131 ' obtained, y131 ' are turned back in the value of finite field and a little adds control submodule;
Finite field inversions submodule is used for, and carries out inversion operation, by the z131' obtained to the z131 ' of input in the value of finite field -1be sent in the value of finite field and a little add control submodule.
3. the digital signature of p unit territory SM2 elliptic curve generates, verifies a hybrid system, and the rank of described elliptic curve are n, and base is G, and signer has PKI PA and private key dA; It is characterized in that, this system comprises: signature control centre, access control center, random number generation module, s generation module, cryptographic Hash module, point doubling module, upper strata final election module, point add module, lower floor's final election module, to be added territory transform subblock that module shares by described s generation module, point doubling module, point, territory, Montgomery multiplication submodule, finite field inversions submodule and add by described point doubling module, some the projection mooring points that module shares and add submodule; Described cryptographic Hash module, point doubling module all have signature generate pattern and signature verification pattern; Wherein,
Described signature control centre is used for, and sends signature generate pattern signal to described upper strata final election module; Message m to be signed and signer Hash Value ZA are spliced, the splicing message m by obtaining ' be sent to described cryptographic Hash module by described upper strata final election module; R is calculated according to r=(e+x1) modn; R is sent to described s generation module; When r=0, r+k=n or s=0, notify that described random number generation module regenerates k; K is sent to described s generation module; K is sent to described point doubling module by described upper strata final election module; R and s is exported as the digital signature of m;
Described access control center is used for, and sends signature verification mode signal to described upper strata final election module; Using the digital signature of the message M ' to be verified that the r ' received and s ' exports as described digital signature generation system; Judge r ' and s ' whether all between 1 and (n-1); M ' and signer Hash Value ZA ' are spliced, by the authentication splicing message obtained described cryptographic Hash module is sent to by described upper strata final election module; Determine t according to t=(r'+s') modn, judge whether t is 0; S ' and t is sent to described point doubling module by described upper strata final election module, and [s'] G described point doubling module returned and [t] PA is sent to described point and adds module; Determine R according to R=(e'+x1') modn, and judge that whether R is equal with r '; Judge r ' not between 1 and (n-1), s ' not between 1 and (n-1), t is 0, R and r ' unequal in arbitrary situation time, export the message that digital signature authentication is not passed through, when above-mentioned each situation does not all occur, export the message that digital signature authentication is passed through;
Described cryptographic Hash module is used for, and under described signature generate pattern, carries out cryptographic Hash computing to m ', by the splicing message Hash Value e of generation by the forwarding of described upper strata final election module, delivers to described signature control centre; Under described signature verification pattern, right carry out cryptographic Hash computing, the authentication generated is spliced message Hash Value e ' by the forwarding of described upper strata final election module, deliver to described access control center;
Described random number generation module is used for, and the random number k of generation is sent to described signature control centre;
Described point doubling module is used for, and under described signature generate pattern, carries out k point doubling to G, using the coordinate (x1, y1) of generation as operation result [k] G, by the forwarding of described upper strata final election module, delivers to described signature control centre; Under described signature verification pattern, s ' point doubling is carried out to G, by operation result [s'] G that obtains by the forwarding of described upper strata final election module, deliver to described access control center; T point doubling is carried out to PA, by operation result [t] PA that obtains by the forwarding of described upper strata final election module, delivers to described access control center;
Described s generation module is used for, according to s=[(1+dA) -1(k-rdA)] mod n generates s, the s of generation is sent to described signature control centre;
Described point add module for, to input [s'] G and [t] PA carry out point add operation, operation result (x1', y1') is sent to described access control center;
Described upper strata final election module is used for, and according to described signature generate pattern signal, the mode of operation of described cryptographic Hash module, point doubling module is defined as generate pattern of signing; According to described signature verification mode signal, the mode of operation of described cryptographic Hash module, point doubling module is defined as signature verification pattern;
Described s generation module comprises: s generates and controls submodule; Described point doubling module comprises: point doubling controls submodule and projective system two point doubling submodule; Described point adds module and comprises: point adds control submodule;
Described s generates control submodule and is used for, and under described signature generate pattern, sends s generate pattern signal to described lower floor final election module; Receive the value of r and k in finite field of described signature control centre output; (1+dA) is sent to described finite field inversions submodule in the value of finite field by described lower floor final election module; By r, dA, (1+dA) -1described territory transform subblock is sent in the value of finite field by described lower floor final election module with k; The value in territory, each for r and dA comfortable Montgomery is sent to territory, described Montgomery multiplication submodule by described lower floor final election module, carry out subtraction with k in the value in territory, Montgomery and its (rdA) value in territory, Montgomery returned by described lower floor final election module, obtain (k-rdA) value in territory, Montgomery; By (1+dA) -1(k-rdA) value in territory, each comfortable Montgomery is sent to territory, described Montgomery multiplication submodule by described lower floor final election module, and by [(1+dA) that it is returned by described lower floor final election module -1(k-rdA)] territory, described Montgomery multiplication submodule is sent to by described lower floor final election module again in the value and 1 of affine coordinate system;
Described point doubling controls submodule and is used for, and under described signature generate pattern, sends point doubling signature Seize ACK message to described lower floor final election module; The coordinate (x, y) of G under affine coordinate system is converted to the coordinate (x2, y2,1) under projective coordinate system, and x2, y2,1 are sent to described territory transform subblock by described lower floor final election module; By (x3, y3, z3) as the initial value of [k] G at the coordinate (x1, y1, z1) in territory, Montgomery; Determine the binary bits length L of k; Using the initial value of the secondary higher bit position in the binary form of k as its current bit position, from the secondary higher bit position in the binary form of described k, each reduction bit, as current bit position, till its lowest bit position, carries out (L-1) secondary interative computation; Z1 in the result coordinate (x1, y1, z1) of described (L-1) secondary interative computation is sent to territory, described Montgomery multiplication submodule by described lower floor final election module; The z1 returned by territory, described Montgomery multiplication submodule is sent to described finite field inversions submodule in the value of finite field by described lower floor final election module; By the z1 that described finite field inversions submodule returns -1described territory transform subblock is sent to by described lower floor final election module in the value of finite field; By x1, y1 and z1 in the result coordinate (x1, y1, z1) of described (L-1) secondary interative computation -1value in territory, Montgomery is sent to territory, described Montgomery multiplication submodule by described lower floor final election module, and both x1, y1 of being returned are sent to territory, described Montgomery multiplication submodule with 1 by described lower floor final election module respectively in the value of affine coordinate system; Both x1, y1 that territory, described Montgomery multiplication submodule is returned finite field value as [k] G at the coordinate (x1, y1) of finite field by described upper strata final election module forwards to described signature control centre; Once described interative computation wherein comprises: current (x1, y1, z1) is sent to described projective system two point doubling submodule; When described current bit position is binary one, the output coordinate that described projective system two point doubling submodule returns is sent to described projection mooring points by described lower floor final election module and adds submodule; Under described signature verification pattern, send point doubling checking Seize ACK message to described lower floor final election module; By G, PA coordinate under affine coordinate system (x2 ', y2 '), (x5 ', y5 ') be converted to respectively coordinate under projective coordinate system (x3 ', y3 ', 1), (x6 ', y6 ', 1), and respectively by x3 ', y3 ', 1 and x6 ', y6 ', 1 be sent to described territory transform subblock by described lower floor final election module; Will (x4 ', y4 ', z4 ') and (x7 ', y7 ', z7 ') be sent to described projection mooring points respectively by described lower floor final election module and add submodule, and using it as [s'] G and [t] PA territory, Montgomery coordinate (x11 ', y11 ', z11 ') and the initial value of (x12 ', y12 ', z12 '); Determine binary bits length LA and the LB of s ' and t respectively; Respectively using the initial value of the secondary higher bit position in the binary form of LA and LB as respective current bit position, and respectively from respective secondary higher bit position, each reduction bit is as respective current bit position, till respective lowest bit position, carry out (LA-1) and (LB-1) secondary interative computation respectively; Respectively by the result coordinate of described (LA-1) and (LB-1) secondary interative computation (x11 ', y11 ', z11 ') and (x12 ', y12 ', z12 ') in z11 ' and z12 ' be sent to territory, described Montgomery multiplication submodule by described lower floor final election module; The z11 ' returned by territory, described Montgomery multiplication submodule respectively and z12 ' is sent to described finite field inversions submodule in the value of finite field by described lower floor final election module; Respectively by z11' that described finite field inversions submodule returns -1and z12' -1described territory transform subblock is sent to by described lower floor final election module in the value of finite field; By x11 ', y11 ' and z11' in the result coordinate of described (LA-1) secondary interative computation (x11 ', y11 ', z11 ') -1value in territory, Montgomery is sent to territory, described Montgomery multiplication submodule by described lower floor final election module, and both the x11 ' returned, y11 ' are sent to territory, described Montgomery multiplication submodule with 1 by described lower floor final election module respectively in the value of affine coordinate system; By x12 ', y12 ' and z12' in the result coordinate of described (LB-1) secondary interative computation (x12 ', y12 ', z12 ') -1value in territory, Montgomery is sent to territory, described Montgomery multiplication submodule by described lower floor final election module, and both the x12 ' returned, y12 ' are sent to territory, described Montgomery multiplication submodule with 1 by described lower floor final election module respectively in the value of affine coordinate system; X11 ', y11 ' that territory, described Montgomery multiplication submodule is returned the two be sent to described access control center at the coordinate (x11 ', y11 ') of finite field by described upper strata final election module as [s'] G in the value of finite field; And x12 ', y12 ' that territory, described Montgomery multiplication submodule returned the two be sent to described access control center at the coordinate (x12 ', y12 ') of finite field by described upper strata final election module as [t] PA in the value of finite field; Once described interative computation wherein comprises: respectively will [s'] G and [t] PA coordinate (x11 ', y11 ', z11 '), the currency of (x12 ', y12 ', z12 ') is sent to described projective system two point doubling submodule; And when the current bit position of s ' is binary one, described projective system two point doubling submodule is returned (x11 ', y11 ', z11 ') currency be sent to described projection mooring points by described lower floor final election module and add submodule, when the current bit position of t is binary one, described projective system two point doubling submodule is returned (x12 ', y12 ', z12 ') currency be sent to described projection mooring points by described lower floor final election module and add submodule;
Described projective system two point doubling submodule is used for, and under signature generate pattern, carries out two point doublings to input coordinate, operation result is back to described point doubling as output coordinate and controls submodule; Under signature verification pattern, to input [s'] G and [t] PA coordinate (x11 ', y11 ', z11 '), (x12 ', y12 ', z12 ') currency carry out two point doublings respectively, using operation result as (x11 ', y11 ', z11 ') and (x12 ', y12 ', z12 ') currency be back to described point doubling control submodule;
Described point add control submodule for, add mode signal to described lower floor's final election module sending point; Receive described access control center send [s'] G and the coordinate of [t] PA under affine coordinate system (x11 ', y11 ') and (x12 ', y12 '), the two is converted to respectively coordinate under each comfortable projective coordinate system (x11 ', y11 ', 1) and (x12 ', y12 ', 1), and by x11 ', y11 ', 1 and x12 ', y12 ', 1 be sent to described territory transform subblock by described lower floor final election module; X11 ', y11 ' that described territory transform subblock is returned, 1 and x12 ', y12 ', 1 value x111 ', y111 ', z111 ' and x121 ' in territory, Montgomery, y121 ', z121 ' be sent to described projection mooring points by described lower floor final election module and add submodule; Described projection mooring points is added the coordinate of [s'] G+ [t] PA under projective coordinate system that submodule returns (x131 ', y131 ', z131 ') in z131 ' be sent to territory, described Montgomery multiplication submodule by described lower floor final election module; The z131 ' returned by territory, described Montgomery multiplication submodule is sent to described finite field inversions submodule in the value of finite field by described lower floor final election module; By the z131' that described finite field inversions submodule returns -1described territory transform subblock is sent to by described lower floor final election module in the value of finite field; By x131 ', y131 ' and z131' in the coordinate of [s'] G+ [t] PA under projective coordinate system (x131 ', y131 ', z131 ') -1value in territory, Montgomery is sent to territory, described Montgomery multiplication submodule by described lower floor final election module, and both the x131 ' returned, y131 ' are sent to territory, described Montgomery multiplication submodule with 1 by described lower floor final election module respectively in the value of affine coordinate system; Both the x131 ', the y131 ' that are returned by territory, described Montgomery multiplication submodule are sent to described access control center in the value of finite field as (x1', y1');
Described lower floor final election module is used for, according to described s generate pattern signal, the mode of operation of described territory transform subblock, territory, Montgomery multiplication submodule, finite field inversions submodule is defined as s generate pattern, and the return information of each module is forwarded to described s generation control submodule; According to described point doubling signature Seize ACK message, the mode of operation described territory transform subblock, territory, Montgomery multiplication submodule, finite field inversions submodule and projection mooring points being added submodule is defined as point doubling signature and takies pattern; According to described point doubling checking Seize ACK message, the mode of operation described territory transform subblock, territory, Montgomery multiplication submodule, finite field inversions submodule and projection mooring points being added submodule is defined as point doubling checking and takies pattern; Add mode signal according to described point, the mode of operation that described territory transform subblock, territory, Montgomery multiplication submodule, finite field inversions submodule and projection mooring points add submodule is defined as a little adding pattern;
Described territory transform subblock is used for, under described s generate pattern, by (1+dA) -1, r, dA and k be converted to the value in territory, each comfortable Montgomery respectively in the value of finite field, to be generated to described s by described lower floor final election module forwards and control submodule; Under described point doubling signature takies pattern, x2, y2,1 are converted to respectively value x3, y3, the z3 in territory, each comfortable Montgomery in the value of finite field, and it is returned described point doubling control submodule by described lower floor final election module; By z1 -1be converted to its value in territory, Montgomery in the value of finite field, and it is returned described point doubling by described lower floor final election module control submodule; Under described point doubling checking takies pattern, respectively by x3 ', y3 ', 1 and x6 ', y6 ', 1 be converted to value x4 ', the y4 ' in territory, each comfortable Montgomery, z4 ' and x7 ', y7 ', z7 ' in the value of finite field, and it returned described point doubling by described lower floor final election module control submodule; Respectively by z11' -1and z12' -1be converted to its value in territory, Montgomery in the value of finite field, and it is returned described point doubling by described lower floor final election module control submodule; Under described point adds pattern, respectively by x11 ', y11 ', 1 and x12 ', y12 ', 1 be converted to value x111 ', the y111 ' in territory, each comfortable Montgomery, z111 ' and x121 ', y121 ', z121 ' in the value of finite field, and it returned described point by described lower floor final election module add control submodule; By z131' -1its value in territory, Montgomery is converted in the value of finite field, and by z131' -1value in territory, Montgomery returns described point by described lower floor final election module and adds control submodule;
Territory, described Montgomery multiplication submodule is used for, under described s generate pattern, the multiplying of territory, Montgomery is carried out to the value of both r and dA in territory, Montgomery, (rdA) that obtain value in territory, Montgomery is returned described s by described lower floor final election module and generates control submodule; By (1+dA) -1(k-rdA) value in territory, Montgomery both carries out the multiplying of territory, Montgomery, by [(1+dA) that obtain -1(k-rdA)] return described s in the value of affine coordinate system by described lower floor final election module and generate control submodule; To [(1+dA) -1(k-rdA)] multiplying of territory, Montgomery is carried out in the value and 1 of affine coordinate system, by the s=[(1+dA) obtained -1(k-rdA)] mod n generates control submodule by described lower floor final election module forwards to described s at the value s of finite field; Under described point doubling signature takies pattern, the multiplying of territory, Montgomery is carried out to z1 and 1, the z1 obtained is sent to described point doubling in the value of finite field by described lower floor final election module and controls submodule; To x1 and z1 -1value, y1 and the z1 in territory, each comfortable Montgomery -1the value in territory, each comfortable Montgomery carries out the multiplying of territory, Montgomery respectively, both x1, y1 of obtaining is returned described point doubling in the value of affine coordinate system by described lower floor final election module and controls submodule; Described both x1, y1 are carried out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system, both x1, y1 of obtaining is turned back to described point doubling in the value of finite field by described lower floor final election module and controls submodule; Under described point doubling checking takies pattern, the multiplying of territory, Montgomery is carried out to z11 ' and 1, the z11 ' obtained is sent to described point doubling in the value of finite field by described lower floor final election module and controls submodule; The multiplying of territory, Montgomery is carried out to z12 ' and 1, the z12 ' obtained is sent to described point doubling in the value of finite field by described lower floor final election module and controls submodule; To x11 ' and z11' -1the two value, y11 ' and z11' in territory, Montgomery -1the two value in territory, Montgomery carries out the multiplying of territory, Montgomery respectively, and by the x11 ' obtained, y11 ', the two returns described point doubling in the value of affine coordinate system by described lower floor final election module and controls submodule; By described x11 ', y11 ', the two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system, and by the x11 ' obtained, y11 ', the two turns back to described point doubling in the value of finite field by described lower floor final election module and controls submodule; To x12 ' and z12' -1the two value, y12 ' and z12' in territory, Montgomery -1the two value in territory, Montgomery carries out the multiplying of territory, Montgomery respectively, and by the x12 ' obtained, y12 ', the two returns described point doubling in the value of affine coordinate system by described lower floor final election module and controls submodule; By described x12 ', y12 ', the two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system, and by the x12 ' obtained, y12 ', the two turns back to described point doubling in the value of finite field by described lower floor final election module and controls submodule; Under described point adds pattern, the multiplying of territory, Montgomery is carried out to the z131 ' and 1 of input, the z131 ' obtained is sent to described point in the value of finite field by described lower floor final election module and adds control submodule; To x131 ' and z11' -1the two value, y131 ' and z11' in territory, Montgomery -1the two value in territory, Montgomery carries out the multiplying of territory, Montgomery respectively, and by the x131 ' obtained, y131 ', the two returns described point in the value of affine coordinate system by described lower floor final election module and adds control submodule; By described x131 ', y131 ', the two carries out the multiplying of territory, Montgomery with 1 respectively in the value of affine coordinate system, both the x131 ' obtained, y131 ' is turned back to described point in the value of finite field by described lower floor final election module and adds control submodule;
Described finite field inversions submodule is used for, and under described s generate pattern, carries out inversion operation to (1+dA) in the value of finite field, by (1+dA) that obtain -1control submodule is generated by described lower floor final election module forwards to described s in the value of finite field; Under described point doubling signature takies pattern, inversion operation is carried out, by the z1 obtained in the value of finite field to z1 -1be sent to described point doubling in the value of finite field by described lower floor final election module and control submodule; Under described point doubling checking takies pattern, respectively inversion operation is carried out, by the z11' obtained in the value of finite field to z11 ' and z12 ' -1and z12' -1be sent to described point doubling in the value of finite field by described lower floor final election module and control submodule; Under described point adds pattern, inversion operation is carried out, by the z131' obtained in the value of finite field to the z131 ' of input -1be sent to described point in the value of finite field by described lower floor final election module and add control submodule;
Described projection mooring points add submodule for, under described point doubling signature takies pattern, input coordinate is carried out point add operation with (x3, y3, z3), operation result is sent to described point doubling by described lower floor final election module and controls submodule; Under described point doubling checking takies pattern, by input (x11 ', y11 ', z11 ') currency with (x4 ', y4 ', z4 ') carry out point add operation, using operation result as new (x11 ', y11 ', z11 ') currency by described lower floor final election module be sent to described point doubling control submodule; By input (x12 ', y12 ', z12 ') currency with (x7 ', y7 ', z7 ') carry out point add operation, operation result is sent to described point doubling as the currency of new (x12 ', y12 ', z12 ') by described lower floor final election module and controls submodule; Under described point adds pattern, x111 ', the y111 ' of input, z111 ' and x121 ', y121 ', z121 ' are carried out point add operation, using operation result as the coordinate of [s'] G+ [t] PA under projective coordinate system (x131 ', y131 ', z131 ') be sent to described point by described lower floor final election module and add control submodule.
CN201110107553.3A 2011-04-27 2011-04-27 System for generating, verifying and mixing digital signatures of p-element domain SM2 elliptic curves Active CN102761415B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110107553.3A CN102761415B (en) 2011-04-27 2011-04-27 System for generating, verifying and mixing digital signatures of p-element domain SM2 elliptic curves

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110107553.3A CN102761415B (en) 2011-04-27 2011-04-27 System for generating, verifying and mixing digital signatures of p-element domain SM2 elliptic curves

Publications (2)

Publication Number Publication Date
CN102761415A CN102761415A (en) 2012-10-31
CN102761415B true CN102761415B (en) 2015-04-08

Family

ID=47055742

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110107553.3A Active CN102761415B (en) 2011-04-27 2011-04-27 System for generating, verifying and mixing digital signatures of p-element domain SM2 elliptic curves

Country Status (1)

Country Link
CN (1) CN102761415B (en)

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103929305A (en) * 2013-01-16 2014-07-16 上海华虹集成电路有限责任公司 SM2 signature algorithm implementation method
CN103312510A (en) * 2013-05-20 2013-09-18 国家电网公司 Ultra-light authentication method for asymmetrical digital signature technology
CN103427997B (en) 2013-08-16 2016-06-22 西安西电捷通无线网络通信股份有限公司 A kind of method generating digital signature and device
CN103490883B (en) * 2013-09-17 2016-10-05 华南理工大学 A kind of multi-variable public key ciphering/decryption system and encrypting/decrypting method
CN103701598B (en) * 2013-12-05 2017-07-11 武汉信安珞珈科技有限公司 It is a kind of that endorsement method and digital signature device are checked based on SM2 signature algorithms
CN104852805B (en) * 2015-05-11 2019-03-22 中国科学院软件研究所 A kind of SM2 signature algorithm means of defence for resisting the fault analysis based on lattice
CN104836670B (en) * 2015-05-12 2017-12-08 中国科学院软件研究所 A kind of SM2 signature algorithm security verification method unknown based on random number
CN106549769A (en) * 2016-12-08 2017-03-29 广东工业大学 SM2 ellipse curve signatures system under a kind of prime field Fp
CN106850198B (en) * 2017-01-16 2019-10-25 武汉理工大学 SM2 digital signature generation method and system based on the collaboration of more devices
CN106712968B (en) * 2017-02-22 2019-08-30 北京智慧云测科技有限公司 Key acquisition method, digital signature method and device
CN108718239A (en) * 2018-05-14 2018-10-30 河南科技大学 A kind of improved digital signature of elliptic curve method
CN109145644B (en) * 2018-08-28 2021-03-19 北京云测信息技术有限公司 Private key confusion and digital signature generation method and device and intelligent device
KR20200046481A (en) * 2018-10-24 2020-05-07 삼성전자주식회사 A random number generator, an encryption device including the same and a operating method thereof
CN110990896B (en) * 2019-12-03 2023-01-06 成都卫士通信息产业股份有限公司 Digital signature device, method, storage medium and equipment based on SM2 white box
CN111274613B (en) * 2020-01-20 2022-05-20 广州安研信息科技有限公司 Iterative SM2 digital signature generation method, system, medium and device
CN112118111B (en) * 2020-09-04 2023-10-13 中国科学院大学 SM2 digital signature method suitable for threshold calculation
CN113193962B (en) * 2021-04-30 2022-08-30 安徽师范大学 SM2 digital signature generation and verifier based on lightweight modular multiplication
CN113055189B (en) * 2021-06-02 2021-08-10 工业信息安全(四川)创新中心有限公司 SM2 digital signature verification failure reason judgment method, device, equipment and medium
CN113783702A (en) * 2021-09-28 2021-12-10 南京宁麒智能计算芯片研究院有限公司 Hardware implementation method and system for elliptic curve digital signature and signature verification
CN114205085A (en) * 2021-12-03 2022-03-18 东北大学 Optimization processing method of SM2 and transformation method of super book fabric platform

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1831754A (en) * 2005-11-04 2006-09-13 北京浦奥得数码技术有限公司 Elliptic curve cipher system and implementing method
CN101296076A (en) * 2007-04-29 2008-10-29 四川虹微技术有限公司 Digital signature scheme based on ECC
CN101610153A (en) * 2008-06-20 2009-12-23 航天信息股份有限公司 Electronic signature authentication method based on ellipse curve signature algorithm
CN101753306A (en) * 2009-12-22 2010-06-23 上海大学 Digital signature authentication method for applying Montgomery elliptic curve
CN101931529A (en) * 2010-08-09 2010-12-29 中兴通讯股份有限公司 Data encryption method, data decryption method and nodes

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5027422B2 (en) * 2006-02-09 2012-09-19 ルネサスエレクトロニクス株式会社 Remainder processing device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1831754A (en) * 2005-11-04 2006-09-13 北京浦奥得数码技术有限公司 Elliptic curve cipher system and implementing method
CN101296076A (en) * 2007-04-29 2008-10-29 四川虹微技术有限公司 Digital signature scheme based on ECC
CN101610153A (en) * 2008-06-20 2009-12-23 航天信息股份有限公司 Electronic signature authentication method based on ellipse curve signature algorithm
CN101753306A (en) * 2009-12-22 2010-06-23 上海大学 Digital signature authentication method for applying Montgomery elliptic curve
CN101931529A (en) * 2010-08-09 2010-12-29 中兴通讯股份有限公司 Data encryption method, data decryption method and nodes

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王潮,时向勇,牛志华.基于Montgomery曲线改进ECDSA算法的研究.《通信学报》.2010,第31卷(第1期),全文. *

Also Published As

Publication number Publication date
CN102761415A (en) 2012-10-31

Similar Documents

Publication Publication Date Title
CN102761415B (en) System for generating, verifying and mixing digital signatures of p-element domain SM2 elliptic curves
CN102761413B (en) Implementation system of p-element domain SM2 elliptic curve public key cryptographic algorithm
US6490352B1 (en) Cryptographic elliptic curve apparatus and method
US7007164B1 (en) Method and array for authenticating a first instance and a second instance
CN101079701B (en) Highly secure ellipse curve encryption and decryption method and device
CA2669145A1 (en) Implicit certificate verification
CN105099672A (en) Hybrid encryption method and device for realizing the same
CN104168114A (en) Distributed type (k, n) threshold certificate-based encrypting method and system
CA2830285C (en) Keyed pv signatures
Jeng et al. An ECC-based blind signature scheme
CN102761412A (en) P-element domain SM2 elliptic curve public key encryption, decryption and encryption-decryption hybrid system
Abouelkheir et al. Pairing free identity based aggregate signcryption scheme
Koppula et al. Secure digital signature scheme based on elliptic curves for internet of things
Malan Crypto for tiny objects
CN102035646A (en) Mixed key agreement method for enhancing protection
Sarwar et al. Lightweight ECC with Fragile Zero-Watermarking for Internet of Things Security
CN102761411B (en) P element field SM2 elliptic curve key agreement system
CN108055134B (en) Collaborative computing method and system for elliptic curve point multiplication and pairing operation
WO2020139937A1 (en) Cryptographic key generation using kummer varieties
US20150281256A1 (en) Batch verification method and apparatus thereof
Fan et al. Strongly secure certificateless signature scheme supporting batch verification
CN113849831A (en) Two-party collaborative signature and decryption method and system based on SM2 algorithm
Lu et al. Designing efficient proxy signature schemes for mobile communication
US20070033405A1 (en) Enhanced key agreement and transport protocol
Chen et al. Blockchain as a CA: A provably secure signcryption scheme leveraging blockchains

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant