CN106533682A - Point-to-point elliptic-curve type digital signature algorithm and signature verification method based on the same - Google Patents
Point-to-point elliptic-curve type digital signature algorithm and signature verification method based on the same Download PDFInfo
- Publication number
- CN106533682A CN106533682A CN201610991199.8A CN201610991199A CN106533682A CN 106533682 A CN106533682 A CN 106533682A CN 201610991199 A CN201610991199 A CN 201610991199A CN 106533682 A CN106533682 A CN 106533682A
- Authority
- CN
- China
- Prior art keywords
- point
- mod
- calculates
- count
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3252—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Algebra (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an improved point-to-point elliptic-curve type digital signature algorithm. The algorithm comprises the following steps that: (1), a formula t=Hash(IDA||IDB||count)mod n is calculated, wherein the count is equal to 0X00000001; and if t is equal to 0, the count++ is realized and the t is calculated again; (2), k belonging to [1, n-1] is selected randomly; (3), a formula kP=(x1,y1) is operated and the x1 is transformed into an integer; (4), a formula r=x1 mod n is calculated; and if the r is equal to 0, the step (2) is carried out again; (5), an expression e=H(m) is calculated, wherein the H(x) is a hash function; (6), an expression s=k <1>t (e+dr) mod n is calculated; if the s is equal to 0, the step (2) is carried out again to obtain a random number; and (7), a signature pair (r,s) is outputted. In addition, the invention also discloses a signature verification method based on the improved point-to-point elliptic-curve type digital signature algorithm. A point-to-point signature verification behavior is realized.
Description
Technical field
The present invention relates to information security field, more particularly to a kind of point-to-point ECDSA
(ECDSA).The invention further relates to a kind of sign test method based on the improved ECDSA.
Background technology
1st, ECDSA is theoretical introduces
Digitized of the digital signature corresponding to handwritten signature, data origin authentication can be provided, with data integrity and
The characteristics of non-repudiation.ECDSA is exactly the elliptic curve version of digital signature.ECDSA idiographic flows
It is as follows:
|input paramete group D=(q, FR, S, a, b, P, n, h), private key d, message m.
Output signature is to (r, s)
A, random selection k ∈ [1, n-1];
B computing kP=(x1, y1), afterwards x1It is converted into integer;
C, calculating r=x1Mod n, if r=0, then rebound step a;
D calculates e=H (m), wherein, H (x) is hash function;
E, calculating s=k-1(e+dr) mod n, if s=0, then rebound step a;
F, output signature are to (r, s).
So obtain this signature to other users just can by public key with signature determination is determine whether to (r, s)
The signature of user.The idiographic flow of checking signature is as follows:
|input paramete group D=(q, FR, S, a, b, P, n, h), public key Q, message m are signed to (r, s).
A, determine r ∈ [1, n-1], s ∈ [1, n-1], otherwise sign test failure;
B, calculating e=H (m), wherein, H (x) is hash function
C, calculating w=s-1mod n;
D, calculating u1=ew mod n, u2=rw mod n;
E, calculating X=u1P+u2Q, if X is infinite point, signature failure;
F, X=(x1, y1) afterwards X1It is converted into integer;
If G, X1It is equal with r, then sign test success, otherwise sign test failure.
2nd, Mafia's problem
Alice has a meal in the dining room that one, the dining room of Bob Mafia possesses, and Carol is in the market one of Dave
High-grade jeweler's shop of family does shopping, and Bob and Carol is mafioso, and they can be communicated by a cryptochannel,
And Alice and Dave do not know this fraud.
After Alice has a meal in the dining room of Bob, preparation check and to Bob identify identity when, Bob notify Carol start this
Field fraud, Carol are also bought gem to Dave and prepare to identify identity, so, when Alice carries out digital label to the bill of Bob
After name, the digital signature of Alice is passed to Carol by Bob again, and Carol can just utilize the digital signature of Alice to carry out with Dave
Transaction, furthermore, Alice have purchased gem to Mafia.
So if being improved to digital signature, and digital signature is introduced into ID (identity mark reality), then Mafia is just
Alice cannot be pretended to be, because Alice is Alice and Bob in the signature that the dining room of Bob is carried out, and Carol is in the market of Dave
The sig ID of needs is Carol and Dave.
The content of the invention
The technical problem to be solved in the present invention is to provide a kind of point-to-point ECDSA, can be effective
Solve the problems, such as point-to-point signature;Ensure to realize in other node IDs relative to conventional elliptical curve signature method simultaneously
Man-in-the-middle attack.
To solve above-mentioned technical problem, point-to-point ECDSA of the invention comprises the steps:
|input paramete group D=(IDA, IDB, q, FR, S, a, b, P, n, h), private key d, public key Q, message m, wherein, IDA, IDB
It is the ID of both parties respectively;
Output signature is to (r, s);
Step (1), calculates t=Hash (IDA||IDB| | count) mod n, count=0x00000001, if t=0,
So count++, recalculates t;
Step (2), random selection k ∈ [1, n-1];
Step (3), computing kP=(x1, y1), afterwards x1It is converted into integer;
Step (4), calculates r=x1Mod n, if r=0, then rebound step (2);
Step (5), calculates e=H (m), wherein, H (x) is hash function;
Step (6), calculates s=k-1T (e+dr) mod n, if s=0, then rebound step (2) obtains random number;
Step (7), output signature is to (r, s).
Based on the sign test method of above-mentioned improved ECDSA, comprise the steps:
|input paramete group D=(IDA, IDB, q, FR, S, a, b, P, n, h), message m is signed to (r, s), wherein, IDA, IDB
It is the ID of both parties respectively;
Step (1), calculates t=Hash (IDA||IDB| | count) mod n, count=0x00000001, if t=0,
So count++, recalculates t;
Step (2), determines r ∈ [1, n-1], s ∈ [1, n-1], otherwise sign test failure;
Step (3), calculates e=H (m), wherein, H (x) is hash function;
Step (4), calculates w=s-1mod n;
Step (5), calculates u1=tew mod n, u2=trw mod n;
Step (6), calculates X=u1P+u2Q, if X is infinite point, signature failure;
Step (7), X=(x1, y1), afterwards x1It is converted into integer;
Step (8), if x1It is equal with r, then sign test success, otherwise sign test failure.
In this case, because under different ID, t is different, it is assumed that when A is digitally signed to the bill of B, t
=t1.C provides the t=t of digital signature to B2(t1≠t2), t=t during C sign tests2, so the digital signature (t=t of A1) being cannot
By C sign tests.So go-between just cannot be checked to them using the money of A.
Compared with traditional ellipse curve signature, the present invention can solve the behavior that go-between pretends to be signature.If someone
Signature must add the ID of both parties, if it is exactly impossible that other people want to pretend to be the signature of this person.From this point so that
ECDSA signatures can not be falsely used again by other people.
Description of the drawings
The present invention is further detailed explanation with specific embodiment below in conjunction with the accompanying drawings:
Fig. 1 is improved ECDSA flow chart;
Fig. 2 is sign test flow chart corresponding with the improved ECDSA.
Specific embodiment
Fig. 1 illustrates the specific implementation details of the present invention there is provided below scheme.
USA National Institute of Standard and Technology (NIST) recommends 5 sets of parameters for the elliptic curve cipher of prime field.This
Set of parameter therein is adopted in embodiment, it is specific as follows:
In finite field Fp, there is elliptic curve E, which is defined as follows:
E:y2=x3+ax2+b
Wherein:
P=0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFF FFFFFFFFFFFF;
A=0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFF FFFFFFFFFFFC;
B=0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce 3c3e27d2604b.
The coordinate of basic point P is,
[0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A139 45D898C296,
0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5]
The rank n of basic point is,
0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551。
Assume that private key d is
D=0x2CA1411A41B17B24CC8C3B089CFD033F1920202A6C0DE8ABB97D F1498D50D2C8.
Assume IDAFor 0x61626364
Assume IDBFor 0x65666768
Calculating t is
0x832F0D3EDF2E5CC121986AE425247B4379B47B3A1D83D5D171013910D8DE7E49。
Step one, random selection k ∈ [1, n-1];
K=0xA0640D4957F27D091AB1AEBC69949D96E5AC2BB283ED5284A567 4758B12F08DF.
Step 2, computing kP=(x1, y1);
The coordinate of kP is,
[0xD73CD3722BAE6CC0B39065BB4003D8ECE1EF2F7A8A55BFD677234B 0B3B902650,
0x7FB6E56C2A703DD7E7E9557EAD184588AB38066718EE4B808CD18DDD825D8866]。
Step 3, calculates r=x1Mod n, if r=0, then rebound step one;
R=0xD73CD3722BAE6CC0B39065BB4003D8ECEIEF2F7A8A55BFD67723 4B0B3B902650.
Step 4, calculates e=H (m), wherein, H (x) is hash function;
Assume that e is,
E=0x1BD4ED430B0F384B4E8D458EFF1A8A553286D7AC21CB2F680617 2EF5F94A06AD.
Step 5, calculates s=tk-1(e+dr)mod n;
S=0x3BC8BB9E6F20285CC8E6C3D478F238A22256DFA025B028AA11D4 DC642C77D0BC.
Step 6, output signature is to (r, s).
With reference to shown in Fig. 2, sign test example is as follows:
Step one, calculates e=H (m), wherein, H (x) is hash function.
E with signature as,
E=0x1BD4ED430B0F384B4E8D458EFF1A8A553286D7AC21CB2F680617 2EF5F94A06AD.
Step 2, calculates w=s-1mod n;
W=0x5D68908FF534F2C8F150412D11E9CF0A09FEAEDE0C3A727B4A05 6ADF9222C89C.
Step 3, calculates u1=tew mod n, u2=trw mod n;
u1=0x4230443019AF06D9B2BEB55EBEAEF17537567CB205F87CFD3C6F79 D5978837CC;
u2=0xD73CD3722BAE6CC0B39065BB4003D8ECE1EF2F7A8A55BFD677234B 0B3B902650.
Step 4, calculates X=u1P+u2Q, if X is infinite point, signature failure.
The coordinate of point X is,
[0xD73CD3722BAE6CC0B39065BB4003D8ECE1EF2F7A8A55BFD677234B 0B3B902650,
0x7FB6E56C2A703DD7E7E9557EAD184588AB38066718EE4B808CD18DDD825D8866]
Because the abscissa of X is equal with r, sign test success.
Above by embodiment, the present invention has been described in detail, but protection scope of the present invention be not limited to it is described
Embodiment.Without departing from the principles of the present invention, those skilled in the art can also make many deformations and improvement, these
Also should be regarded as protection scope of the present invention.
Claims (2)
1. a kind of point-to-point ECDSA, it is characterised in that comprise the steps:
|input paramete group D=(IDA, IDB, q, FR, S, a, b, P, n, h), private key d, public key Q, message m, wherein, IDA, IDBRespectively
It is the ID of both parties;
Output signature is to (r, s);
Step (1), calculates t=Hash (IDA||IDB| | count) mod n, count=0x00000001, if t=0, then
Count++, recalculates t;
Step (2), random selection k ∈ [1, n-1];
Step (3), computing kP=(x1, y1), afterwards x1It is converted into integer;
Step (4), calculates r=x1Mod n, if r=0, then rebound step (2);
Step (5), calculates e=H (m), wherein, H (x) is hash function;
Step (6), calculates s=k-1T (e+dr) mod n, if s=0, then rebound step (2) obtains random number;
Step (7), output signature is to (r, s).
2. a kind of sign test method based on algorithm described in claim 1, it is characterised in that comprise the steps:
|input paramete group D=(IDA, IDB, q, FR, S, a, b, P, n, h), message m is signed to (r, s), wherein, IDA, IDBRespectively
It is the ID of both parties;
Step (1), calculates t=Hash (IDA||IDB| | count) mod n, count=0x00000001, if t=0, then
Count++, recalculates t;
Step (2), determines r ∈ [1, n-1], s ∈ [1, n-1], otherwise sign test failure;
Step (3), calculates e=H (m), wherein, H (x) is hash function;
Step (4), calculates w=s-1mod n;
Step (5), calculates u1=tew mod n, u2=trw mod n;
Step (6), calculates X=u1P+u2Q, if X is infinite point, signature failure;
Step (7), X=(x1, y1), afterwards x1It is converted into integer;
Step (8), if x1It is equal with r, then sign test success, otherwise sign test failure.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610991199.8A CN106533682A (en) | 2016-11-10 | 2016-11-10 | Point-to-point elliptic-curve type digital signature algorithm and signature verification method based on the same |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610991199.8A CN106533682A (en) | 2016-11-10 | 2016-11-10 | Point-to-point elliptic-curve type digital signature algorithm and signature verification method based on the same |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106533682A true CN106533682A (en) | 2017-03-22 |
Family
ID=58350580
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610991199.8A Pending CN106533682A (en) | 2016-11-10 | 2016-11-10 | Point-to-point elliptic-curve type digital signature algorithm and signature verification method based on the same |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106533682A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114465735A (en) * | 2022-04-12 | 2022-05-10 | 北京象帝先计算技术有限公司 | Signature checking system, electronic device, electronic equipment and signature checking method |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101441693B (en) * | 2008-11-25 | 2010-09-01 | 西安理工大学 | Security protection method for electric document digital signing based on elliptical curve |
CN103532721A (en) * | 2013-10-23 | 2014-01-22 | 北京旋极信息技术股份有限公司 | Digital signature method, signature verification method, and method of distinguishing transaction signature and common signature |
CN105610583A (en) * | 2014-11-04 | 2016-05-25 | 上海华虹集成电路有限责任公司 | ECDSA method for resisting error curve attack |
-
2016
- 2016-11-10 CN CN201610991199.8A patent/CN106533682A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101441693B (en) * | 2008-11-25 | 2010-09-01 | 西安理工大学 | Security protection method for electric document digital signing based on elliptical curve |
CN103532721A (en) * | 2013-10-23 | 2014-01-22 | 北京旋极信息技术股份有限公司 | Digital signature method, signature verification method, and method of distinguishing transaction signature and common signature |
CN105610583A (en) * | 2014-11-04 | 2016-05-25 | 上海华虹集成电路有限责任公司 | ECDSA method for resisting error curve attack |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114465735A (en) * | 2022-04-12 | 2022-05-10 | 北京象帝先计算技术有限公司 | Signature checking system, electronic device, electronic equipment and signature checking method |
CN114465735B (en) * | 2022-04-12 | 2022-06-17 | 北京象帝先计算技术有限公司 | Signature checking system, electronic device, electronic equipment and signature checking method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6903064B2 (en) | Data transfer control method and system based on integrated blockchain | |
CN109246129B (en) | SM2 collaborative signature method and system capable of verifying client identity | |
US11416854B2 (en) | System and method for information protection | |
CN109167661B (en) | Byzantine fault-tolerant consensus method applied to alliance chain and terminal | |
US10887104B1 (en) | Methods and systems for cryptographically secured decentralized testing | |
CN111125736A (en) | Pathogenic gene detection method based on privacy protection intersection calculation protocol | |
CN104993937B (en) | A kind of method of inspection for cloud storage data integrity | |
US8452974B2 (en) | Image processing apparatus, electronic signature generation system, electronic signature key generation method, image processing method, and program | |
CN108964916B (en) | Signature generation method, generation device, signature verification method and verification device | |
CN113411188B (en) | Electronic contract signing method, electronic contract signing device, storage medium and computer equipment | |
CN114329527A (en) | Intersection data acquisition method, equipment and system | |
US11409907B2 (en) | Methods and systems for cryptographically secured decentralized testing | |
CN106899413B (en) | Digital signature verification method and system | |
CN110289951B (en) | Shared content supervision method based on threshold key sharing and block chain | |
CN101441693B (en) | Security protection method for electric document digital signing based on elliptical curve | |
CN115396115B (en) | Block chain data privacy protection method, device, equipment and readable storage medium | |
CN116566626A (en) | Ring signature method and apparatus | |
CN112436938A (en) | Digital signature generation method and device and server | |
CN106856431A (en) | Improved ECDSA and sign test method | |
CN106533682A (en) | Point-to-point elliptic-curve type digital signature algorithm and signature verification method based on the same | |
CN113645036A (en) | Ether shop transaction privacy protection method based on ring signature and intelligent contract | |
CN112132578B (en) | Efficient transaction processing method, tracking method and device based on block chain | |
CN107733645A (en) | Coded communication authentication method and system | |
CN106685648B (en) | A kind of distributed signature method and system based on elliptic curve | |
CN114611152B (en) | Query method and query system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170322 |
|
RJ01 | Rejection of invention patent application after publication |