CN106789087A - Determine the data summarization of message, the method and system based on multi-party digital signature - Google Patents
Determine the data summarization of message, the method and system based on multi-party digital signature Download PDFInfo
- Publication number
- CN106789087A CN106789087A CN201710061691.XA CN201710061691A CN106789087A CN 106789087 A CN106789087 A CN 106789087A CN 201710061691 A CN201710061691 A CN 201710061691A CN 106789087 A CN106789087 A CN 106789087A
- Authority
- CN
- China
- Prior art keywords
- participant
- signature
- hash function
- state
- document
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3255—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Document Processing Apparatus (AREA)
Abstract
A kind of data summarization for determining message, the digital signature method based on multiple party signatures and system, the method for the data summarization of the determination message of one embodiment include:Obtain the quantity of state of pending message and hash function;According to the quantity of state of hash function, initialization operation is carried out using the initialization algorithm of hash function, initialize the context of hash function computing;Exported the context of hash function computing as hash function quantity of state;Using the end operation of the end algorithm performs hash function of hash function, the summary info of pending message is obtained.The context of hash function computing when the present embodiment is using the data summarization for determining message is exported as hash function quantity of state, so that other participants or trusted third party can construct virtual file to complete the process of sequential signature based on the hash function quantity of state, meet the final electronic contract file for producing and meet call format of the PDF document to multiple party digital signatures, it is ensured that the fairness of multiple signer's electronic contract signatures.
Description
Technical field
The present invention relates to field of information security technology, more particularly to a kind of method, one of the data summarization for determining message
Plant the system of the data summarization for determining message, a kind of digital signature method and one kind based on multiple party signatures and be based on multiple party signatures
Digital signature system.
Background technology
Fairness is a basic principle in commercial activity.In contract signs such a commercial activity, several ginsengs
Flocked together with people, just a common contract text is held consultation, and after negotiation is finished, is signed a contract.Per a effective
Contract all signatures comprising all participants, to meet the legally requirement on validity of treaty.If someone's denial, can be with
Pinpoint the problems on the spot, settle disputes, it is ensured that fairness.In cyberspace, some participant of contract signature, such as Bob,
The signature terminated a contract at certain time point can be selected, and it is network problem, such as network delay or Network Packet Loss to evade.
Other participants cannot confirm that Bob is on earth to terminate intentionally, also because irresistible network problem is forced what is terminated.This
Have led to unjustness:Bob has the right of any termination protocol relative to other participants, and this right may be
Bob brings unjustified enrichment, damages the interests of other participants.The contract of Verifiable Encryptosystem signature (VES) is for example based in two sides
In signature scheme, participant Alice sends a VES message to Bob, and Bob can be proved using the message to any third party
Alice is to oneself have sent one on certain part of message of contract text.Although now Bob does not obtain the signature of Alice,
It could even be possible to always cannot get the signature of Alice, but this remains unchanged and means on certain time point, and Alice was really once
Through considering to carry out a sub-congruence signature with Bob, Alice has carried out promise to a certain degree in other words.Bob as condition,
Can be held consultation with any third party, expect to obtain more preferable interests.In order to solve these problems, there has been proposed " without indiscriminate
With " fair contract sign, it is desirable to the participant of participation contract signature cannot be during contract signature using signing a contract
Telescript to prove the behavior that contract is signed to any third party.
There is the solution of more resolving ideas and comparative maturity in fair contract signature problem, either double
The agreement or multi-party agreement of side, there is some good results in theory.However, there are many constraints in actual applications
Condition, so as to cause traditional scheme to use.Such as practical application is based on following 2 points constraints:(1) using PDF
Document as contract documents carrier;(2) digital signature of all participants must be included in a contract.While it appear that on
State two to require very simply, but but limit traditional scheme to be used.
First, PDF document only supports RSA and DSA signature, and in other words, must be used when Fair Exchange Protocol is constructed can
With extraction standard RSA or the agreement of DSA signature.Verifiable Encryptosystem signature (VES) is a kind of extension of ordinary numbers signature, by with
Make the basic module of design Fair Exchange Protocol.The VES schemes that Ateniese is proposed support that the RSA of the extraction standard from VES is signed
Name or DSA signature, basic process are as follows:
1st, user Alice random selection Big primes p ', q ' are set, p=2p '+1, q=2q '+1 is constructed, n=pq is generated.
Alice selection public key e > 2, calculate private key d and meet ed=1mod2p ' q '.When being signed to message m, hash function is usedCalculate digital signature δ=H (m)d。
2nd, Alice applies for digital certificate to the certification authority (CA) of authority, obtains CertCA:A, represent that CA is presented to
The digital certificate of Alice, wherein the identity information containing public key (e, n) and Alice.
3rd, Alice is registered to trusted third party (TTP), submits Cert toCA:A.TTP verifies digital certificate, random selectionCalculateY=gx, and issue digital certificate Cert to AliceTTP:A, wherein identity, public affairs comprising Alice
Key (e, n) and parameter (g, y).TTP stores the private key that x signs as the VES for recovering Alice.
4th, VES signatures are made up of an ElGamal encryption with an equal nonreciprocal knowledge proof of index in form.
Alice will generate the VES signatures on message m, calculate c1=H (m)2dyr, c2=gr, random selectionCalculate gt
(ye)t, calculate w1=H (m, yer,gr,ye,g,(ye)t,gt), w2=t-cr.Alice setting VES signatures are φAlice=(c1,
c2,w1,w2).When a VES signature is sent to identifier Bob by Alice, Alice sends message m and VES signatures
φAliceAnd digital certificate CertTTP:A。
5th, checking of the VES checkings mainly to knowledge proof.Bob is received after the content of Alice, first verifies that digital card
Book CertTTP:A, calculate afterwardsIf w1'=w1Just
Think that VES signatures are correct.
6th, TTP can recover the VES signatures of Alice.TTP receives (m, the φ of certain entity submissionAlice,CertTTP:A) it
Afterwards, the correctness of VES is first verified that, validation failure exits execution.Otherwise, TTP is decrypted using the x on Alice of storage
φAlice, obtain H (m)2d, can recover H (m) using Euclidean algorithm afterwardsd.Particularly point out, the H (m) that TTP is recovereddIt is
One RSA digital signature of standard, does not need operation bidirectional, it is only necessary to perform the RSA signature checking procedure of standard in checking
Can verify that.
Secondly, there is call format during PDF document additional digital signature.Individual digit signature structure as shown in figure 1,
Wherein, the content of hash function is defined by bytes range (ByteRange), is divided into two parts, and digital signature value is embedded in centre.
Part I is document content to be signed and some " metadata ", such as font information, digital signature format etc..Part II
Remaining " metadata " and end mark, such as timestamp information, the reason for digital signature is subsidiary, the signature such as position when be input into
Information.In the example in fig 1, the data that the data of Part I have 840 bytes, Part II have 240 bytes, numeral
Signature has 120 bytes.In practice, PDF 1.5 editions afterwards, supports the RSA signature of 1024,2048 and 4096 bit lengths.
When multiple digital signature are deposited in a PDF document, its structure is as shown in Figure 2.It can be seen that one in Fig. 2
PDF document includes three examples of digital signature.The content that first signer is signed includes original document and on original
" metadata " that document is signed with first digit.The content that second signer is signed is included with the complete of signature for the first time
Whole signature document, some modification contents (for example increased annotation) to document and on amended content and this is digital
" metadata " of signature.Third digit signature is similar, and the content that the 3rd signer is signed is included except this numeral is signed
All the elements of the PDF document outside name.
From legal effect, first digit signature shows that signer approves the document content before its signature, not
Comprising the accreditation to subsequent modification content (such as annotating) and following digital signature.Second digit signature shows that signer approves
The annotation that document content and the signer before its signature may be added oneself.Third digit signature is similar.Three signatures
There was only original contract text in the part that people approves jointly.The increased annotation of follow-up signer is only to the signer of addition annotation
It is binding.According to PDF specifications, PDF readers can show the digital signature and its scope of protection in pdf document
Come, the content that can clearly indicate each signer to be changed.
Traditional multi-party Fair contract signature scheme is that just the respective numeral of the fair exchange of a consentient text is signed
Name, i.e., the content that each digital signature is signed is consistent, and this is not inconsistent with the form of PDF document multi people signatures.
The content of the invention
Based on this, it is necessary to for the content one that traditional multi-party Fair contract signature scheme each digital signature is signed
The problem that the requirement of cause is not inconsistent with the form of PDF document multi people signatures, there is provided a kind of method, one of the data summarization of determination message
Plant the system of the data summarization for determining message, a kind of digital signature method and one kind based on multiple party signatures and be based on multiple party signatures
Digital signature system.
To achieve these goals, the embodiment of technical solution of the present invention is:
A kind of method of the data summarization for determining message, including step:
Obtain the quantity of state of pending message and hash function;
According to the quantity of state of the hash function, initialization operation is carried out using the initialization algorithm of hash function, initially
Change the context of hash function computing;
The context of the hash function computing is exported as hash function quantity of state;Using the knot of hash function
The end operation of beam algorithm performs hash function, obtains the summary info of the pending message.
A kind of digital signature method based on multiple party signatures, including step:
Current participant is obtained or constructed to be waited to sign documents;
It is determined that with wait the corresponding hash function quantity of state that signs documents;
According to the hash function quantity of state, the context of hash function computing is initialized;
Using the end operation of the end algorithm performs hash function of hash function, the data to be signed documents are obtained
Summary;
Digital signing operations are performed according to the data summarization to be signed documents, digital signature result is obtained.
A kind of endorsement method based on multiple party signatures, including step:
The second upstream message that a participant sends is received, second upstream message includes a upper participant
Digital signature result;
Document after a upper participant digital signature is synthesized according to second upstream message;
Verify on this after digital signature for participant, calculate the Kazakhstan of the document on this after participant digital signature
Uncommon function status amount;
Downstream message is sent to next participant, the downstream message includes the text after a upper participant digital signature
The hash function quantity of state of shelves.
A kind of endorsement method based on multiple party signatures, including step:
The second upstream message that a participant sends is received, second upstream message includes a upper participant
VES signature results;
VES signature results to a upper participant are decrypted the digital signature result for obtaining a upper participant;
Verify on this after digital signature result for participant, calculate the document after a participant digital signature on this
Hash function quantity of state;
Downstream message is sent to next participant, the downstream message includes the text after a upper participant digital signature
The hash function quantity of state of shelves.
A kind of endorsement method based on multiple party signatures, including step:Receive the signature information of last participant transmission
Right, signature information is to the information signature including each participant signature information, each participant signature information, each participant signature information
Including the hash function quantity of state of document after each participant digital signature, the VES signature results of each participant and original wait to sign
Administration's file data;
The VES of each participant signature result is verified, each participant digital signature is determined hereinafter according to the result
The correctness of the hash function quantity of state of shelves;
When the hash function quantity of state of document after each participant digital signature is verified, sent to first participant
Agreement performs message, sends the digital signature of first participant to next participant from first participant
As a result, when and receiving the digital signature result of a upper participant by each participant, to the digital signature of each participant before
After result verification passes through, the digital signature result of current participant is sent to next participant, and by last ginseng
After being verified to the digital signature result of each participant before with side, it is determined that final signature synthesis document, and by the final label
Name synthesis document sequentially returns to each participant before.
A kind of system of the data summarization for determining message, including:
Data obtaining module, the quantity of state for obtaining pending message and hash function;
First initialization module, for the quantity of state according to the hash function, using the initialization algorithm of hash function
Initialization operation is carried out, the context of hash function computing is initialized;
Information updating module, for the quantity of state based on the hash function, using the information updating algorithm of hash function
Information updating operation is carried out to the pending message, the context of the hash function computing after being updated;
Quantity of state output module, for the context of the hash function computing after renewal to be entered as hash function quantity of state
Row output;
Terminate processing module, for the end operation of the end algorithm performs hash function using hash function, obtain institute
State the summary info of pending message.
A kind of digital signature system based on multiple party signatures, including:
File acquisition module, waits to sign documents for obtaining or constructing;
First state amount determining module, for determining and waiting the corresponding hash function quantity of state that signs documents;
Second initialization module, for according to the hash function quantity of state, initializing the context of hash function computing;
Summary determining module, for the end operation of the end algorithm performs hash function using hash function, obtains institute
State data summarization to be signed documents;
Digital Signature module, for performing digital signing operations according to the data summarization to be signed documents, obtains number
Word signature result.
A kind of signature system based on multiple party signatures, including:
Second message reception module, for receiving the second upstream message that a upper participant sends, described second is up
Message includes the digital signature result of a upper participant;
Second document synthesis module, after synthesizing a upper participant digital signature according to second upstream message
Document;
Second quantity of state determining module, for verifying on this after digital signature for participant, calculates a ginseng on this
With the hash function quantity of state of the document after square digital signature;
Second message transmission module, for sending downstream message to next participant, the downstream message includes upper one
The hash function quantity of state of the document after individual participant digital signature.
A kind of signature system based on multiple party signatures, including:
Second message reception module, for receiving the second upstream message that a upper participant sends, described second is up
Message includes the VES signature results of a upper participant;
VES deciphering modules, are decrypted for the VES signature results to a upper participant and obtain a upper participant
Digital signature result;
Second quantity of state determining module, for verifying on this after digital signature result for participant, calculates one on this
The hash function quantity of state of the document after individual participant digital signature;
Second message transmission module, for sending downstream message to next participant, the downstream message includes upper one
The hash function quantity of state of the document after individual participant digital signature.
A kind of signature system based on multiple party signatures, including:
Second signature information disappears to receiver module, the signature information pair for receiving last participant transmission, signature
Breath includes each ginseng to the information signature including each participant signature information, each participant signature information, each participant signature information
With VES signature result and the original number to be signed documents of the hash function quantity of state of document, each participant after square digital signature
According to;
Signature information is verified to authentication module for the VES signature results to each participant, true according to the result
The correctness of the hash function quantity of state of document after fixed each participant digital signature;
Message transmission module is performed, the hash function quantity of state for the document after each participant digital signature is verified
When, send agreement to first participant and perform message, from first participant sent to next participant this first
The digital signature result of individual participant, and when receiving the digital signature result of a upper participant by each participant, it is right
After the digital signature result of each participant is verified before, the numeral for sending current participant to next participant is signed
Name result, and after being verified to the digital signature result of each participant before by last participant, it is determined that final signature
Synthesis document, and the final signature synthesis document is sequentially returned into each participant before.
Based on the scheme of embodiment as described above, its by it is determined that message data summarization when, obtaining Hash letter
After the context of number computing, exported the context of hash function computing as hash function quantity of state, in electronic contract
When being digitally signed during signature, by the corresponding hash function quantity of state of the electronic contract file for determining signature, can
Data summarization to be signed documents is calculated with based on the hash function quantity of state, and the hash function quantity of state may be used also
To share to other participants or trusted third party so that other participants or trusted third party can be based on the Hash letter
Number state amount constructs virtual file, so as to complete the process of sequential signature, and can meet the electronic contract text of final generation
Part meets call format of the PDF document for multiple party digital signatures.
Brief description of the drawings
Fig. 1 is the structural representation of the individual digit signature of PDF document in one embodiment;
Fig. 2 is structural representation of the PDF document comprising multiple digital signature in one embodiment;
Fig. 3 is the schematic flow sheet of the method for the data summarization of determination message in one embodiment;
Fig. 4 is the schematic flow sheet of the digital signature method based on multiple party signatures in one embodiment;
Fig. 5 is the schematic flow sheet of the digital signature method based on multiple party signatures in another embodiment;
Fig. 6 is the schematic flow sheet of the digital signature method based on multiple party signatures in another embodiment;
Fig. 7 is the interaction that the digital signature method based on multiple party signatures in a specific example carries out electronic contract signature
Schematic flow sheet;
Fig. 8 is the friendship that the digital signature method based on multiple party signatures in second specific example carries out electronic contract signature
Mutual schematic flow sheet;
Fig. 9 is the friendship that the digital signature method based on multiple party signatures in the 3rd specific example carries out electronic contract signature
Mutual schematic flow sheet;
Figure 10 is that the digital signature method based on multiple party signatures in the 4th specific example carries out electronic contract signature
Interaction flow schematic diagram;
Figure 11 is that the digital signature method based on multiple party signatures in the 5th specific example carries out electronic contract signature
Interaction flow schematic diagram;
Figure 12 is the structural representation of the system of the data summarization of determination message in one embodiment;
Figure 13 is the structural representation of the digital signature system based on multiple party signatures in one embodiment;
Figure 14 is the structural representation of the digital signature system based on multiple party signatures in a specific example;
Figure 15 is the structural representation of the digital signature system based on multiple party signatures in second specific example;
Figure 16 is the structural representation of the digital signature system based on multiple party signatures in the 3rd specific example;
Figure 17 is the structural representation of the digital signature system based on multiple party signatures in the 4th specific example;
Figure 18 is the structural representation of the digital signature system based on multiple party signatures in the 5th specific example;
Figure 19 is the structural representation of the digital signature system based on multiple party signatures in another embodiment;
Figure 20 is the structural representation of the digital signature system based on multiple party signatures in another embodiment;
Figure 21 is the structural representation of the digital signature system based on multiple party signatures in another embodiment.
Specific embodiment
To make the objects, technical solutions and advantages of the present invention become more apparent, below in conjunction with drawings and Examples, to this
Invention is described in further detail.It should be appreciated that specific embodiment described herein is only used to explain the present invention,
Do not limit protection scope of the present invention.
In order to without loss of generality, it is assumed that the contract signature that having three users Alice, Bob, Charlie will perform justice is assisted
View, they have consulted contract text, have write in PDF document, and fair contract signing protocol, following each embodiments are performed afterwards
Explanation in, be with tripartite justice contract sign scene be described, it will be understood by those skilled in the art that following each realities
Applying the scheme of example can extend to the situation of multi-party Fair contract signature.Explanation based on following each examples is it was determined that general
In the case of, only first participant and last participant may need to perform some exception operations, and each participation of centre
The operation of side is identical.
In the scheme of following each embodiments, a precondition for hypothesis is based on:Each participant have found one
The common trusted third party (TTP) for trusting.Be attached to the signature of oneself in treaty documents by each participant, gives TTP, and by
TTP carries out handing to other participants.Under the precondition, according to the common side verified based on trusted third party
Formula, many wheel interactions are needed in the case where participant is more than 2.Assuming that be point-to-point link between each entity, if pn
Individual participant, this mode needs each participant and the TTP to carry out pnThe interaction of -1 time.Interaction every time at least needs 2pnBar message,
2p is at least needed altogethern(pn- 1) bar message.Therefore, because the complexity of the agreement of multi-party contract signature, based on many wheel interactions
Agreement cannot adapt to the business scenario situation higher for the requirement of real-time, and the scheme of related embodiment of the invention, can
With under conditions of fair contract signature is met, while meeting requirement of real-time higher.
The related content of the related embodiment of the present invention is described for convenience, and the related content in following each embodiments is made
Hereinafter arrange:Symbol m represents contract text, after symbol m ' represents contract text, the Part I before digital signature field
" metadata ", symbol m " represents the Part II " metadata " and end mark after digital signature field.User X is to message m
Digital signature be represented simply asWhereinRepresent using a kind of hash function H to message m
The eap-message digest being calculated, SignX() represents a kind of Digital Signature Algorithm (such as RSA signature), δXRepresent digital signature meter
Calculate result, also referred to as digital signature result.Symbol H () represents the arithmetic operation of hash function, rather than expression hash function
Result of calculation, the computer capacity of the content representation arithmetic operation in the symbol bracket.Symbol H (m, m ', m ") is represented original
Literary m, m ' and m " sequentially inputs H () arithmetic operation and obtains result of calculation.Symbol ΛXAnd VESSignXRepresent user X's respectively
VES signature results and user X perform the process of VES.
During PDF signs, follow-up any one participant must make an above output result for participant
It is original text, a summary info (data summarization) is calculated by hash function, for producing digital signature result.
In the multi-party Fair contract signature scheme based on VES, due to certain can not be disclosed before each side's signature is completed
The signature value of participant so that participant cannot calculate the original text summary letter required for producing digital signature according to PDF original texts
Breath.In each of the embodiments described below, this problem is solved by introducing the thought of Distributed Calculation hash function.First, it is considered to
Calculating to most hash function H in existing cipher system can be iteration, by three algorithms and a shape
State amount can describe the specific calculating process of hash function.Quantity of state is ψ, and storage is needed in expression hash function calculating process
Intermediateness.Three algorithms are respectively the initialization algorithm H of hash functioniThe information updating algorithm H of (ζ), hash functionu(·)、
And the end algorithm H of hash functionf(·).Initialization algorithm HiThe |input paramete ζ of (ζ) is hash function type, for example Hi
(MD5) the initialization computing of MD5 algorithms, H are representedi(SHA1) the initialization computing of SHA1 algorithms is represented.Information updating algorithm Hu
() and terminate algorithm HfThe |input paramete of () represents the original text for participating in computing, and the two computings all must be based on a Hash
The quantity of state ψ of functional operation, for example ψ .HfRepresent to be performed as intermediateness using quantity of state ψ and terminate algorithm Hf(), here symbol
The left side of " " is quantity of state or intermediate result, and the right accords with for arithmetic operation.In order to simplify description, multiple Hash operation steps can
To combine, for exampleExpress and eap-message digest is calculated to original text m using hash function ζ
Process, initialization is performed successively, update and terminates these three computings.
In order to further clearly above-mentioned statement is regular, it is assumed that the message for needing Hash is (m, m ', m "), its actual calculating
Process can calculate H firsti(ζ), is initialized to quantity of state ψ, and H is calculated afterwardsu(m), then calculate Hu(m ', m "), finally counts
Calculate HfThe output of hash function is obtained, this calculating process can be expressed as
Carrying out HuDuring calculating, quantity of state ψ can be updated.In the calculating process of hash function, once perform HfObtain Hash meter
Result is calculated, quantity of state ψ will be abandoned, and the quantity of state being dropped cannot be inversely derived according to the Hash calculation result of output
ψ.Based on above-mentioned limitation, the basic thought of the Distributed Calculation hash function of following each embodiments of the invention is in multi-party Fair
Quantity of state ψ is shared between each participant of contract, by transmission state amount ψ so that multiple entities cooperate to complete once
The calculating of hash function.The method of this calculating hash function is that the realization of most of hash function is all supported, for example
OpenSSL storehouses, NTRU storehouses etc..
Based on the above-mentioned precondition for setting, it is described in detail below in conjunction with wherein several embodiments.
The schematic flow sheet of the method for the data summarization of determination message in one embodiment is shown in Fig. 3.Such as Fig. 3 institutes
Show, the method for the data summarization of the determination message in the embodiment includes:
Step S301:Obtain the quantity of state of pending message and hash function;
Step S302:According to the quantity of state of the hash function, initialized using the initialization algorithm of hash function
Operation, initializes the context of hash function computing;
Step S303:Exported the context of hash function computing as hash function quantity of state;Using Hash letter
The end operation of several end algorithm performs hash functions, obtains the summary info of the pending message.
Based on the scheme of embodiment as described above, its by it is determined that message data summarization when, obtaining Hash letter
After the context of number computing, exported the context of hash function computing as hash function quantity of state, so as in electronics
When being digitally signed during contract signature, by the corresponding hash function state of the electronic contract file for determining signature
Amount, can calculate data summarization to be signed documents, and the hash function state based on the hash function quantity of state
Amount can also share to other participants or trusted third party so that other participants or trusted third party can be based on should
Hash function quantity of state constructs virtual file, so as to complete the process of sequential signature, and can meet the electronics of final generation
Contract documents meets call format of the PDF document for multiple party digital signatures.
Wherein, the quantity of state of above-mentioned hash function can include:The information of the register group of Hash operation, and last
The information of individual still untapped input data piecemeal.
In a specific example, between above-mentioned steps S302 and step S303, can also include:
Step S3023:Based on the quantity of state of the hash function, treated to described using the information updating algorithm of hash function
Treatment message carries out information updating operation, the context of the hash function computing after being updated.
Now, it is using the context of the hash function computing after renewal as hash function shape in above-mentioned steps S303
State amount is exported.
When information updating operation is carried out in a specific example, in above-mentioned steps S3023, can be using hash function
Information updating algorithm, at least one data slot to pending message performs information updating operation.
The method of the data summarization for determining message as described above, may apply to the digital signature based on multiple party signatures
During, to export the quantity of state of hash function, and then the Hash based on output during the data summarization of message is calculated
Function status amount is digitally signed, and then the signature of multiparty electronic contract is carried out based on multiple party signatures.
The schematic flow sheet of the method for the digital signature based on multiple party signatures in one embodiment is shown in Fig. 4, should
It is to be illustrated by taking a processing procedure for participant as an example in embodiment.As shown in figure 4, being signed based on multi-party in the embodiment
The method of the digital signature of name includes:
Step S401:Current participant is obtained or constructed to be waited to sign documents;
Step S402;It is determined that with wait the corresponding hash function quantity of state that signs documents;
Step S403;According to the hash function quantity of state, the context of hash function computing is initialized;
Step S404;Using the end operation of the end algorithm performs hash function of hash function, wait to sign described in acquisition
The data summarization of file;
Step S405;Digital signing operations are performed according to the data summarization to be signed documents, digital signature knot is obtained
Really.
The hash function quantity of state obtained in above-described embodiment scheme, can pass to other participants, or be based on
Other information passes to other participants, to complete the transmission of information, and then completes the electronic contract based on multiple party signatures accordingly
Signature.
In a concrete application example, above-mentioned determination with before corresponding hash function quantity of state of waiting to sign documents,
Current participant can also be obtained to above-mentioned interpolation data to be signed documents.Now, it is above-mentioned wait to sign documents add including above-mentioned
Addend evidence;Above-mentioned hash function quantity of state is that treating including above-mentioned interpolation data is signed documents to calculate the hash function shape for obtaining
State amount.
It is now, above-mentioned to wait to sign documents when above-mentioned current participant is first participant in an application example
Can be original data to be signed documents.Now, it is above-mentioned with wait the corresponding hash function quantity of state that signs documents, can be basis
Original data to be signed documents calculate obtain hash function quantity of state corresponding with original data to be signed documents (for ease of with
The corresponding hash function quantity of state of file for having the interpolation data of current participant is made a distinction, and the is referred to as in following each embodiments
One hash function quantity of state).Now, with corresponding hash function quantity of state of waiting to sign documents for the first hash function state
Amount.
On the other hand, when above-mentioned current participant is first participant, have in current participant and wait to sign to original
It is now, above-mentioned to wait to sign documents including original data to be signed documents and work as in the case of file data addition related data
The interpolation data of preceding participant.In the case, it is determined that with wait sign documents corresponding hash function quantity of state when, can adopt
Carried out with following manner:Calculate and obtain with original wait after the corresponding first hash function quantity of state of the data that sign documents;According to
One hash function quantity of state, above-mentioned interpolation data determine the second hash function quantity of state.Now, with wait the corresponding Kazakhstan that signs documents
Uncommon function status amount is the second hash function quantity of state.In the context of above-mentioned initialization hash function computing, Ke Yishi
Initialized according to the second hash function quantity of state.
Wherein, determine to obtain data summarization to be signed documents based on above-mentioned hash function quantity of state, obtain digital signature
After result, related hash function quantity of state or the relevant information based on hash function quantity of state can be based on credible the
Tripartite TTP passes to next participant, it is also possible to be directly passed to next participant.In transmittance process, can also tie
Different modes are closed, such as VES signatures are carried out.
In an application example, when current participant is first participant, can also be by the digital signature knot
Wait document after the middle current participant digital signature of acquisition that signs documents described in being really added to, and the current participant numeral is signed
Document sends to trusted third party after name.
In an application example, when current participant is not first participant, can also be sent out to trusted third party
Sending the second upstream message, the second upstream message includes above-mentioned digital signature result.Wherein, data be with the addition of in current participant
In the case of, the second upstream message can also include the interpolation data of current participant, i.e. the second upstream message includes digital signature
The interpolation data of result and current participant.
In an application example, trusted third party can also be received and sent after being verified to last participant
Final signature synthesis document.Such that it is able to determine that final signature synthesizes document by trusted third party, to ensure each participant most
What is obtained afterwards is with the document after a signature.
In an application example, when current participant is not first participant, current participant can also be received
The downstream message that trusted third party TTP sends, downstream message includes above-mentioned hash function quantity of state.In each participant addition before
In the case of data, the downstream message can include above-mentioned hash function quantity of state and before each participant treats signature
The interpolation data of file.Wherein, the hash function quantity of state be with a upper participant signature after waiting sign documents it is corresponding
Hash function quantity of state, each participant before includes previous participant.
Now, above-mentioned to wait to sign documents can be signed documents according to waiting of conceptually constructing of above-mentioned downstream message, should
Wait to sign documents is virtual file.
One application example in, can also using each participant consult shared key to it is described wait to sign documents carry out
Encryption, waits to sign documents after being encrypted.Now, the first upstream message can also be sent to trusted third party, first up disappears
Breath includes waiting after above-mentioned encryption signing documents, above-mentioned first hash function quantity of state and above-mentioned digital signature result.Current
In the case that participant with the addition of data, the first upstream message can also include the interpolation data of current participant, i.e., on first
Row message includes waiting to sign documents after encryption, above-mentioned first hash function quantity of state, above-mentioned digital signature result and current ginseng
With the interpolation data of side.
In an application example, trusted third party can also be received and sent after being verified to last participant
Initial signature synthesis document, the initial signature synthesis document is that trusted third party is based on to the digital signature result of each participant
The synthesis document of determination.Now, current participant is stored always according to itself data original to be signed documents, the initial signature
The final signature synthesis document of synthesis document synthesis.
In an application example, when current participant is not first participant, trusted third party can also be received
The downstream message of transmission, downstream message includes above-mentioned hash function quantity of state and the first hash function quantity of state.It is each before
In the case that participant with the addition of data, the downstream message can also include before each participant interpolation data, i.e., it is above-mentioned under
Row message includes above-mentioned hash function quantity of state, above-mentioned first hash function quantity of state and each participant is waited to sign to above-mentioned before
Affix one's name to the interpolation data of file.
Now, current participant can also be according to the data original to be signed documents for itself storing, to above-mentioned downstream message
In the first hash function quantity of state verified.
In an application example, current participant can also carry out VES signature treatment to above-mentioned digital signature result, obtain
Obtain VES signature results.
When current participant is first participant, it is up that current participant can also send first to trusted third party
Message, first upstream message includes the VES signature result and original data to be signed documents.Add in current participant
In the case of having added data, first upstream message can also include the interpolation data of current participant, i.e. the first upstream message
Interpolation data including VES signatures result, original data to be signed documents and current participant.
On the other hand, when current participant is not first participant, current participant can also be to trusted third party
The second upstream message is sent, second upstream message includes above-mentioned VES signature results.The feelings of data are with the addition of in current participant
Under condition, second upstream message can also include the interpolation data of current participant, i.e. the second upstream message is signed including the VES
The interpolation data of name result and current participant.
In an application example, when current participant is first participant, the current participant can also be to can
Letter third party sends the first upstream message, and the first upstream message includes waiting to sign documents after above-mentioned encryption, above-mentioned first Hash letter
Number state amount and above-mentioned VES signature results.In the case where current participant with the addition of data, first upstream message is also
The interpolation data of current participant can be included, i.e. the first upstream message includes waiting to sign documents after above-mentioned encryption, above-mentioned first
The interpolation data of hash function quantity of state, above-mentioned VES signature results and current participant.
One application example in, current participant can also by above-mentioned digital signature result be added to it is above-mentioned treat signature text
Document after current participant digital signature is obtained in part, and determines the hash function state of document after current participant digital signature
Amount.
In an application example, the current participant also Hash letter based on document after above-mentioned current participant digital signature
Number state amount, above-mentioned VES signature result and the current participant signature information of original data configuration to be signed documents.In a tool
In body application, in the case where current participant with the addition of data, the current participant signature information can also include current ginseng
With the interpolation data of side.
On the other hand, current participant can also construct signature information pair, and by the signature information to next participation
Side sends.Wherein, to the first signature information pair including current participant, the first signature information is to including current for the signature information
The information signature of participant signature information, current participant signature information.Wherein, it is not first participant in current participant
When, signature information pair of the above-mentioned signature information to each participant before can also including.
In an application example, current participant can also receive the signature information pair that a participant sends, on
One signature information of participant transmission is to including:The signature information pair of each participant before current participant, it is before each to join
With the signature information of side to including the signature information of each participant before, the information signature of each participant signature information before.Its
In, it is the hash function quantity of state of document after each participant digital signature before each participant signature information includes before, each before
VES signature result and the original data to be signed documents of participant.In an application example, in each participant addition before
In the case of data, the interpolation data of each participant before each participant signature information can also include before.
On this basis, current participant can also receive a signature information for participant transmission to after, test
The information signature and VES signature results of each participant before demonstrate,proving that the signature information centering that participant sends includes.
In an application example, when current participant is first participant, current participant can also be received can
Letter third party performs message in the information signature for receiving the transmission of last participant to the agreement of rear return;According to the association
View performs the digital signature result that message sends current participant to next participant.
In an application example, when current participant is not first participant, current participant can also be received
The digital signature result of each participant before that a upper participant sends;Tested in the digital signature result to each participant before
After card passes through, the digital signature result of current participant is sent to next participant.
In an application example, when current participant is last participant, current participant can also be right
After the digital signature result of each participant is verified before, it is determined that final signature synthesis document, and the final signature is synthesized
Document is sent to a participant.
In an application example, when current participant is not first participant, current participant can also be received
The final signature synthesis document that next participant sends;And when participant is not first participant in this prior, by this most
The upward participant of signature synthesis document sends eventually.
The schematic flow sheet of the digital signature method based on multiple party signatures in another embodiment is shown in Fig. 5, should
It is to be illustrated by taking the processing procedure of trusted third party TTP as an example in embodiment, and each participant is by the digital signature of oneself
Result is sent to trusted third party TTP.As shown in figure 5, the method in the embodiment includes:
Step S501:The second upstream message that a participant sends is received, second upstream message includes upper one
The digital signature result of individual participant;
Step S502:Document after a upper participant digital signature is synthesized according to second upstream message;
Step S503:Verify on this after digital signature for participant, calculate on this after participant digital signature
Document hash function quantity of state;
Step S504:Downstream message is sent to next participant, the downstream message includes a upper participant numeral
The hash function quantity of state of the document after signature.
In an application example, trusted third party TTP can also receive first participation that first participant sends
Document after square digital signature, the document after first participant digital signature includes original data to be signed documents, first
The digital signature of individual participant.
In the case, trusted third party TTP can also be the in the document after verifying first participant digital signature
After one digital signature of participant, the hash function quantity of state of the document after first participant digital signature is calculated.
Now, trusted third party TTP can also send downstream message to next participant, and the downstream message includes first
The hash function quantity of state of the document after individual participant digital signature.
In an application example, what trusted third party TTP can also receive that first participant send first up disappears
Breath, first upstream message includes:First participant is treated to sign documents using the shared key that each participant is consulted and carried out
Wait to sign documents after the encryption obtained after encryption the first hash function quantity of state corresponding with original data to be signed documents, with
And first digital signature result of participant.
On this basis, trusted third party TTP can also conceptually synthesize this first according to first upstream message
Document after participant digital signature.
Now, trusted third party TTP can also calculate this first after first digital signature of participant is verified
The hash function quantity of state of the document after participant digital signature.
On this basis, trusted third party TTP can also send downstream message, the downstream message bag to next participant
Include:The hash function quantity of state of the document after first participant digital signature and the first hash function quantity of state.
In an application example, when a upper participant is last participant, trusted third party TTP can be with
According to the final signature synthesis document of the second upstream message synthesis;And in the digital signature authentication of checking last participant
By rear, the synthesis document that will finally sign sends to each participant.
In an application example, when a upper participant is last participant, trusted third party TTP can be with
Document after a upper participant digital signature is conceptually synthesized according to the second upstream message, according to a upper participant numeral
After the digital signature authentication of confirmation of secretarial document last participant after signature passes through, according to the digital signature result of each participant
The initial signature synthesis document of synthesis, and the initial signature synthesis document is sent to each participant, by each participant according to itself
The data original to be signed documents of storage, the initial final signature synthesis document of signature synthesis document synthesis.
Fig. 6 is the treatment of the digital signature method based on multiple party signatures of the trusted third party TTP in another embodiment
Schematic flow sheet, is carried out based on VES signatures in the embodiment, and VES signature results are sent to trusted third party by each participant
TTP, the hash function quantity of state of the document after participant is signed passes to next participation via trusted third party TTP
Side.As shown in fig. 6, the method in the embodiment includes:
Step S601:The second upstream message that a participant sends is received, second upstream message includes upper one
The VES signature results of individual participant;In the case where a upper participant with the addition of data, second upstream message can also be wrapped
Include an interpolation data for participant;
Step S602:VES signature results to a upper participant are decrypted the numeral label for obtaining a upper participant
Name result;
Step S603:Verify on this after digital signature result for participant, calculate a participant numeral on this and sign
The hash function quantity of state of the document after name;
Step S604:Downstream message is sent to next participant, the downstream message includes a upper participant numeral
The hash function quantity of state of the document after signature, wherein, in the case where each participant with the addition of data before, the downstream message
The interpolation data of each participant before can also including.
In an application example, what trusted third party TTP can also receive that first participant send first up disappears
Breath, first upstream message includes:Original data to be signed documents and first VES signature result of participant.First
In the case that individual participant with the addition of data, first upstream message can also include first interpolation data of participant.
Now, trusted third party TTP can also be decrypted acquisition first to the VES signature results of first participant
The digital signature result of participant.In the case where first participant with the addition of data, after first participant digital signature
Document can also include the interpolation data of first participant
In one application example, trusted third party TTP can also be according to original data to be signed documents, first participant
Digital signature result synthesize the document after first participant digital signature.And verifying first numeral of participant
After signature, the hash function quantity of state of the document after first participant digital signature is calculated.In the case, can also be to
Next participant sends downstream message, and the downstream message includes:The Hash letter of the document after first participant digital signature
Number state amount.
In an application example, what trusted third party TTP can also receive that first participant send first up disappears
Breath, first upstream message includes:First participant is treated to sign documents using the shared key that each participant is consulted and carried out
Wait to sign documents after the encryption obtained after encryption the first hash function quantity of state corresponding with original data to be signed documents, with
And first VES signature result of participant.
Now, trusted third party TTP can also be decrypted acquisition first to the VES signature results of first participant
The digital signature result of participant.
In an application example, trusted third party TTP can also exist according to the digital signature result of first participant
The conceptive document synthesized after first participant digital signature.First digital signature of participant can also verified
Afterwards, the hash function quantity of state of the document after first participant digital signature is calculated.
In an application example, when a upper participant is first participant, trusted third party TTP can also be to
Next participant sends downstream message, and the downstream message includes:The Hash letter of the document after first participant digital signature
Number state amount and above-mentioned first hash function quantity of state.
One application example in, trusted third party TTP can also a upper participant be last participant when,
According to the final signature synthesis document of above-mentioned second upstream message synthesis;And verifying the digital signature authentication of last participant
By rear, the synthesis document that will finally sign sends to each participant.
In an application example, trusted third party TTP can also a participant be last participation on above-mentioned
Fang Shi, conceptually synthesizes the document after a upper participant digital signature, according to upper one according to second upstream message
After the digital signature authentication of last participant passes through described in confirmation of secretarial document after participant digital signature, according to each participant
The initial signature synthesis document of digital signature result synthesis, and the initial signature synthesis document is sent to each participant, by each
Data original to be signed documents, the initial final signature synthesis text of signature synthesis document synthesis that participant is stored according to itself
Shelves.
In the scheme of another embodiment, directly the information based on hash function quantity of state is sent in current participant
During to next participant, trusted third party TTP can carry out one when the message of last participant transmission is received
Secondary processing procedure, now, trusted third party TTP can receive the signature information pair of last participant transmission, signature
Message includes each to the information signature including each participant signature information, each participant signature information, each participant signature information
The hash function quantity of state of document after participant digital signature, the VES signature results of each participant and original wait to sign documents
Data.
In the case, trusted third party TTP can also verify to the VES of each participant signature result, according to testing
Card result determines the correctness of the hash function quantity of state of document after each participant digital signature.
Now, trusted third party TTP the hash function quantity of state of document can also be verified after each participant digital signature
By when, send agreement to first participant and perform message, being sent to next participant from first participant should
First digital signature result of participant, and the digital signature result of a upper participant is received by each participant
When, after being verified to the digital signature result of each participant before, sent described in current participant to next participant
Digital signature result, and after being verified to the digital signature result of each participant before by last participant, it is determined that most
Signature synthesizes document eventually, and the final signature is synthesized into each participant before document is sequentially returned to.
Based on each embodiment as described above, according to the different transfer modes of the relevant information based on hash function quantity of state
(next participant is for example passed to based on trusted third party TTP or next participant is directly passed to), and transmission
During different processing modes, such as the encryption of the shared key of each participant, VES signatures etc., below based on wherein several
Individual specific example, the process that electronic contract is signed is completed with reference to the interaction between each participant and trusted third party TTP
It is described in detail.
Wherein, in the explanation of following each specific examples, the message that direction trusted third party TTP sends is participated in by first
Referred to as the first upstream message, the second upstream message is referred to as by the message that others participate in direction trusted third party TTP transmissions, can
The message that each participant of letter third direction sends is referred to as downstream message.
Specific example one
It is that the relevant information based on hash function quantity of state is passed to credible the with each participant in the specific example
After tripartite, illustrated as a example by passing to next participant by trusted third party TTP.
In the specific example, complete multi-party Fair contract by introducing " (Inline) in line " TTP and sign process.Line
The meaning of interior TTP is that the signature each time of each signer is required for TTP to assist.Here TTP is assisted, with two layers of meaning:
(1) TTP assists certain participant to verify the correctness of the digital signature result of previous participant output;(2) based on distribution
The thought of hash function is calculated, TTP calculates the quantity of state of the hash function of certain participant output result, be then sent to follow-up
Participant so that in the case that follow-up participant need not obtain a pdf document for participant output, oneself can be generated
Digital signature.
It is assumed that user Alice, Bob and Charlie to ensure that each side all holds by other channels (such as E-mail) identical
PDF document m0.In the specific example, the treatment of user Alice represents first processing procedure of participant, user Bob
Treatment represent the processing procedure of middle each participant, the treatment of user Charlie represents the place of last participant
Reason process.Show that the digital signature method based on multiple party signatures in the specific example carries out electronic contract signature in Fig. 7
During, the schematic flow sheet of the interaction of each participant and trusted third party TTP.
As shown in fig. 7, in the specific example, in order to reach the contract signature of justice, in the signature process of electronic contract
In, user Alice, Bob, Charlie perform following agreement:
Step S701:Alice signature PDF documents m0(original data to be signed documents), it is first determined oneself need to increase
Content m 'AWith m "A(interpolation data of current participant during using Alice as current participant), and calculate eap-message digestThen digital signature is calculatedAlice is based on digital signature
Generation PDF document DA=(m0,m′A,δAlice,m″A) and trusted third party TTP is sent to by safe lane.
Step S702:Trusted third party TTP store documents DA, checking Alice signatures δAliceValidity, if checking lose
Lose, exit;If checking signature δAliceEffectively, TTP calculates document DACorresponding quantity of state (hash function quantity of state) ψA=Hi
(ζ).Hu(DA), then by safe lane by message (m 'A,m″A,ψA) (downstream message) be sent to Bob.
Step S703:Bob checks m 'AWith m "A(interpolation data of a upper participant), determines that oneself is needed in increased
Hold m 'BWith m "B(interpolation data of current participant during using Bob as current participant).Now, Bob can conceptually synthesize
PDF document DA=(m0,m′A,δAlice,m″A), because Bob there is no δAliceThus can not actually synthesize DA.Although however,
Bob there is no δAliceAnd can not actually synthesize DA, but Bob obtains document D from TTPACorresponding quantity of state ψA, so that can
To calculate cryptographic HashThe number that digital signature computing obtains Bob is performed afterwards
Word is signedBob passes through safe lane by message (m 'B,δBob,m″B) (second is up
Message) give TTP.
Step S704:TTP synthesizes DB=(DA,m′B,δBob,m″B), checking Bob signatures δBobValidity, if checking lose
Lose, exit;If checking signature δBobEffectively, TTP is to document DBCalculate quantity of state ψB=Hi(ζ).Hu(DB), then by safety
Channel is by message (m 'A,m″A,m′B,m″B,ψB) it is sent to Charlie.
Step S705:Charlie checks m 'A、m″A、m′B、m″B, it is then determined that oneself needs increased content m 'CWith m "C。
Now, Charlie can conceptually synthesize PDF document DB=(DA,m′B,δBob,m″B), although Charlie there is no δBob
And can not actually synthesize DB, but Charlie obtains document D from TTPBCorresponding quantity of state ψB, so as to calculate cryptographic HashThe digital signature that digital signature computing obtains Charlie is performed afterwardsCharlie passes through safe lane by message (m 'C,δCharlie,m″C) give
TTP。
Step S706:TTP synthesizes DC=(DB,m′C,δCharlie,m″C), verify the signature δ of CharlieCharlie.Checking is logical
Later by DCAlice, Bob and Charlie are sent to, contract signature is completed, otherwise exited.
So as to each to participate in the case of only needing to interact once between each participant and TTP in the specific example
Side can form the consistent PDF document signed.Because TPP assists to calculate the quantity of state ψ of hash function so that multi-party public
During flat contract signature, the entity (participant) signed afterwards can be generated in the case where previous signatures are not known and meet PDF
The digital signature of document specification.
Processing procedure in above-mentioned specific example has reached the target of fair contract signature.For each participant, obtaining
To final DCBefore, the digital signature information of other each side is not obtained, therefore contract signs exiting in advance for process, it is right
Each participant does not all influence.Because DCIt is that each side is sent to by TTP, if a side has obtained DC, other each side are also inevitable
D is obtainedC.In addition, above-mentioned agreement can expand to situation of the participant more than 3 people.For pnIndividual participant, each participant
Generally it is to send a message to TTP, receives message (wherein one time message is final contract) twice, the number of times of total communication
Generally 3pnIt is secondary.
Wherein, because hash function quantity of state ψ is substantially quantity of state in hash function calculating process and inadequate
The data of piecemeal.By taking SHA-1 algorithms as an example, the size of each piecemeal is the byte of 512 bits, i.e., 64, and quantity of state size is 20
Individual byte, adds two length informations, and total size is 92 bytes.By the deciphering to PDF specifications and to actual PDF document
" generally higher than 64 bytes that binary file is observed, it is known that the auxiliary information m after digital signature field.By
After being tested with reference to a number of PDF document find, m " part it is small there are about 600 bytes, big can arrive about 10K words
Section.As can be seen here, the signature value of previous digital signature field is obtained by sniff quantity of state ψ, therefore in practice, due to shape
State amount ψ is revealed and is caused the probability of the attack of signature value for previous signatures people to be minimum, it ensures that electronic contract
Security during signature.
Specific example two
It is that the relevant information based on hash function quantity of state is passed to credible the with each participant in the specific example
After tripartite, next participant is passed to by trusted third party TTP, and the shared key based on each participant is waited to sign to original
File data is illustrated as a example by being encrypted.
Based on a kind of scheme of above-mentioned specific example, trusted third party TTP can obtain contract text in participation process
Content.It is assumed that trusted third party TTP honestly participates in multi-party Fair contract signing protocol, but it is desirable to TTP cannot be closed
With the content of text.This target is reached, can be possible solution by various.For example, it is possible to use the built-in machine of pdf document
Be encrypted for critical data in file by system, could just in the demands user input password of PDF reader load documents
Really open and reading file.Due to the signature pair performed in above-mentioned example scheme processing procedure as if pdf document, and the PDF is literary
Whether part has been coupled with access password, does not have an impact for performing above-mentioned agreement.
In a concrete application implementation of the specific example, in order to reach the contract signature of justice, by pairing
With text m0It is encrypted, and performs multi-party Fair contract signing protocol.
In the specific example, it is assumed that Alice, Bob and Charlie ensure each side by other channels (such as E-mail)
All hold identical PDF document m0.Show that the digital signature method based on multiple party signatures in the specific example is carried out in Fig. 8
During electronic contract is signed, the schematic flow sheet of the interaction of each participant and trusted third party TTP.
As shown in figure 8, in the specific example, during the fair signature of electronic contract, Alice, Bob, Charlie
Perform following agreement:
Step S800:Multi-party key agreement agreement is performed between Alice, Bob and Charlie (such as the group based on DH agreements
Key agreement protocol) so that each side all holds identical shared key Kpre。
Step S801:Alice signature PDF documents m0, it is first determined oneself needs increased content m 'AWith m "A, calculate shape
State amount ψ0=Hi(ζ).Hu(m0), further calculate quantity of state ψA=Hi(ζ).Hu(m0).Hu(m ', m "), then calculates eap-message digestAnd digital signatureThen Alice is used altogether
Enjoy key KpreOriginal text is encrypted, ciphertext c is obtained0=Encrypt (m0,Kpre), any and shared key may be used herein
KpreThe AES (such as DES, 3DES, AES, SM4) for matching.Message (c after Alice0,ψ0,m′A,δAlice,m″A)
TTP is given by safe lane.
Step S802:TTP conceptually synthesizes PDF document DA=(m0,m′A,δAlice,m″A), then verify Alice signatures
δAliceValidity.In order to verify signature δAliceValidity, TTP must calculate summary infoBy
Shared key K is not held in TTPpre, therefore TTP can not possibly obtain original text m by decrypting0And calculateBut the ψ that TTP can send according to Alice really0The state of local hash function is reinitialized,
Then calculateAnd then verify signature δAliceValidity.If checking signature
δAliceFailure is then exited;If checking signature δAliceEffectively, TTP calculates document DA=(m0,m′A,δAlice,m″A) corresponding shape
State amount ψA=ψ0.Hu(m′A,δAlice,m″A), then by safe lane by message (m 'A,m″A,ψ0,ψA) it is sent to Bob.
Step S803:Bob checks m 'AWith m "A, and check ψ0With original text m0Whether match, exited if mismatching.
If ψ0With original text m0Match, Bob determines that oneself needs increased content m 'BWith m "B.Now, Bob can be closed conceptually
Into PDF document DA=(m0,m′A,δAlice,m″A), although Bob there is no δAliceAnd can not actually synthesize DABut, Bob from
TTP obtains document DACorresponding quantity of state ψA, so as to calculate cryptographic Hash
The digital signature that digital signature computing obtains Bob is performed afterwardsBob is by safety
Channel is by message (m 'B,δBob,m″B) give TTP.
Step S804:TTP conceptually synthesizes PDF document DB=(DA,m′B,δBob,m″B), then verify Bob signatures δBob
Validity.In order to verify signature δBobValidity, TTP must calculate summary infoShared key K is not held due to TTPpre, therefore TTP is not
Original text m may be obtained by decrypting0And calculateBut TTP really may be used
With the ψ sent according to Alice0The state of local hash function is reinitialized, is then calculatedAnd then verify signature δBobIt is effective
Property.If checking signature δBobFailure is then exited;If checking signature δBobEffectively, TTP calculates document DBCorresponding quantity of state ψB=
ψ0.Hu(m′A,δAlice,m″A,m′B,δBob,m″B), then by safe lane by message (m 'A,m″A,m′B,m″B,ψB) be sent to
Charlie。
Step S805:Charlie checks m 'A、m″A、m′B、m″B, and check ψ0With original text m0Whether match, if not
With then exiting.If ψ0With original text m0Match, Charlie is it is then determined that oneself needs increased content m 'CWith m "C.Now,
Charlie can conceptually synthesize PDF document DB=(DA,m′B,δBob,m″B), although Charlie there is no δBobWithout
D can actually be synthesizedB, but Charlie obtains document D from TTPBCorresponding quantity of state ψB, so as to calculate cryptographic HashThe digital signature that digital signature computing obtains Charlie is performed afterwardsCharlie passes through safe lane by message (m 'C,δCharlie,m″C) give
TTP。
Step S806:TTP conceptually synthesizes PDF document DC=(DB,m′C,δCharlie,m″C), then verify Charlie
Signature δCharlieValidity.In order to verify signature δCharlieValidity, TTP must calculate summary infoShared key K is not held due to TTPpre,
Therefore TTP can not possibly obtain original text m by decrypting0And calculateBut the ψ that TTP can send according to Alice really0
The state of local hash function is reinitialized, is then calculated
And then verify signature δCharlieValidity.If checking signature δCharlieFailure is then exited;If checking signature δCharlieInto
Work(, TTP synthesis document T=(m 'A,δAlice,m″A,m′B,δBob,m″B,m′C,δCharlie,m″C), then by safe lane by text
Shelves T is sent respectively to Alice, Bob and Charlie.
Step S807:Alice, Bob and Charlie are respectively synthesized final document DC=(m0, T), complete contract signature.
Based on the scheme in the specific example, in the case of only needing to interact once between each participant and TTP, each ginseng
The consistent PDF document signed can be formed with side.Because TPP assists to calculate the quantity of state ψ of hash function so that multi-party
During fair contract signature, the entity (participant) signed afterwards can be generated in the case where previous signatures are not known and met
The digital signature of PDF document specification.
Above-mentioned agreement in this specific example has reached the target of fair contract signature.For each participant, obtaining
Final DCBefore, the digital signature information of other each side is not obtained, therefore contract signs exiting in advance for process, to each
Individual participant does not all influence.Because DCIt is that each side is sent to by TTP, if a side has obtained DC, other each side also will inevitably
D is arrivedC.Further, it is to be appreciated that above-mentioned agreement can expand to situation of the participant more than 3 people.For pnIndividual participant,
Each participant is generally to send a message to TTP, receives message (wherein one time message is final contract) twice, total
The number of times of communication is about 3pnIt is secondary.
On the other hand, in the specific example, first participant Alice is by original text m0Just being sent to after encryption can
Letter third party TTP, it is ensured that trusted third party TTP cannot know the content of original text.Follow-up participant checks corresponding with original text
Hash function quantity of state ψ0With original text m0Whether match, to avoid first participant Alice or trusted third party TTP from sending out
Send a hash function quantity of state ψ for the original text of falseness0.By in trusted third party TTP and each participant in the specific example
Between share quantity of state ψ, based on the thought of Distributed Calculation hash function, collaboration completes the target of fair contract signature.
Specific example three
It is that the relevant information based on hash function quantity of state is passed to credible the with each participant in the specific example
After tripartite, next participant is passed to by trusted third party TTP, and illustrated as a example by VES signatures.
In the scheme of above-mentioned specific example one, digital signature result δ is delivered in the interacting of each participant and TTPX, such as
Fruit attacker obtains δ by means such as Network SniffingsX, or δXRevealed by the back-stage management personnel malice of TTP, may destruction public affairs
The target of flat contract signature.
Accordingly, in this specific example, signed (VES) by introducing Verifiable Encryptosystem, to solve each participant and TTP's
Digital signature result δ is delivered in interactionXProblem, further to improve the safety during the fair signature of electronic contract
Property.
In the specific example, it is assumed that user Alice, Bob and Charlie are ensured by other channels (such as E-mail)
Each side all holds identical PDF document m0.The digital signature method based on multiple party signatures in the specific example is shown in Fig. 9
During carrying out electronic contract signature, the schematic flow sheet of the interaction of each participant and trusted third party TTP.
As shown in figure 9, in the specific example, during the fair signature of electronic contract, in order to reach the conjunction of justice
With the purpose of signature, Alice, Bob, Charlie perform following agreement:
Step S901:Alice signature original documents m0, it is first determined oneself needs increased content m 'AWith m "A, and calculate
Eap-message digestThen digital signature is calculatedThen calculate
VES signature resultsAnd by safe lane by message (m0,m′A,ΛAlice,
m″A) it is sent to TTP.
Step S902:The VES private keys that trusted third party TTP is stored using it, from the VES signatures Λ of AliceAliceMiddle decryption
Obtain the common signature δ of AliceAlice, then synthesize document DA=(m0,m′A,δAlice,m″A) and store.TTP checkings Alice is signed
Name δAliceValidity, exited if authentication failed;If checking signature δAliceEffectively, TTP calculates document DACorresponding Kazakhstan
Uncommon function status amount ψA=Hi(ζ).Hu(DA), then by safe lane by message (m 'A,m″A,ψA) it is sent to Bob.
Step S903:Bob checks m 'AWith m "A, determine that oneself needs increased content m 'BWith m "B.Now, Bob
Document D can conceptually be synthesizedA=(m0,m′A,δAlice,m″A), although Bob there is no δAliceAnd can not be real
Border synthesizes DA, but Bob obtains document D from TTPACorresponding quantity of state ψA, so as to calculate cryptographic HashThe digital signature that digital signature computing obtains Bob is performed afterwardsThen VES signature results are calculated
And by safe lane by message (m 'B,ΛBob,m″B) it is sent to TTP.
Step S904:The VES private keys that TTP is stored using it, from the VES signatures Λ of BobBobMiddle decryption obtains the common of Bob
Signature δBob, then synthesize document DB=(DA,m′B,δBob,m″B), checking Bob signatures δBobValidity, if authentication failed
Exit;If checking signature δBobEffectively, TTP is to document DBCalculate quantity of state ψB=Hi(ζ).Hu(DB), then by safe lane
By message (m 'A,m″A,m′B,m″B,ψB) it is sent to Charlie.
Step S905:Charlie checks m 'A、m″A、m′B、m″B, it is then determined that oneself needs increased content m 'CWith m "C。
Now, Charlie can conceptually synthesize document DB=(DA,m′B,δBob,m″B), although Charlie there is no δBobAnd
D can not actually be synthesizedB, but Charlie obtains document D from TTPBCorresponding quantity of state ψB, so as to calculate cryptographic HashThe digital signature that digital signature computing obtains Charlie is performed afterwardsThen VES signature results are calculated
And by safe lane by message (m 'C,ΛCharlie,m″C) it is sent to TTP.
Step S906:The VES private keys that TTP is stored using it, from the VES signatures Λ of CharlieCharlieMiddle decryption is obtained
The common signature δ of CharlieCharlie, then synthesize document DC=(DB,m′C,δCharlie,m″C), verify the signature of Charlie
δCharlie.By D after being verifiedCAlice, Bob and Charlie are sent to, contract signature is completed, otherwise exited.
In the implementation procedure of the specific example, VES signature results are sent to trusted third party TTP by each participant, by
Trusted third party TTP decryption VES signatures obtain signature original text δX, and verify the validity of signature original text.At the same time, credible
Tripartite TTP assists each participant to calculate quantity of state ψ, and passes to next participant, realizes Distributed Calculation Hash letter
Number.In the specific example, due to not over safe lane transmission signature original text δX, therefore, even if attacker passes through network
The means such as sniff obtain δXCiphertext, will not also destroy the target of fair contract signature, further increase electronic contract signature
During security, and ensure that electronic contract signature during fairness.
In an application example of the specific example, trusted third party TTP can will extract the private key (VES of VES signatures
Private key) store inside the safety means such as cipher machine, and implement rational control of authority measure inside TTP so that possess
The other back-stage management personnel of higher security level can safe operation equipment, further to reduce the wind internaled attack from TTP
Danger, further improves the security during electronic contract signature.
Specific example four
In the specific example, be on the basis of specific example one, will be based on hash function quantity of state with each participant
Relevant information pass to trusted third party after, next participant is passed to by trusted third party TTP, and to original contract text
This m0Be encrypted, at the same by introduce Verifiable Encryptosystem sign (VES) as a example by illustrate, to avoid trusted third party from obtaining
Contract text content while, it is to avoid deliver digital signature result δ in the interacting of each participant and TTPXProblem, to enter
One step provides the security and fairness during electronic contract signature.
In the specific example, it is assumed that user Alice, Bob and Charlie are ensured by other channels (such as E-mail)
Each side all holds identical PDF document m0.The digital signature method based on multiple party signatures in the specific example is shown in Fig. 9
During carrying out electronic contract signature, the schematic flow sheet of the interaction of each participant and trusted third party TTP.
As shown in Figure 10, in the specific example, during the fair signature of electronic contract, user Alice, Bob,
Charlie performs following agreement:
Step S1000:Multi-party key agreement agreement is performed between Alice, Bob and Charlie (such as the group based on DH agreements
Key agreement protocol) so that each side all holds identical shared key Kpre。
Step S1001:Alice signature PDF documents m0, it is first determined oneself needs increased content m 'AWith m "A, calculate shape
State amount ψ0=Hi(ζ).Hu(m0), further calculate quantity of state ψA=Hi(ζ).Hu(m0).Hu(m ', m "), then calculates eap-message digestAnd digital signatureThen VES is calculated to sign
Name resultThen Alicce uses shared key KpreOriginal text is added
It is close, obtain ciphertext c0=Encrypt (m0,Kpre), any and shared key K may be used hereinpreThe AES for matching
(such as DES, 3DES, AES, SM4).Alice is by safe lane message (c0,ψ0,m′A,ΛAlice,m″A) it is sent to TTP.
Step S1002:The VES private keys that TTP is stored using it, from the VES signatures Λ of AliceAliceMiddle decryption obtains Alice
Common signature δAlice, then conceptually synthesize PDF document DA=(m0,m′A,δAlice,m″A), then verify Alice signatures
δAliceValidity.In order to verify signature δAliceValidity, TTP must calculate summary infoBy
Shared key K is not held in TTPpre, therefore TTP can not possibly obtain original text m by decrypting0And calculateBut the ψ that TTP can send according to Alice really0The state of local hash function is reinitialized,
Then calculateAnd then verify signature δAliceValidity.If checking is signed
Name δAliceFailure is then exited;If checking signature δAliceEffectively, TTP calculates document DA=(m0,m′A,δAlice,m″A) corresponding
Quantity of state ψA=ψ0.Hu(m′A,δAlice,m″A), then by safe lane by message (m 'A,m″A,ψ0,ψA) it is sent to Bob.
Step S1003:Bob checks m 'AWith m "A, and check ψ0With original text m0Whether match, exited if mismatching.
If ψ0With original text m0Match, Bob determines that oneself needs increased content m 'BWith m "B.Now, Bob can be closed conceptually
Into PDF document DA=(m0,m′A,δAlice,m″A), although Bob there is no δAliceAnd can not actually synthesize DABut, Bob from
TTP obtains document DACorresponding quantity of state ψA, so as to calculate cryptographic Hash
The digital signature that digital signature computing obtains Bob is performed afterwardsThen VES is calculated
Signature resultAnd by safe lane by message (m 'B,ΛBob,m″B) give
TTP。
Step S1004:The VES private keys that TTP is stored using it, from the VES signatures Λ of BobBobMiddle decryption obtains Bob
Common signature δBob, then conceptually synthesize PDF document DB=(DA,m′B,δBob,m″B), then verify Bob signatures
δBobValidity.In order to verify signature δBobValidity, TTP must calculate summary infoShared key K is not held due to TTPpre, therefore TTP is not
Original text m may be obtained by decrypting0And calculateBut TTP really may be used
With the ψ sent according to Alice0The state of local hash function is reinitialized, is then calculatedAnd then verify signature δBobIt is effective
Property.If checking signature δBobFailure is then exited;If checking signature δBobEffectively, TTP calculates document DBCorresponding quantity of state ψB=
ψ0.Hu(m′A,δAlice,m″A,m′B,δBob,m″B), then by safe lane by message (m 'A,m″A,m′B,m″B,ψB) be sent to
Charlie。
Step S1005:Charlie checks m 'A、m″A、m′B、m″B, and check ψ0With original text m0Whether match, if not
Matching is then exited.If ψ0With original text m0Match, Charlie is it is then determined that oneself needs increased content m 'CWith m "C.This
When, Charlie can conceptually synthesize PDF document DB=(DA,m′B,δBob,m″B), although Charlie there is no δBobAnd
D can not actually be synthesizedB, but Charlie obtains document D from TTPBCorresponding quantity of state ψB, so as to calculate cryptographic HashThe digital signature that digital signature computing obtains Charlie is performed afterwardsThen VES signature results are calculated
And by safe lane by message (m 'C,ΛCharlie,m″C) give TTP.
Step S1006:The VES private keys that TTP is stored using it, from the VES signatures Λ of CharlieCharlieMiddle decryption is obtained
The common signature δ of CharlieCharlie, then conceptually synthesize PDF document DC=(DB,m′C,δCharlie,m″C), then verify
Charlie signatures δCharlieValidity.In order to verify signature δCharlieValidity, TTP must calculate summary infoBecause TTP does not hold shared key
Kpre, therefore TTP can not possibly obtain original text m by decrypting0And calculateBut what TTP can send according to Alice really
ψ0The state of local hash function is reinitialized, is then calculated
And then verify signature δCharlieValidity.If checking signature δCharlieFailure is then exited;If checking signature δCharlieInto
Work(, TTP synthesis document T=(m 'A,δAlice,m″A,m′B,δBob,m″B,m′C,δCharlie,m″C), then by safe lane by text
Shelves T is sent respectively to Alice, Bob and Charlie.
Step S1007:Alice, Bob and Charlie are respectively synthesized final document DC=(m0, T), complete contract signature.
It is each to participate in the case of only needing to interact once between each participant and TTP in the scheme of this specific example
Side can form the consistent PDF document signed.Because TPP assists to calculate the quantity of state ψ of hash function so that multi-party public
During flat contract signature, the entity (participant) signed afterwards can be generated in the case where previous signatures are not known and meet PDF
The digital signature of document specification.
Scheme in this specific example has reached the target of fair contract signature, and for each participant, is obtaining
Final document DCBefore, the digital signature information of other each participants is not obtained, therefore contract signs shifting to an earlier date for process
Exit, each participant is not all influenceed.Because final document DCIt is that each participant is sent to by trusted third party TTP
, therefore, if a participant has obtained final document DC, other each participants have also necessarily obtained the final document DC.Separately
On the one hand, the mode in the specific example extends also to situation of the participant more than 3 people.For pnIndividual participant, each
Participant is generally to send a message to TTP, receives message (wherein one time message is final contract), total communication twice
Number of times be about 3pnIt is secondary.
Additionally, in this specific example, first participant Alice is by original text m0The credible 3rd is just sent to after encryption
Square TTP, it is ensured that trusted third party TTP cannot know the content of original text.Follow-up participant is both needed to inspection state amount ψ0With original text m0It is
It is no to match, to avoid first participant Alice or trusted third party TTP from sending a quantity of state ψ for falseness0, to enter
One step improves the security during electronic contract signature.
Accordingly, the scheme in this specific example is between trusted third party TTP and each participant by sharing quantity of state ψ,
Based on the thought of Distributed Calculation hash function, collaboration completes the target of fair contract signature.
On the other hand, in the scheme of the specific example, each participant is that VES signature results are sent into trusted third party
TTP, signature original text δ is obtained by trusted third party TTP decryption VES signaturesX, and verify signature original text δXValidity.It is same with this
When, trusted third party TTP assists each participant to calculate quantity of state ψ, and passes to next participant, realizes distributed meter
Calculate hash function.Due to not over safe lane transmission signature original text δXEven if attacker is obtained by means such as Network Sniffings
Obtain δXCiphertext, will not also destroy the target of fair contract signature, further increase the security of the fair signature of electronic contract.
In an application example of the specific example, trusted third party TTP can will extract the private key storage of VES signatures
Inside the safety means such as cipher machine, and implement rational control of authority measure inside TTP so that possess higher security level
Other back-stage management personnel can safe operation equipment, so as to further reduce the risk internaled attack from TTP.
Specific example five
In the specific example, it is next to be that the relevant information for being directly based upon hash function quantity of state with each participant is passed to
After individual participant, the message that trusted third party TTP need to only receive the transmission of last participant carried out as a example by verification process
Explanation.
In the scheme of above-mentioned specific example one to specific example four, it is all based on being illustrated as a example by TTP in line, in base
In the scheme of TTP in line, trusted third party TTP will be interacted with each participant, and the number with participant increases,
Interactive number of times can also increase therewith.In the scheme of the specific example, by introducing " online (Online) " TTP, to reduce
Signer's (participant) and the interaction times of trusted third party TTP." online (Online) " TTP be each signer each time
Signature does not need trusted third party TTP to assist, and per sub-congruence, signature only needs to last signer's (last participant)
Interacted once with trusted third party TTP.
Accordingly, in the scheme of the specific example, by reducing the interaction times of signer and TTP, the signature per sub-congruence
Only need to last signer to be interacted with TTP once, and can form a consistent between each signer simultaneously
There is the PDF document that each side signs.
In the specific example, it is assumed that user Alice, Bob and Charlie are ensured by other channels (such as E-mail)
Each side all holds identical PDF document m0.The digital signature side based on multiple party signatures in the specific example is shown in Figure 11
During method carries out electronic contract signature, the schematic flow sheet of the interaction of each participant and trusted third party TTP.
As shown in figure 11, in the specific example, during the fair signature of electronic contract, in order to reach the conjunction of justice
With the purpose of signature, user Alice, Bob, Charlie perform following agreement:
Step S1101:Alice signs original PDF document m0, it is first determined oneself needs increased content m 'AWith m "A, and
Calculate eap-message digestThen digital signature is calculatedSynthesis
PDF document DA=(m0,m′A,δAlice,m″A), afterwards to document DACalculate quantity of state ψA=Hi(ζ).Hu(DA).Then Alice is counted
Calculate VES signature resultsConstruction message mA=(m0,m′A,ΛAlice,m″A,
ψA), calculate mADigital signatureSend information signature pairTo Bob.
Step S1102:Bob verifies the digital signature of AliceWith VES signatures ΛAlice.If authentication failed, exit and hold
Row agreement.If be proved to be successful, Bob determines that oneself needs increased content m 'BWith m "B.Now, Bob can conceptually synthesize
PDF document DB=(DA,m′B,δBob,m″B).Although Bob can not actually synthesize the DB, but Bob can send out according to Alice really
The ψ for sendingAThe state of local hash function is reinitialized, ψ is then calculatedB=ψA.Hu(m′B,m″B)=Hi(ζ).Hu(DA).Hu
(m′B,m″B), obtain the quantity of state ψ of BobB.With this simultaneously, Bob can also calculate cryptographic Hash
The digital signature that digital signature computing obtains Bob is performed afterwardsThen Bob is calculated
VES signature resultsConstruction message mB=(m0,m′B,ΛBob,m″B,ψB), meter
Calculate mBDigital signatureSend information signature pairTo Charlie.
Step S1103:Charlie verifies the digital signature of AliceWith VES signatures ΛAlice, the numeral label of checking Bob
NameWith VES signatures ΛBob.Notice to verify ΛBob, Charlie need calculateThis needs basis
Quantity of state ψATo calculate, its calculating process is identical with the calculating process of Bob.If authentication failed, execution agreement is exited.If tested
Demonstrate,prove successfully, Charlie determines that oneself needs increased content m 'CWith m "C.Now, Charlie can conceptually synthesize PDF texts
ShelvesAlthough Charlie can not actually synthesize the DC, but Charlie really can be according to Bob
The ψ of transmissionBThe state of local hash function is reinitialized, ψ is then calculatedC=ψB·Hu(m′C,m″C)=Hi(ζ).Hu(DA,
DB).Hu(m′C,m″C), obtain the quantity of state ψ of CharlieC.At the same time, Charlie can also calculate cryptographic HashThe digital signature that digital signature computing obtains Charlie is performed afterwardsThen Charlie calculates VES signature resultsConstruction message mC=(m0,m′C,ΛCharlie,m″C,ψC), calculate mC's
Digital signatureSend information signature pairTo TTP.
Step S1104:TTP is verifiedIn include all participants VES signature whether
Correctly, agreement is continued executing with if correct, is otherwise exited.The Hash operation that TTP checkings VES needs when signing is signed according to each
The process that famous person is similar to is completed.Afterwards, the VES private keys that TTP is stored using it, from the VES signatures Λ of AliceAliceMiddle decryption is obtained
Obtain the common signature δ of AliceAlice, construct D 'A=(m0,m′A,δAlice,m″A), obtain D 'AQuantity of state ψ 'A=Hi(ζ).Hu
(D′A), then compare ψ 'AWith mAIn ψAIt is whether consistent, verify ψACorrectness.By that analogy, ψ is verifiedBAnd ψCCorrectness.
If being entirely correct, TTP indicates Alice, can continue executing with agreement, i.e., sending an agreement to first participant holds
Row message.After TTP is obtained, in the script that TTP storages are received to database.
Step S1105:Alice sends the digital signature result δ of oneselfAliceTo Bob.
Step S1106:Bob verifies δAlice, the digital signature result of each participant before being sent after being verified
δAliceAnd the digital signature result δ of oneselfBobTo Charlie, otherwise demand for arbitration.
Step S1107:The digital signature δ of each participant before Charlie checkingsAlice、δBob, synthesize after being verified
Final contract, and final contract is returned to a upper participant Bob, otherwise demand for arbitration.
Step S1108:After Bob receives the final contract that Charlie is returned, final contract is verified, forwarded after being verified
To a upper participant Alice, otherwise demand for arbitration.
Step S1109:Alice receives Bob and returns to final contract, and verifies final contract, is required if validation failure
Arbitration.
As described above, in the implementation procedure of above-mentioned specific example, any participant can require secondary at any time
Cut out.In an application example, arbitral agreement can do following setting.
Assuming that participant X requirements are arbitrated, when needing to be arbitrated, participant X submits original contract text to TTP
m0Request arbitration.Trusted third party TTP checks the entry in database, if being implicitly present in m0, just signed from the VES of each bar message
Recover common signature in name, contact all participants, the final PDF document signed containing each side is sent to all participants.
On the other hand, trusted third party TTP can set a longest term for contract signing, such as one month, and
The corresponding Telescript of the contract is preserved in database.When the Telescript goes beyond the time limit, trusted third party can delete automatically
Except script, to avoid increasing without limitation for database.
Based on the multi-party Fair contract signing protocol based on " online " TTP in this specific example, effect is preferably balanced
Rate and fairness, even if in the case where participant is more than three, even the quantity of participant is than larger, it is also possible to above-mentioned association
View implementation procedure carries out ordinary extension.
In a concrete application example, each participant can also be comprising original in being sent to the message of trusted third party TTP
Literary m0, but comprising original text m0Corresponding quantity of state ψ0.Now, trusted third party TTP and other participants are required to utilize shape
State amount ψ0To calculate summary info.When certain participant is demanded for arbitration, the participant should submit shape corresponding with original text to TTP
State amount ψ0。
In another application mode of the specific example, after above-mentioned steps S1104, trusted third party TTP can be with
Recover the VES signatures of all participants, construct the complete document comprising all participants signature, and be sent to all participations
Side.Such that it is able to avoid all participants from performing the second wheel interaction, the efficiency that agreement is performed further is improved.
In another application mode of the specific example, when broadcast channel is allowed, each participant can also be needed only
A message is broadcasted, the signal of trusted third party TTP is waited, it is each wide again when the signal of trusted third party TTP is received
The actual signature value of oneself is broadcast once, final contract text then can be synthesized by trusted third party, held with further lifting
Line efficiency.
Need not be obtained in another applies example, or in business scenario comprising signature original text δX(for example
The validity of VES signatures is verified using self-defined PDF readers, the PDF document without obtaining reference format), it is credible
Third party TTP can only recover signature original text δ when certain participant initiates arbitration processX, and performing fair contract signature
Stage do not allow then using recover signature original text private key.In the case, trusted third party TTP can implement tightened up
Control of authority measure, the private key that limitation recovers signature original text can only be used in arbitration process, further be evaded from inside
The attack of administrative staff.
Scheme, the number based on multiple party signatures of the data summarization based on the determination message in each specific example as described above
The scheme of word signature, and the fair scheme signed of electronic contract on this basis, electricity is calculated by participant or TTP
The corresponding hash function quantity of state ψ of sub- contract documents, and shared to other participants or TTP so that each participant or
Person TTP can construct virtual file, and the summary info of file to be signed is calculated by hash function quantity of state ψ, so that
Complete the process of sequential signature.Mechanism based on above-mentioned Distributed Calculation hash function, it is possible to achieve by TTP storage participants
Digital signature, without being sent to follow-up participant, realizes the target of the fair signature of electronic contract.Can also be by between each participant
Signed using VES and complete fair signature, and each participant can under conditions of it there is no other participant digital signature original texts
To complete the signature process of oneself, the target of the fair signature of electronic contract is reached.Based on above-mentioned Distributed Calculation hash function
Mechanism, can also realize encrypting electronic contract initial data, and TTP, can under conditions of electronic contract initial data is not known
To assist each participant to complete the fair signature of electronic contract, so as to ensure that the privacy of electronic contract file.All above-mentioned electricity
Sub- contract encryption and the flow of fair signature, may ensure that produced electronic contract file meets PDF document for multi-party
The call format of digital signature.
Based on thought same as mentioned above, the embodiment of the present invention also provide determine message data summarization system,
Digital signature system based on multiple party signatures, according to the digital signature system based on multiple party signatures, so as to realize based on multi-party label
The fair signature of the electronic contract of name.
Figure 12 shows the structural representation of the system of the data summarization of the determination message in one embodiment.Such as Figure 12 institutes
Show, the system of the data summarization of the determination message in the embodiment includes:
Data obtaining module 121, the quantity of state for obtaining pending message and hash function;
First initialization module 122, for the quantity of state according to the hash function, is calculated using the initialization of hash function
Method carries out initialization operation, initializes the context of hash function computing;
Quantity of state output module 123, it is defeated for the context of hash function computing to be carried out as hash function quantity of state
Go out;
Terminate processing module 124, for the end operation of the end algorithm performs hash function using hash function, obtain
The summary info of the pending message.
Based on the scheme of embodiment as described above, its by it is determined that message data summarization when, obtaining Hash letter
After the context of number computing, exported the context of hash function computing as hash function quantity of state, so as in electronics
When being digitally signed during contract signature, by the corresponding hash function state of the electronic contract file for determining signature
Amount, can calculate data summarization to be signed documents, and the hash function state based on the hash function quantity of state
Amount can also share to other participants or trusted third party so that other participants or trusted third party can be based on should
Hash function quantity of state constructs virtual file, so as to complete the process of sequential signature, and can meet the electronics of final generation
Contract documents meets call format of the PDF document for multiple party digital signatures.
Wherein, the quantity of state of above-mentioned hash function can include:The information of the register group of Hash operation, and last
The information of individual still untapped input data piecemeal.
In a specific example, as shown in figure 12, the system in the embodiment can also include:
Information updating module 1223, for the quantity of state based on hash function, using the information updating algorithm of hash function
Information updating operation is carried out to pending message, the context of the hash function computing after being updated.
Now, above-mentioned quantity of state output module 123, is using the context of the hash function computing after renewal as Hash letter
Number state amount is exported.
In a specific example, information updating module 1223 can be using the information updating algorithm of hash function, to institute
At least one data slot for stating pending message performs the information updating operation.
The system of the data summarization for determining message as described above, can apply to the digital signature based on multiple party signatures
System, to export the quantity of state of hash function, and then the Hash letter based on output during the data summarization of message is calculated
Number state amount is digitally signed, and then the signature of multiparty electronic contract is carried out based on multiple party signatures.
Figure 13 shows the structural representation of the digital signature system based on multiple party signatures in one embodiment, the implementation
In example illustrated by taking the system of participant application as an example.As shown in figure 13, the number based on multiple party signatures in the embodiment
Word signature system includes;
File acquisition module 131, waits to sign documents for obtaining or constructing;
First state amount determining module 132, for determining and waiting the corresponding hash function quantity of state that signs documents;
Second initialization module 133, for according to the hash function quantity of state, initializing the upper and lower of hash function computing
Text;
Summary determining module 134, for the end operation of the end algorithm performs hash function using hash function, obtains
The data summarization to be signed documents;
Digital Signature module 135, for performing digital signing operations according to the data summarization to be signed documents, obtains
Digital signature result.
The hash function quantity of state obtained in above-described embodiment scheme, can be based on document or the mode of message transmission is passed
Other participants are passed, to complete the transmission of information, and then the signature of the electronic contract based on multiple party signatures is completed accordingly.
It is now, above-mentioned to wait to sign documents when above-mentioned current participant is first participant in an application example
Can be original data to be signed documents.Now, first state amount determining module 132 determine with wait the corresponding Kazakhstan that signs documents
Uncommon function status amount, can calculate the corresponding with original data to be signed documents of acquisition according to original data to be signed documents
Hash function quantity of state (carries out area for ease of hash function quantity of state corresponding with the file of the interpolation data for having current participant
Point, the first hash function quantity of state is referred to as in following each embodiments).Now, with wait the corresponding hash function state that signs documents
Measure as the first hash function quantity of state.That is, first state amount determining module 132 is according to the original data meter to be signed documents
Calculate and obtain the first hash function quantity of state corresponding with the original data to be signed documents;With wait the corresponding Hash that signs documents
Function status amount is the first hash function quantity of state.
In a concrete application example, as shown in figure 13, the signature system that should be based on multiple party signatures can also include:Add
Plus data acquisition module 1311, for obtaining current participant to the interpolation data to be signed documents.
Now, it is above-mentioned to wait the interpolation data obtained including interpolation data acquisition module 1311 that signs documents.Current
It is above-mentioned to wait to sign documents including original data to be signed documents and the interpolation data when participant is first participant.
In the case, the hash function quantity of state that above-mentioned first state amount determining module 132 determines is to including described
The described of interpolation data waits the hash function quantity of state for calculating and obtaining that signs documents.
Wherein, when current participant is first participant, first state amount determining module 132 is calculated and obtained and institute
State the corresponding first hash function quantity of state of original data to be signed documents;According to the first hash function quantity of state, described
Interpolation data determines the second hash function quantity of state.Now, above-mentioned is institute with corresponding hash function quantity of state of waiting to sign documents
State the second hash function quantity of state, above-mentioned second initialization module 133 can be according to the second hash function quantity of state, just
The context of beginningization hash function computing.
Wherein, determine to obtain data summarization to be signed documents based on above-mentioned hash function quantity of state, obtain digital signature
After result, related hash function quantity of state or the relevant information based on hash function quantity of state can be based on credible the
Tripartite TTP passes to next participant, it is also possible to be directly passed to next participant.In transmittance process, can also tie
Different modes are closed, such as the encryption of the shared key of each participant, VES signatures are carried out.Specifically show below in conjunction with wherein several
Example is illustrated.
Figure 14 is the structural representation of the digital signature system based on multiple party signatures in a specific example.This specifically shows
In example illustrated by taking the system (apply in other words, be arranged on the system of participant) that participant is used as an example, and be each ginseng
After the relevant information based on hash function quantity of state is passed into trusted third party with side, passed to down by trusted third party TTP
One participant.
As shown in figure 14, on the basis of system shown in Figure 13, the system in the example can also include;
Document creation module 141, for when the current participant is first participant, by the digital signature knot
Wait document after the middle current participant digital signature of acquisition that signs documents described in being really added to, and the current participant numeral is signed
Document sends to trusted third party after name.
In an application example, as shown in figure 14, the system in the specific example can also include:
First message sending module 142, for when the current participant is not first participant, to described credible
Third party sends the second upstream message, and second upstream message includes the digital signature result, or, described second is up
Message includes the interpolation data of the digital signature result and current participant.
In an application example, as shown in figure 14, the system in the specific example can also include:
First Document Creator Module 143, sends out for receiving trusted third party after being verified to last participant
The final signature synthesis document for sending.
In an application example, as shown in figure 14, the system in the specific example can also include:
First message receiver module 144, the downstream message for receiving trusted third party TTP transmissions, in the current ginseng
During with not being just first participant, the downstream message includes the hash function quantity of state, or, the downstream message bag
Include the hash function quantity of state and before each participant to the interpolation data to be signed documents, the hash function
Quantity of state is to wait the corresponding hash function quantity of state that signs documents with after upper participant signature, each participant bag before
Include the previous participant.
Now, above-mentioned file acquisition module 131, can wait to sign documents according to downstream message construction, this
When, it is described that to wait to sign documents be virtual file.
Figure 15 shows the structural representation of the digital signature system based on multiple party signatures in second specific example.Should
It is to be illustrated by taking the system (apply in other words, be arranged on the system of participant) that participant is used as an example in specific example, and
It is after the relevant information based on hash function quantity of state is passed to trusted third party by each participant, to be passed by trusted third party TTP
Next participant is passed, and the shared key based on each participant is encrypted to original data to be signed documents.
As shown in figure 15, on the basis of the system shown in Figure 13, the system in the example can also include;
Shared key encrypting module 151, for when the current participant is first participant, using each participant
The shared key of negotiation to it is described wait to sign documents be encrypted, wait to sign documents after being encrypted;
First message sending module 152, for when the current participant is first participant, to trusted third party
Send the first upstream message, the first upstream message includes waiting after the encryption signing documents, the first hash function quantity of state,
And the digital signature result, or, the first upstream message includes waiting to sign documents after the encryption, the first Hash letter
The interpolation data of number state amount, the digital signature result and current participant.
Now, when current participant is first participant, above-mentioned first state amount determining module 132 is to calculate to obtain
The first hash function quantity of state corresponding with the original data to be signed documents;According to the first hash function state
Amount, the interpolation data determine the second hash function quantity of state.
In an application example, as shown in figure 15, the system in the specific example can also include:
Second Document Creator Module 153, sends out for receiving trusted third party after being verified to last participant
The initial signature synthesis document for sending, the initial signature synthesis document is the trusted third party based on the numeral to each participant
The synthesis document that signature result determines;
First final document synthesis module 154, for the data original to be signed documents, described initial stored according to itself
The final signature synthesis document of signature synthesis document synthesis.
In an application example, as shown in figure 15, the system in the specific example can also include:
First message receiver module 155, the downstream message for receiving trusted third party's transmission, in the current participant
When not being first participant, the downstream message includes the hash function quantity of state and the first hash function quantity of state,
Or, the downstream message includes the hash function quantity of state, the first hash function quantity of state and each participant pair before
The interpolation data to be signed documents, the hash function quantity of state is corresponding with the file that previous participant was signed
The quantity of state of hash function, the first hash function quantity of state is hash function corresponding with original data to be signed documents
Quantity of state, each participant before includes the previous participant.
In the case, as shown in figure 15, the system in the specific example can also include:
Quantity of state authentication module 156, for the data original to be signed documents stored according to itself, to the downstream message
In the first hash function quantity of state verified.
Figure 16 shows the structural representation of the digital signature system based on multiple party signatures in the 3rd specific example.Should
It is to be illustrated by taking the system (apply in other words, be arranged on the system of participant) that participant is used as an example in specific example,
VES signatures have been carried out in information exchanging process to lift security.
As shown in figure 16, on the basis of the system shown in Figure 13, the system in the example can also include;
VES signature blocks 161, for carrying out VES signature treatment to the digital signature result, obtain VES signature results.
In an application example, as shown in figure 16, the system in the specific example can also send including first message
Module 162.
Wherein, when current participant is first participant, above-mentioned first message sending module 162, for credible
Third party sends the first upstream message, and first upstream message includes the VES signature result and original number to be signed documents
According to.In the case where current participant with the addition of data, first upstream message can also include the addition number of current participant
According to i.e. the first upstream message includes the addition number of VES signatures result, original data to be signed documents and current participant
According to.
On the other hand, when current participant is not first participant, above-mentioned first message sending module 162 is used for
The second upstream message is sent to trusted third party, second upstream message includes VES signature results.Add in current participant
In the case of having added data, second upstream message can also include the interpolation data of current participant, i.e. the second upstream message
Interpolation data including VES signature results and current participant.
In an application example, as shown in figure 16, the system in the specific example can also include:
First Document Creator Module 163, sends out for receiving trusted third party after being verified to last participant
The final signature synthesis document for sending.
In an application example, as shown in figure 16, the system in the specific example can also include:
First message receiver module 164, the downstream message for receiving trusted third party's transmission, in the current participant
When not being first participant, the downstream message includes the hash function quantity of state, or, the downstream message includes institute
State hash function quantity of state and before each participant to the interpolation data to be signed documents, the hash function state
Amount is to wait the corresponding hash function quantity of state that signs documents with after upper participant signature, and each participant before includes institute
State previous participant.
Now, above-mentioned file acquisition module 131, can wait to sign according to the downstream message is conceptually constructed
File, described to wait to sign documents be virtual file.
Figure 17 shows the structural representation of the digital signature system based on multiple party signatures in the 4th specific example.Should
It is to be illustrated by taking the system (apply in other words, be arranged on the system of participant) that participant is used as an example in specific example, base
Original data to be signed documents are encrypted in the shared key of each participant, VES label have been carried out in information exchanging process
Name is lifting security.
As shown in figure 17, on the basis of the system shown in Figure 13, the system in the example can also include;
VES signature blocks 171, for when the current participant is first participant, to the digital signature knot
Fruit carries out VES signature treatment, obtains VES signature results;
Shared key encrypting module 172, for when the current participant is first participant, using each participant
The shared key of negotiation to it is described wait to sign documents be encrypted, wait to sign documents after being encrypted.
In one application example, as shown in figure 17, the system in the specific example can also include that first message sends mould
Block 173.
Wherein, when the current participant is first participant, the first message sending module 173, for can
Letter third party sends the first upstream message, and the first upstream message includes waiting to sign documents after the encryption, the first Hash letter
Number state amount and VES signature results.In the case where current participant with the addition of data, first upstream message is also
The interpolation data of current participant can be included, i.e. the first upstream message includes waiting to sign documents after the encryption, described first
The interpolation data of hash function quantity of state, VES signature results and current participant.
Wherein, when current participant is not first participant, the first message sending module 173, for credible
Third party sends the second upstream message, and the second upstream message includes VES signature results.Data are with the addition of in current participant
In the case of, second upstream message can also include the interpolation data of current participant, i.e. the second upstream message includes described
The interpolation data of VES signature results and current participant.
In one application example, as shown in figure 17, the system in the specific example can also include:
Second Document Creator Module 174, sends out for receiving trusted third party after being verified to last participant
The initial signature synthesis document for sending, the initial signature synthesis document is the trusted third party based on the numeral to each participant
The synthesis document that signature result determines;
First final document synthesis module 175, for the data original to be signed documents, described initial stored according to itself
The final signature synthesis document of signature synthesis document synthesis.
In one application example, as shown in figure 17, the system in the specific example can also include:
First message receiver module 176, the downstream message for receiving trusted third party's transmission, in the current participant
When not being first participant, the downstream message includes the hash function quantity of state and the first hash function quantity of state,
Or, the downstream message includes the hash function quantity of state, the first hash function quantity of state and each participant pair before
The interpolation data to be signed documents, the hash function quantity of state is corresponding with the file that previous participant was signed
The quantity of state of hash function, the first hash function quantity of state is hash function corresponding with original data to be signed documents
Quantity of state, each participant before includes the previous participant.
In the case, as shown in figure 17, the system in the example can also include:
Quantity of state authentication module 177, for the data original to be signed documents stored according to itself, to the downstream message
In the first hash function quantity of state verified.
Figure 18 shows the structural representation of the digital signature system based on multiple party signatures in the 5th specific example.Should
It is to be illustrated by taking the system (apply in other words, be arranged on the system of participant) that participant is used as an example in specific example, and
It is that each participant is directly based upon after the relevant information of hash function quantity of state passes to next participant, trusted third party TTP
The message that the transmission of last participant need to only be received carries out verification process.
As shown in figure 18, on the basis of the system shown in Figure 13, the system in the example can also include;
Document creation module 181, for by the digital signature result be added to it is described wait to sign documents middle obtain current
Document after participant digital signature.
Document status amount determining module 182, the hash function state for determining document after current participant digital signature
Amount.
VES signature blocks 183, for carrying out VES signature treatment to the digital signature result, obtain VES signature results.
Message constructing module 184, for based on the hash function quantity of state of document after the current participant digital signature,
VES signatures result and the current participant signature information of original data configuration to be signed documents;In a concrete application,
In the case where current participant with the addition of data, the current participant signature information can also include the addition of current participant
Data.
Information signature computing module 185, the information signature for calculating the current participant signature information.
Signature information to sending module 186, for sending signature information pair, the signature information pair to next participant
The first signature information pair including the current participant, first signature information to including current participant signature information,
The information signature of current participant signature information.Wherein, when current participant is not first participant, above-mentioned signature information
To the signature information pair of each participant before can also including.
In one application example, as shown in figure 18, the system in the specific example can also include:
First signature information is to receiver module 187, the signature information pair for receiving upper participant transmission, upper one
The signature information that participant sends is to including:The signature information pair of each participant before current participant, before each participant
Signature information to including the signature information of each participant before, the information signature of each participant signature information before, before respectively
Participant signature information include before the hash function quantity of state of document after each participant digital signature, before each participant
VES signature result and original data to be signed documents.In an application example, data are with the addition of in each participant before
In the case of, the interpolation data of each participant before each participant signature information can also include before.
On this basis, the system in the specific example can also include:
Signature verification module 188, for receiving the label that a participant sends to receiver module in the first signature information
Name message to after, before verifying that signature information centering that a upper participant sends includes the information signature of each participant and
VES signature results.
In one application example, as shown in figure 18, the system in the specific example can also include:
First message receiver module 189, for when the current participant is first participant, receiving the credible 3rd
Side performs message in the information signature for receiving the transmission of last participant to the agreement of rear return;Performed according to the agreement
Message sends the digital signature result of current participant to next participant.
In one application example, as shown in figure 18, the system in the specific example can also include:
Digital signature receives authentication module 1810, for when the current participant is not first participant, receiving
The digital signature result of each participant before that a upper participant sends;Tested in the digital signature result to each participant before
After card passes through, the digital signature result of current participant is sent to next participant.
In one application example, as shown in figure 18, the system in the specific example can also include:
Second final document synthesis module 1811, for when the current participant is last participant, right
After the digital signature result of each participant is verified before, it is determined that final signature synthesis document, and the final signature is synthesized
Document is sent to a participant.
In one application example, as shown in figure 18, the system in the specific example can also include:
Final document returns to module 1812, for when the current participant is not first participant, receiving next
The final signature synthesis document that individual participant sends;And when the current participant is not first participant, this is final
The signature synthesis upward participant of document sends.
The structural representation of the digital signature system based on multiple party signatures in another embodiment is shown in Figure 19, should
It is the system applied with trusted third party TTP in embodiment, system application in other words or is arranged on as a example by trusted third party TTP
Row explanation, and each participant is that the digital signature result of oneself is sent into trusted third party TTP.
As shown in figure 19, the signature system based on multiple party signatures in the embodiment includes:
Second message reception module 191, for receiving the second upstream message that a upper participant sends, on described second
Row message includes the digital signature result of a upper participant;
Second document synthesis module 192, for synthesizing a upper participant digital signature according to second upstream message
Document afterwards;
Second quantity of state determining module 193, for verifying on this after digital signature for participant, calculates one on this
The hash function quantity of state of the document after participant digital signature;
Second message transmission module 194, for sending downstream message to next participant, the downstream message includes upper
The hash function quantity of state of the document after one participant digital signature.
In a concrete application example, above-mentioned second message reception module 192 is additionally operable to receive first participant hair
Document after the first participant digital signature sent, the document after first participant digital signature is waited to sign including original
Administration's file data, the digital signature of first participant.
In a concrete application example, above-mentioned second quantity of state determining module 193 is additionally operable to checking first ginseng
After first digital signature of participant described in the document after square digital signature, calculate first participant numeral and sign
The hash function quantity of state of the document after name.
In a concrete application example, above-mentioned second message transmission module 194 is additionally operable to be sent to next participant
Downstream message, the downstream message includes the hash function quantity of state of the document after first participant digital signature.
In a concrete application example, above-mentioned second message reception module 191 is additionally operable to receive first participant hair
The first upstream message sent, first upstream message includes:The shared key pair that first participant is consulted using each participant
Wait to sign documents after the encryption obtained after signing documents and being encrypted the first Hash corresponding with original data to be signed documents
Function status amount and first digital signature result of participant.
On this basis, in an application example, above-mentioned second document synthesis module 192 is additionally operable to according to described the
One upstream message conceptually synthesizes the document after first participant digital signature.
Now, above-mentioned second quantity of state determining module 193, after being additionally operable to verify first digital signature of participant,
Calculate the hash function quantity of state of the document after first participant digital signature.
On this basis, above-mentioned second message transmission module 194, is additionally operable to send downstream message to next participant,
The downstream message includes:The hash function quantity of state of the document after first participant digital signature and first Hash
Function status amount.
In an application example, as shown in figure 19, the system in the specific example can also include:
3rd final document synthesis module 195, for when a participant is last participant on described, according to
The final signature synthesis document of second upstream message synthesis;And in the digital signature authentication of checking last participant
By rear, the final signature synthesis document is sent to each participant.
In an application example, as shown in figure 19, the system in the specific example can also include:
Original document synthesis module 196, for when a participant is last participant on described, according to described
Second upstream message conceptually synthesizes the document after a participant digital signature, according to a upper participant digital signature
After the digital signature authentication of last participant passes through described in confirmation of secretarial document afterwards, according to the digital signature result of each participant
The initial signature synthesis document of synthesis, and the initial signature synthesis document is sent to each participant, by each participant according to itself
The data original to be signed documents of storage, the initial final signature synthesis document of signature synthesis document synthesis.
The structural representation of the digital signature system based on multiple party signatures in another embodiment is shown in Figure 20, should
It is the system applied with trusted third party TTP in embodiment, system application in other words or is arranged on as a example by trusted third party TTP
Row explanation, and each participant has carried out VES signatures.
As shown in figure 20, the signature system based on multiple party signatures in the embodiment includes:
Second message reception module 201, for receiving the second upstream message that a upper participant sends, on described second
Row message includes the VES signature results of a upper participant;In the case where a upper participant with the addition of data, this is on second
Row message can also include the interpolation data of a upper participant;
VES deciphering modules 202, the upper participation of acquisition is decrypted for the VES signature results to a upper participant
The digital signature result of side;
Second quantity of state determining module 203, for verifying on this after digital signature result for participant, calculates on this
The hash function quantity of state of the document after one participant digital signature;
Second message transmission module 204, for sending downstream message to next participant, the downstream message includes upper
The hash function quantity of state of the document after one participant digital signature, wherein, with the addition of the feelings of data in each participant before
Under condition, the downstream message can also include the interpolation data of each participant before.
In an application example, above-mentioned second message reception module 201 is additionally operable to receive what first participant sent
First upstream message, first upstream message includes:Original data to be signed documents and first VES signature of participant
As a result.In the case where first participant with the addition of data, first upstream message can also include first participant
Interpolation data.
Now, above-mentioned VES deciphering modules 202, are additionally operable to be decrypted acquisition to the VES signature results of first participant
First digital signature result of participant.In the case where first participant with the addition of data, first participation number formulary
Document after word signature can also include first interpolation data of participant
In one application example, as shown in figure 20, the system in the specific example can also include;
Second document synthesis module 205, for according to original data to be signed documents, the digital signature of first participant
Result synthesizes the document after first participant digital signature.
In the case, above-mentioned second quantity of state determining module 203, is additionally operable to verify the numeral label of first participant
After name, the hash function quantity of state of the document after first participant digital signature is calculated.
Now, above-mentioned second message transmission module 204, is additionally operable to send downstream message to next participant, and this is descending
Message includes:The hash function quantity of state of the document after first participant digital signature.
In an application example, above-mentioned second message reception module 201 is additionally operable to receive what first participant sent
First upstream message, first upstream message includes:First participant treats label using the shared key that each participant is consulted
Wait to sign documents after the encryption that administration's file is obtained after being encrypted the first hash function corresponding with original data to be signed documents
Quantity of state and first VES signature result of participant.
Now, above-mentioned VES deciphering modules 202, are additionally operable to be decrypted acquisition to the VES signature results of first participant
First digital signature result of participant.
Now, above-mentioned second document synthesis module 205, is additionally operable to according to first digital signature result of participant general
Synthesize the document after first participant digital signature in thought;
Above-mentioned second quantity of state determining module 203, after being additionally operable to verify first digital signature of participant, calculating should
The hash function quantity of state of the document after first participant digital signature;
Above-mentioned second message transmission module 204, is additionally operable to send downstream message, the downstream message bag to next participant
Include:The hash function quantity of state of the document after first participant digital signature and the first hash function quantity of state institute
State hash function quantity of state.
In one application example, as shown in figure 20, the system in the specific example can also include:
3rd final document synthesis module 206, for when a participant is last participant on described, according to
The final signature synthesis document of second upstream message synthesis;And in the digital signature authentication of checking last participant
By rear, the final signature synthesis document is sent to each participant.
In one application example, as shown in figure 20, the system in the specific example can also include:
Original document synthesis module 207, for when a participant is last participant on described, according to described
Second upstream message conceptually synthesizes the document after a participant digital signature, according to a upper participant digital signature
After the digital signature authentication of last participant passes through described in confirmation of secretarial document afterwards, according to the digital signature result of each participant
The initial signature synthesis document of synthesis, and the initial signature synthesis document is sent to each participant, by each participant according to itself
The data original to be signed documents of storage, the initial final signature synthesis document of signature synthesis document synthesis.
Figure 21 shows the structural representation of the signature system based on multiple party signatures in another embodiment, the embodiment
In be the system applied with trusted third party TTP, system application in other words or be arranged on as a example by trusted third party TTP is said
It is bright, and trusted third party only interacts with last participant during electronic contract signature.
As shown in figure 21, the system in the embodiment includes:
Second signature information is to receiver module 211, the signature information pair for receiving last participant transmission, signature
Message includes each to the information signature including each participant signature information, each participant signature information, each participant signature information
The hash function quantity of state of document after participant digital signature, the VES signature results of each participant and original wait to sign documents
Data;
Signature information is verified for the VES signature results to each participant to authentication module 212, tied according to checking
Fruit determines the correctness of the hash function quantity of state of document after each participant digital signature;
Message transmission module 213 is performed, for the hash function quantity of state checking of the document after each participant digital signature
By when, send agreement to first participant and perform message, being sent to next participant from first participant should
First digital signature result of participant, and the digital signature result of a upper participant is received by each participant
When, after being verified to the digital signature result of each participant before, sent described in current participant to next participant
Digital signature result, and after being verified to the digital signature result of each participant before by last participant, it is determined that most
Signature synthesizes document eventually, and the final signature is synthesized into each participant before document is sequentially returned to.
It is understood that the other technologies not described in detail in each embodiment of said system as space is limited, are special
Levy, can be identical with above method embodiment.
Those skilled in the art are it is understood that the explanation based on above-mentioned each application example, can use any possible mode
It is combined, to be suitably digitally signed and carried out the scheme of electronic document signature, to be applied to reality
In technology application, therefore, based on scheme, the side after any combinations being obtained in that in above-described embodiment and lower specific example
Case, should be included within protection scope of the present invention.
Each technical characteristic of embodiment described above can be combined arbitrarily, to make description succinct, not to above-mentioned reality
Apply all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited
In contradiction, the scope of this specification record is all considered to be.
Embodiment described above only expresses several embodiments of the invention, and its description is more specific and detailed, but simultaneously
Can not therefore be construed as limiting the scope of the patent.It should be pointed out that coming for one of ordinary skill in the art
Say, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to protection of the invention
Scope.Therefore, the protection domain of patent of the present invention should be determined by the appended claims.
Claims (40)
1. it is a kind of determine message data summarization method, it is characterised in that including step:
Obtain the quantity of state of pending message and hash function;
According to the quantity of state of the hash function, initialization operation is carried out using the initialization algorithm of hash function, initialization is breathed out
The context of uncommon functional operation;
The context of the hash function computing is exported as hash function quantity of state;Calculated using the end of hash function
Method performs the end operation of hash function, obtains the summary info of the pending message.
2. it is according to claim 1 determine message data summarization method, it is characterised in that including in following two
At least one:
The quantity of state of the hash function includes:The information of the register group of Hash operation, and last is still untapped
The information of input data piecemeal;
Before the context of the hash function computing is exported as hash function quantity of state, also including step:Base
In the quantity of state of the hash function, information updating is carried out to the pending message using the information updating algorithm of hash function
Operation, the context of the hash function computing after being updated;
Using the information updating algorithm of hash function, at least one data slot to the pending message performs the message
Update operation.
3. a kind of digital signature method based on multiple party signatures, it is characterised in that including step:
Current participant is obtained or constructed to be waited to sign documents;
It is determined that with wait the corresponding hash function quantity of state that signs documents;
According to the hash function quantity of state, the context of hash function computing is initialized;
Using the end operation of the end algorithm performs hash function of hash function, obtain the data to be signed documents and pluck
Will;
Digital signing operations are performed according to the data summarization to be signed documents, digital signature result is obtained.
4. the endorsement method based on multiple party signatures according to claim 3, it is characterised in that:It is in the current participant
During first participant,
It is described to wait to sign documents including original data to be signed documents and the interpolation data;
It is determined that including with the mode of corresponding hash function quantity of state of waiting to sign documents:Calculate obtain with it is described it is original treat signature text
Number of packages is according to corresponding first hash function quantity of state;Determine according to the first hash function quantity of state, the interpolation data
Two hash function quantity of states;
With corresponding hash function quantity of state of waiting to sign documents for the second hash function quantity of state;
According to the second hash function quantity of state, the context of hash function computing is initialized.
5. the endorsement method based on multiple party signatures according to claim 3, it is characterised in that be in the current participant
During first participant, after the digital signature result is obtained, also including step:
The digital signature result is added to described wait document after the middle current participant digital signature of acquisition that signs documents, and general
Document sends to trusted third party after the current participant digital signature;
Or
VES signature treatment is carried out to the digital signature result, VES signature results are obtained;
The first upstream message is sent to trusted third party, first upstream message includes that the VES signs and result and original treats
Sign documents data, or, first upstream message include the VES signature result, original data to be signed documents and
The interpolation data of current participant.
6. the endorsement method based on multiple party signatures according to claim 4, it is characterised in that be in the current participant
During first participant, also including step:
Using each participant consult shared key to it is described wait to sign documents be encrypted, wait to sign documents after being encrypted;
The first upstream message is sent to trusted third party, the first upstream message includes waiting to sign documents after the encryption, described first breathes out
Uncommon function status amount and the digital signature result, or, the first upstream message includes waiting after the encryption signing documents,
The interpolation data of the first hash function quantity of state, the digital signature result and current participant;
Or
VES signature treatment is carried out to the digital signature result, VES signature results are obtained;
Using each participant consult shared key to it is described wait to sign documents be encrypted, wait to sign documents after being encrypted;
The first upstream message is sent to trusted third party, first upstream message includes waiting to sign documents after the encryption, described
First hash function quantity of state and VES signature results, or, the first upstream message is waited to sign after including the encryption
The interpolation data of file, the first hash function quantity of state, VES signature results and current participant.
7. the endorsement method based on multiple party signatures according to claim 3 or 4 or 5 or 6, it is characterised in that work as described
When preceding participant is not first participant, after the digital signature result is obtained, also including step:
The second upstream message is sent to the trusted third party, second upstream message includes the digital signature result, or
Person, second upstream message includes the interpolation data of the digital signature result and current participant;
Or
VES signature treatment is carried out to the digital signature result, VES signature results are obtained;
The second upstream message is sent to trusted third party, second upstream message includes VES signature results, or, it is described
Second upstream message includes the interpolation data of VES signature results and current participant.
8. the endorsement method based on multiple party signatures according to any one of claim 3,5,7, it is characterised in that:
When the current participant is not first participant, before current participant constructs and waits to sign documents, also include
Step:The downstream message that the trusted third party sends is received, the downstream message includes the hash function quantity of state, or
Person, the downstream message include the hash function quantity of state and before each participant to the addition to be signed documents
Data, the hash function quantity of state is to wait the corresponding hash function state that signs documents with after upper participant signature
Amount, each participant before includes the previous participant;
Current participant is waited to sign documents according to the downstream message is conceptually constructed, described to wait to sign documents for virtual
File.
9. the endorsement method based on multiple party signatures according to claim 4 or 6, it is characterised in that in the current participation
When side is not first participant, current participant is constructed before waiting to sign documents, also including step:
The downstream message that trusted third party sends is received, the downstream message includes the hash function quantity of state and first
Hash function quantity of state, or, the downstream message include the hash function quantity of state, the first hash function quantity of state and
To the interpolation data to be signed documents, the hash function quantity of state is to be signed with previous participant to each participant before
The quantity of state of the corresponding hash function of file crossed, the first hash function quantity of state is and original data pair to be signed documents
The quantity of state of the hash function answered, each participant before includes the previous participant.
10. the endorsement method based on multiple party signatures according to claim 9, it is characterised in that receiving described descending disappear
After breath, also including step:
According to the data original to be signed documents that itself is stored, the first hash function quantity of state is verified.
11. endorsement method based on multiple party signatures according to any one in claim 3,5,7,8, it is characterised in that
Also include step:Receive the final signature synthesis document that trusted third party sends after being verified to last participant.
12. endorsement method based on multiple party signatures according to any one in claim 3,4,6,7,8,9,10, it is special
Levy and be, also including step:
The initial signature synthesis document that trusted third party sends after being verified to last participant is received, it is described initial
Signature synthesis document is the synthesis document that the trusted third party is based on determining the digital signature result of each participant;
Data original to be signed documents, the initial final signature synthesis text of signature synthesis document synthesis stored according to itself
Shelves.
13. endorsement method based on multiple party signatures according to claim 3 or 4, it is characterised in that obtaining digital signature
After result, also including step:
The digital signature result is added to described wait document after the middle current participant digital signature of acquisition that signs documents;
It is determined that after current participant digital signature document hash function quantity of state;
VES signature treatment is carried out to the digital signature result, VES signature results are obtained;
Based on the hash function quantity of state of document after the current participant digital signature, VES signature results and original
The current participant signature information of data configuration to be signed documents;
Calculate the information signature of the current participant signature information;
Signature information pair is sent to next participant, the signature information disappears to the first signature including the current participant
Breath is right, and first signature information including the current participant signature information, the current participant signature information to disappearing
Breath signature.
14. endorsement methods based on multiple party signatures according to claim 13, it is characterised in that in the current participant
When not being first participant, before current participant constructs and waits to sign documents, also including step:
The signature information pair that a participant sends is received, the signature information that a upper participant sends is to including:It is before each
The signature information pair of participant, the signature information of each participant is to including the signature information of each participant before, each before before
The information signature of participant signature information, document after each participant digital signature before each participant signature information includes before
VES signature result and the original data to be signed documents of hash function quantity of state, before each participant.
15. endorsement method based on multiple party signatures according to claim 13 or 14, it is characterised in that including following items
In any one or any combination:
The current participant signature information also interpolation data including current participant;
When the current participant is not first participant, the signature information pair also includes the signature of each participant before
Message pair;
The interpolation data of each participant before each participant signature information also includes before;
The signature information that participant sends in reception to after, also including step:The message of each participant before checking
Signature and VES signature results;
When the current participant is first participant, also including step:Receive trusted third party and receive last
The information signature that individual participant sends performs message to the agreement of rear return;Message is performed to next participation according to the agreement
Side sends the digital signature result of current participant;
When the current participant is not first participant, also including step:Before receiving a participant transmission
The digital signature result of each participant;After the digital signature result to each participant before is verified, to next participation
Side sends the digital signature result of current participant;
When the current participant is last participant, also including step:Before receiving a participant transmission
The digital signature result of each participant;After the digital signature result to each participant before is verified, it is determined that final signature
Synthesis document, and the final signature synthesis document is sent to a upper participant;
It is not first participant and when not being last participant in the current participant, also including step:Under reception
The final signature synthesis document that one participant sends;The final signature synthesis upward participant of document is sent;
When the current participant is not first participant, also including step:Receive the final of next participant transmission
Signature synthesis document.
16. a kind of endorsement methods based on multiple party signatures, it is characterised in that including step:
The second upstream message that a participant sends is received, second upstream message includes the numeral of a upper participant
Signature result;
Document after a upper participant digital signature is synthesized according to second upstream message;
Verify on this after digital signature for participant, calculate the Hash letter of the document on this after participant digital signature
Number state amount;
Downstream message is sent to next participant, the downstream message includes the document after a upper participant digital signature
Hash function quantity of state.
17. a kind of endorsement methods based on multiple party signatures, it is characterised in that including step:
The second upstream message that a participant sends is received, second upstream message includes the VES of a upper participant
Signature result;
VES signature results to a upper participant are decrypted the digital signature result for obtaining a upper participant;
Verify on this after digital signature result for participant, calculate the Kazakhstan of the document on this after participant digital signature
Uncommon function status amount;
Downstream message is sent to next participant, the downstream message includes the document after a upper participant digital signature
Hash function quantity of state.
18. endorsement method based on multiple party signatures according to claim 16 or 17, it is characterised in that:
Before second upstream message of participant transmission in reception, also including step:
The document after first participant digital signature that first participant sends is received, first participant numeral is signed
Document after name includes original data to be signed documents, the digital signature of first participant;
Verify described in the document after first participant digital signature after first digital signature of participant, calculate institute
State the hash function quantity of state of the document after first participant digital signature;
Downstream message is sent to next participant, the downstream message includes the document after first participant digital signature
Hash function quantity of state;
Or.
Before second upstream message of participant transmission in reception, also including step:
The first upstream message that first participant sends is received, first upstream message includes:First participant is using each
The shared key that participant is consulted treat sign documents be encrypted after wait to sign documents after the encryption that obtains and original wait to sign
The corresponding first hash function quantity of state of file data and first digital signature result of participant;
Document after first participant digital signature is conceptually synthesized according to first upstream message;
After verifying first digital signature of participant, the Hash letter of the document after first participant digital signature is calculated
Number state amount;
Downstream message is sent to next participant, the downstream message includes:Document after first participant digital signature
Hash function quantity of state and the first hash function quantity of state;
Or
Before second upstream message of participant transmission in reception, also including step:
The first upstream message that first participant sends is received, first upstream message includes:Original data to be signed documents,
And first VES signature result of participant;
VES signature results to first participant are decrypted first digital signature result of participant of acquisition;
Synthesize first participant numeral according to original data to be signed documents, the digital signature result of first participant to sign
Document after name;
After verifying first digital signature of participant, the Hash letter of the document after first participant digital signature is calculated
Number state amount;
Downstream message is sent to next participant, the downstream message includes:Document after first participant digital signature
Hash function quantity of state;
Or
Before second upstream message of participant transmission in reception, also including step:
The first upstream message that first participant sends is received, first upstream message includes:First participant is using each
The shared key that participant is consulted treat sign documents be encrypted after wait to sign documents after the encryption that obtains and original wait to sign
The corresponding first hash function quantity of state of file data and first VES signature result of participant;
VES signature results to first participant are decrypted first digital signature result of participant of acquisition;
Document after first participant digital signature is conceptually synthesized according to first digital signature result of participant;
After verifying first digital signature of participant, the Hash letter of the document after first participant digital signature is calculated
Number state amount;
Downstream message is sent to next participant, the downstream message includes:Document after first participant digital signature
Hash function quantity of state and hash function quantity of state described in the first hash function quantity of state.
19. endorsement method based on multiple party signatures according to claim 16 or 17 or 18, it is characterised in that including following
At least one in items:
The second upstream message also interpolation data including a upper participant;
The downstream message also includes the interpolation data of each participant before;
The document also interpolation data including first participant after first participant digital signature;
The first upstream message also interpolation data including first participant.
20. endorsement method based on multiple party signatures according to claim 16 or 17 or 18 or 19, it is characterised in that:
Also include step:
When a participant is last participant on described, according to the final signature synthesis of second upstream message synthesis
Document;
After the digital signature authentication of checking last participant passes through, by the final signature synthesis document to each ginseng
With square transmission;
Or
Also include step:
When a participant is last participant on described, upper one is conceptually synthesized according to second upstream message
Document after individual participant digital signature,
The digital signature authentication of last participant according to the confirmation of secretarial document after a upper participant digital signature passes through
Afterwards, the initial signature synthesis document of digital signature result synthesis according to each participant, and by the initial signature synthesis document to each
Participant transmission, the data original to be signed documents stored according to itself by each participant, the initial signature synthesize document conjunction
Into final signature synthesis document.
21. a kind of endorsement methods based on multiple party signatures, it is characterised in that including step:Receive last participant transmission
Signature information pair, signature information is each to participate in the information signature including each participant signature information, each participant signature information
Square signature information include the hash function quantity of state of document after each participant digital signature, each participant VES signature results with
And original data to be signed documents;
The VES of each participant signature result is verified, document after each participant digital signature is determined according to the result
The correctness of hash function quantity of state;
When the hash function quantity of state of document after each participant digital signature is verified, agreement is sent to first participant
Message is performed, the digital signature knot of first participant is sent to next participant from first participant
Really, when and receiving the digital signature result of a upper participant by each participant, to the digital signature knot of each participant before
After fruit is verified, the digital signature result of current participant is sent to next participant, and by last participation
After side is verified to the digital signature result of each participant before, it is determined that final signature synthesis document, and by the final signature
Synthesis document sequentially returns to each participant before.
A kind of 22. systems of the data summarization for determining message, it is characterised in that including:
Data obtaining module, the quantity of state for obtaining pending message and hash function;
First initialization module, for the quantity of state according to the hash function, is carried out using the initialization algorithm of hash function
Initialization operation, initializes the context of hash function computing;
Information updating module, for the quantity of state based on the hash function, using the information updating algorithm of hash function to institute
Stating pending message carries out information updating operation, the context of the hash function computing after being updated;
Quantity of state output module, it is defeated for the context of the hash function computing after renewal to be carried out as hash function quantity of state
Go out;
Terminate processing module, for the end operation of the end algorithm performs hash function using hash function, treated described in acquisition
Process the summary info of message.
The system of 23. data summarizations for determining message according to claim 22, it is characterised in that including in following two
At least one:
The quantity of state of the hash function includes:The information of the register group of Hash operation, and last is still untapped
The information of input data piecemeal;
The information updating module uses the information updating algorithm of hash function, at least one data of the pending message
Fragment performs the information updating operation.
A kind of 24. digital signature systems based on multiple party signatures, it is characterised in that including:
File acquisition module, waits to sign documents for obtaining or constructing;
First state amount determining module, for determining and waiting the corresponding hash function quantity of state that signs documents;
Second initialization module, for according to the hash function quantity of state, initializing the context of hash function computing;
Summary determining module, for the end operation of the end algorithm performs hash function using hash function, treats described in acquisition
The data summarization for signing documents;
Digital Signature module, for performing digital signing operations according to the data summarization to be signed documents, obtains numeral and signs
Name result.
25. signature systems based on multiple party signatures according to claim 24, it is characterised in that:
Also include:Interpolation data acquisition module, for obtaining current participant to the interpolation data to be signed documents;
When the current participant is first participant, it is described wait to sign documents including original data to be signed documents and
The interpolation data;
The first state amount determining module, the first Hash corresponding with the original data to be signed documents is obtained for calculating
Function status amount;Second hash function quantity of state is determined according to the first hash function quantity of state, the interpolation data;
With corresponding hash function quantity of state of waiting to sign documents for the second hash function quantity of state;
Second initialization module initializes the context of hash function computing according to the second hash function quantity of state.
26. signature system based on multiple party signatures according to claim 24 or 25, it is characterised in that also include:
Document creation module, for when the current participant is first participant, by digital signature result addition
To described wait document after the middle current participant digital signature of acquisition that signs documents, and by the current participant digital signature hereinafter
Shelves send to trusted third party;
Or.
Shared key encrypting module, for when the current participant is first participant, being consulted using each participant
Shared key to it is described wait to sign documents be encrypted, wait to sign documents after being encrypted;
First message sending module, for when the current participant is first participant, the is sent to trusted third party
One upstream message, the first upstream message includes waiting to sign documents after the encryption, the first hash function quantity of state, Yi Jisuo
Digital signature result is stated, or, the first upstream message includes waiting to sign documents after the encryption, the first hash function state
The interpolation data of amount, the digital signature result and current participant;
Or
VES signature blocks, for carrying out VES signature treatment to the digital signature result, obtain VES signature results;
First message sending module, for when the current participant is first participant, the is sent to trusted third party
One upstream message, first upstream message includes the VES signature result and original data to be signed documents, or, institute
State interpolation data of first upstream message including VES signatures result, original data to be signed documents and current participant;
Or.
VES signature blocks, for when the current participant is first participant, being carried out to the digital signature result
The treatment of VES signatures, obtains VES signature results;
Shared key encrypting module, for when the current participant is first participant, being consulted using each participant
Shared key to it is described wait to sign documents be encrypted, wait to sign documents after being encrypted;
First message sending module, for when the current participant is first participant, the is sent to trusted third party
One upstream message, the first upstream message includes waiting to sign documents after the encryption, the first hash function quantity of state, Yi Jisuo
VES signature results are stated, or, the first upstream message includes waiting to sign documents after the encryption, the first hash function state
The interpolation data of amount, VES signature results and current participant.
27. signature system based on multiple party signatures according to claim 24 or 25, it is characterised in that also include:
First message sending module, for when the current participant is not first participant, to the trusted third party
The second upstream message is sent, second upstream message includes the digital signature result, or, the second upstream message bag
Include the interpolation data of the digital signature result and current participant;
Or.
VES signature blocks, for when the current participant is not first participant, being carried out to the digital signature result
The treatment of VES signatures, obtains VES signature results;
First message sending module, for when the current participant is not first participant, being sent to trusted third party
Second upstream message, second upstream message includes VES signature results, or, second upstream message includes institute
State the interpolation data of VES signature results and current participant.
28. signature system based on multiple party signatures according to claim 24 to 27 any one, it is characterised in that:
Also include first message receiver module, for receiving the downstream message that the trusted third party sends, in the current ginseng
During with not being just first participant, the downstream message includes the hash function quantity of state, or, the downstream message bag
Include the hash function quantity of state and before each participant to the interpolation data to be signed documents, the hash function
Quantity of state is to wait the corresponding hash function quantity of state that signs documents with after upper participant signature, each participant bag before
Include the previous participant;
The file acquisition module, waits to sign documents according to the downstream message is conceptually constructed, described to treat signature text
Part is virtual file;
Or
Also include first message receiver module, the downstream message for receiving trusted third party's transmission, in the current participant
When not being first participant, the downstream message includes the hash function quantity of state and the first hash function quantity of state,
Or, the downstream message includes the hash function quantity of state, the first hash function quantity of state and each participant pair before
The interpolation data to be signed documents, the hash function quantity of state is corresponding with the file that previous participant was signed
The quantity of state of hash function, the first hash function quantity of state is hash function corresponding with original data to be signed documents
Quantity of state, each participant before includes the previous participant.
29. signature systems based on multiple party signatures according to claim 28, it is characterised in that also include:
Quantity of state authentication module, for the data original to be signed documents stored according to itself, to the institute in the downstream message
The first hash function quantity of state is stated to be verified.
30. signature system based on multiple party signatures according to any one of claim 24,26,27,28, its feature exists
In also including:
First Document Creator Module, it is final for receive that trusted third party sends after being verified to last participant
Signature synthesis document.
31. signature system based on multiple party signatures according to any one of claim 25,26,27,28,29, its feature
It is also to include:
Second Document Creator Module, it is initial for receive that trusted third party sends after being verified to last participant
Signature synthesis document, the initial signature synthesis document is the trusted third party based on the digital signature result to each participant
The synthesis document of determination;
First final document synthesis module, for the data original to be signed documents, the initial signature conjunction that are stored according to itself
Into the final signature synthesis document of document synthesis.
32. signature system based on multiple party signatures according to claim 24 or 25, it is characterised in that also include:
Document creation module, current number formulary is participated in for the digital signature result to be added into middle acquisition of waiting to sign documents
Document after word signature;
Document status amount determining module, the hash function quantity of state for determining document after current participant digital signature;
VES signature blocks, for carrying out VES signature treatment to the digital signature result, obtain VES signature results;
Message constructing module, for hash function quantity of state, the VES based on document after the current participant digital signature
Signature result and the current participant signature information of original data configuration to be signed documents;
Information signature computing module, the information signature for calculating the current participant signature information;
, to sending module, for sending signature information pair to next participant, the signature information is to including institute for signature information
The first signature information pair of current participant is stated, first signature information is to including the current participant signature information, institute
State the information signature of current participant signature information.
33. signature systems based on multiple party signatures according to claim 32, it is characterised in that also include:
First signature information is to receiver module, the signature information pair for receiving upper participant transmission, a upper participant
The signature information of transmission is to including:The signature information pair of each participant before, the signature information of each participant is to including it before
The information signature of the signature information of preceding each participant, before each participant signature information, before each participant signature information include
The hash function quantity of state of document after each participant digital signature, before VES signature results of each participant and original before
Data to be signed documents.
34. signature system based on multiple party signatures according to claim 32 or 33, it is characterised in that including following items
In any one or any combination:
The current participant signature information also interpolation data including current participant;
When the current participant is not first participant, the signature information pair also includes the signature of each participant before
Message pair;
The interpolation data of each participant before each participant signature information also includes before;
Signature verification module, for receiving the signature information pair that a participant sends to receiver module in the first signature information
Afterwards, the information signature of each participant and VES signature results before checking;
The first message receiver module, for when the current participant is first participant, receiving trusted third party
Message is performed to the agreement of rear return in the information signature for receiving the transmission of last participant;Performed according to the agreement and disappeared
Cease the digital signature result that current participant is sent to next participant;
Digital signature receives authentication module, for when the current participant is not first participant, receiving a upper ginseng
The digital signature result of each participant before sent with side;It is verified in the digital signature result to each participant before
Afterwards, the digital signature result of current participant is sent to next participant;
Second final document synthesis module, for when the current participant is last participant, to each ginseng before
After being verified with the digital signature result of side, it is determined that final signature synthesis document, and the final signature synthesis document is sent
To a upper participant;
Final document returns to module, for when the current participant is not first participant, receiving next participant
The final signature synthesis document for sending;And when the current participant is not first participant, by the final signature synthesis
The upward participant of document sends.
A kind of 35. signature systems based on multiple party signatures, it is characterised in that including:
Second message reception module, for receiving the second upstream message that a upper participant sends, second upstream message
Digital signature result including a upper participant;
Second document synthesis module, for synthesizing the text after a upper participant digital signature according to second upstream message
Shelves;
Second quantity of state determining module, for verifying on this after digital signature for participant, calculates a participant on this
The hash function quantity of state of the document after digital signature;
Second message transmission module, for sending downstream message to next participant, the downstream message includes upper one ginseng
With the hash function quantity of state of the document after square digital signature.
A kind of 36. signature systems based on multiple party signatures, it is characterised in that including:
Second message reception module, for receiving the second upstream message that a upper participant sends, second upstream message
VES signature results including a upper participant;
VES deciphering modules, the numeral for obtaining a upper participant is decrypted for the VES signature results to a upper participant
Signature result;
Second quantity of state determining module, for verifying on this after digital signature result for participant, calculates a ginseng on this
With the hash function quantity of state of the document after square digital signature;
Second message transmission module, for sending downstream message to next participant, the downstream message includes upper one ginseng
With the hash function quantity of state of the document after square digital signature.
37. signature system based on multiple party signatures according to claim 35 or 36, it is characterised in that:
Second message reception module, after being additionally operable to receive first participant digital signature that first participant sends
Document, document after first participant digital signature includes the number of original data to be signed documents, first participant
Word is signed;
Second quantity of state determining module, is additionally operable to first described in the document after checking first participant digital signature
After the digital signature of participant, the hash function quantity of state of the document after first participant digital signature is calculated;
Second message transmission module, is additionally operable to send downstream message to next participant, and the downstream message includes described first
The hash function quantity of state of the document after individual participant digital signature;
Or
Second message reception module, is additionally operable to receive the first upstream message that first participant sends, first upstream message
Including:First participant treated using the shared key that each participant is consulted sign documents be encrypted after obtain encryption after
Wait to sign documents and the original corresponding first hash function quantity of state of data to be signed documents and first number of participant
Word signature result;
Second document synthesis module, is additionally operable to conceptually synthesize first participant numeral according to first upstream message
Document after signature;
Second quantity of state determining module, after being additionally operable to verify first digital signature of participant, calculates this first participation
The hash function quantity of state of the document after square digital signature;
Second message transmission module, is additionally operable to send downstream message to next participant, and the downstream message includes:First ginseng
With the hash function quantity of state and the first hash function quantity of state of the document after square digital signature;
Or
Second message reception module, is additionally operable to receive the first upstream message that first participant sends, first upstream message
Including:Original data to be signed documents and first VES signature result of participant;
VES deciphering modules, are additionally operable to be decrypted first number of participant of acquisition to the VES signature results of first participant
Word signature result;
Also include the second document synthesis module, for according to original data to be signed documents, the digital signature of first participant
Result synthesizes the document after first participant digital signature;
Second quantity of state determining module, after being additionally operable to verify first digital signature of participant, calculates this first participation
The hash function quantity of state of the document after square digital signature;
Second message transmission module, is additionally operable to send downstream message to next participant, and the downstream message includes:First ginseng
With the hash function quantity of state of the document after square digital signature;
Or
Second message reception module, is additionally operable to receive the first upstream message that first participant sends, first upstream message
Including:First participant treated using the shared key that each participant is consulted sign documents be encrypted after obtain encryption after
Wait to sign documents and the original corresponding first hash function quantity of state of data to be signed documents and first VES of participant
Signature result;
VES deciphering modules, are additionally operable to be decrypted first number of participant of acquisition to the VES signature results of first participant
Word signature result;
Also include the second document synthesis module, for according to first digital signature result of participant conceptually synthesize this
Document after one participant digital signature;
Second quantity of state determining module, after being additionally operable to verify first digital signature of participant, calculates this first participation
The hash function quantity of state of the document after square digital signature;
Second message transmission module, is additionally operable to send downstream message to next participant, and the downstream message includes:First ginseng
With the hash function quantity of state and hash function shape described in the first hash function quantity of state of the document after square digital signature
State amount.
38. signature system based on multiple party signatures according to claim 35 or 36 or 37, it is characterised in that including following
At least one in items:
The second upstream message also interpolation data including a upper participant;
The downstream message also includes the interpolation data of each participant before;
The document also interpolation data including first participant after first participant digital signature;
The first upstream message also interpolation data including first participant.
39. signature system based on multiple party signatures according to claim 35 to 37 any one, it is characterised in that also wrap
Include:
3rd final document synthesis module, for when a participant is last participant on described, according to described the
The final signature synthesis document of two upstream messages synthesis;And the digital signature authentication in checking last participant passes through
Afterwards, the final signature synthesis document is sent to each participant;
Or
Original document synthesis module, for when a participant is last participant on described, according on described second
Row message conceptually synthesizes the document after a participant digital signature, according to the text after a upper participant digital signature
After the digital signature authentication of shelves checking last participant passes through, the digital signature result synthesis according to each participant is just
Begin signature synthesis document, and the initial signature synthesis document is sent to each participant, is stored according to itself by each participant
Original data to be signed documents, the initial final signature synthesis document of signature synthesis document synthesis.
A kind of 40. signature systems based on multiple party signatures, it is characterised in that including:
Second signature information is to receiver module, the signature information pair for receiving last participant transmission, signature information pair
Information signature including each participant signature information, each participant signature information, each participant signature information includes each participant
VES signature result and the original data to be signed documents of the hash function quantity of state of document, each participant after digital signature;
Signature information is verified for the VES signature results to each participant to authentication module, determined according to the result each
The correctness of the hash function quantity of state of document after participant digital signature;
Message transmission module is performed, for when the hash function quantity of state of document after each participant digital signature is verified,
Agreement being sent to first participant and performing message, this first ginseng is sent to next participant from first participant
With the digital signature result of side, and when receiving the digital signature result of a upper participant by each participant, to before
After the digital signature result of each participant is verified, the digital signature knot of current participant is sent to next participant
Really, after and being verified to the digital signature result of each participant before by last participant, it is determined that final signature synthesis
Document, and the final signature synthesis document is sequentially returned into each participant before.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710061691.XA CN106789087B (en) | 2017-01-26 | 2017-01-26 | Method and system for determining data digest of message and multi-party-based digital signature |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710061691.XA CN106789087B (en) | 2017-01-26 | 2017-01-26 | Method and system for determining data digest of message and multi-party-based digital signature |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106789087A true CN106789087A (en) | 2017-05-31 |
| CN106789087B CN106789087B (en) | 2020-01-07 |
Family
ID=58955116
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710061691.XA Active CN106789087B (en) | 2017-01-26 | 2017-01-26 | Method and system for determining data digest of message and multi-party-based digital signature |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106789087B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107682859A (en) * | 2017-08-31 | 2018-02-09 | 上海华为技术有限公司 | Message treatment method and relevant device |
| CN108964906A (en) * | 2018-07-19 | 2018-12-07 | 数安时代科技股份有限公司 | The digital signature method of co-EC C |
| CN114024680A (en) * | 2020-12-14 | 2022-02-08 | 北京八分量信息科技有限公司 | Multiple signature method in multi-signature consensus architecture |
| CN114726552A (en) * | 2022-06-07 | 2022-07-08 | 杭州天谷信息科技有限公司 | Digital signature right transfer method and system |
| CN115481445A (en) * | 2022-08-16 | 2022-12-16 | 北京矩阵分解科技有限公司 | Portable document format file signature checking method, device, equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101873328A (en) * | 2010-06-28 | 2010-10-27 | 北京邮电大学 | Multipartite contract signing method based on aggregated signature |
| CN102546182A (en) * | 2012-02-01 | 2012-07-04 | 李智虎 | Method, system and device for signing electronic contract without trusted third party |
| CN105162594A (en) * | 2015-07-31 | 2015-12-16 | 飞天诚信科技股份有限公司 | Quick signing method and signing device |
-
2017
- 2017-01-26 CN CN201710061691.XA patent/CN106789087B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101873328A (en) * | 2010-06-28 | 2010-10-27 | 北京邮电大学 | Multipartite contract signing method based on aggregated signature |
| CN102546182A (en) * | 2012-02-01 | 2012-07-04 | 李智虎 | Method, system and device for signing electronic contract without trusted third party |
| CN105162594A (en) * | 2015-07-31 | 2015-12-16 | 飞天诚信科技股份有限公司 | Quick signing method and signing device |
Non-Patent Citations (2)
| Title |
|---|
| 范伟: "移动商务安全性研究", 《中国博士学位论文全文数据库-信息科技辑》 * |
| 高悦翔: "电子商务安全协议的设计与形式化分析", 《中国博士学位论文全文数据库-信息科技辑》 * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107682859A (en) * | 2017-08-31 | 2018-02-09 | 上海华为技术有限公司 | Message treatment method and relevant device |
| CN107682859B (en) * | 2017-08-31 | 2020-07-14 | 上海华为技术有限公司 | Message processing method and related equipment |
| CN108964906A (en) * | 2018-07-19 | 2018-12-07 | 数安时代科技股份有限公司 | The digital signature method of co-EC C |
| CN108964906B (en) * | 2018-07-19 | 2021-05-28 | 数安时代科技股份有限公司 | Digital signature method for cooperation with ECC |
| CN114024680A (en) * | 2020-12-14 | 2022-02-08 | 北京八分量信息科技有限公司 | Multiple signature method in multi-signature consensus architecture |
| CN114726552A (en) * | 2022-06-07 | 2022-07-08 | 杭州天谷信息科技有限公司 | Digital signature right transfer method and system |
| CN114726552B (en) * | 2022-06-07 | 2022-10-11 | 杭州天谷信息科技有限公司 | Digital signature right transfer method and system |
| CN115481445A (en) * | 2022-08-16 | 2022-12-16 | 北京矩阵分解科技有限公司 | Portable document format file signature checking method, device, equipment and storage medium |
| CN115481445B (en) * | 2022-08-16 | 2023-08-18 | 北京矩阵分解科技有限公司 | Signature verification method, device and equipment for portable document format file and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106789087B (en) | 2020-01-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Raikwar et al. | SoK of used cryptography in blockchain | |
| Menezes et al. | Handbook of applied cryptography | |
| CN111008836B (en) | Privacy security transfer payment method, device, system and storage medium | |
| CN108463967B (en) | Cipher device for pre-calculation and transaction mixing | |
| CN107196763A (en) | SM2 algorithms collaboration signature and decryption method, device and system | |
| CN108667626A (en) | The two sides cooperation SM2 endorsement methods of safety | |
| CN106789087A (en) | Determine the data summarization of message, the method and system based on multi-party digital signature | |
| AU3755695A (en) | Secret-key certificates | |
| US9088419B2 (en) | Keyed PV signatures | |
| CN108494559B (en) | Electronic contract signing method based on semi-trusted third party | |
| CN109687977A (en) | Anti- quantum calculation digital signature method and anti-quantum calculation digital signature system based on multiple pool of keys | |
| Haenni et al. | Cast-as-intended verification in electronic elections based on oblivious transfer | |
| Simmons | Secure communications and asymmetric cryptosystems | |
| CN116349203A (en) | Identifying denial of service attacks | |
| Tsai et al. | An ECC‐based blind signcryption scheme for multiple digital documents | |
| Kohlweiss et al. | Accountable metadata-hiding escrow: A group signature case study | |
| Gao et al. | Quantum election protocol based on quantum public key cryptosystem | |
| Sui et al. | AuxChannel: Enabling efficient bi-directional channel for scriptless blockchains | |
| Chiou et al. | Design and implementation of a mobile voting system using a novel oblivious and proxy signature | |
| CN116346336A (en) | Key distribution method based on multi-layer key generation center and related system | |
| Lin et al. | Verifiable attribute‐based proxy re‐encryption for secure public cloud data sharing | |
| Babenko et al. | Distributed E-voting system based on blind intermediaries using homomorphic encryption | |
| Huang et al. | How to protect privacy in optimistic fair exchange of digital signatures | |
| KR100349418B1 (en) | Method for preventing abuse in blind signatures | |
| EP4231583A1 (en) | Methods and arrangements for establishing digital identity |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |