CN106850229A - SM2 digital signature generation method and system based on the secret segmentation of product - Google Patents

SM2 digital signature generation method and system based on the secret segmentation of product Download PDF

Info

Publication number
CN106850229A
CN106850229A CN201710046710.1A CN201710046710A CN106850229A CN 106850229 A CN106850229 A CN 106850229A CN 201710046710 A CN201710046710 A CN 201710046710A CN 106850229 A CN106850229 A CN 106850229A
Authority
CN
China
Prior art keywords
mod
digital signature
interval
calculated
integer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710046710.1A
Other languages
Chinese (zh)
Other versions
CN106850229B (en
Inventor
龙毅宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan University of Technology WUT
Original Assignee
Wuhan University of Technology WUT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University of Technology WUT filed Critical Wuhan University of Technology WUT
Priority to CN201710046710.1A priority Critical patent/CN106850229B/en
Publication of CN106850229A publication Critical patent/CN106850229A/en
Application granted granted Critical
Publication of CN106850229B publication Critical patent/CN106850229B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves

Abstract

Invention is related to SM2 digital signature generation methods:Device 1,2 has secret d1、d2And dA(1+dA)‑1Mod n=d1d2Mod n, dAIt is user's SM2 private keys;H=a (d are setA)‑1Mod n, Ga=[a] G, a are optional secret numbers, and G is the basic point of SM2, and h does not maintain secrecy;When digital signature is generated, two device interactive computings go out Q=[(k1+k2)]Gb, r=(e+x1) mod n, wherein k1、k2It is the optional integer of device 1,2, Gb=[b] Ga, b is the integer that device 1 is only known, (x1,y1)=Q, e are the Hash Values of message;Device 1 is by w1=d1B mod n, s1=(hk1‑(b)‑1R) mod n are to device 2;Device 2 calculates s=d2w1(hk2+s1)mod n;(r, s) is the digital signature of message.

Description

SM2 digital signature generation method and system based on the secret segmentation of product
Technical field
The invention belongs to field of information security technology, particularly a kind of SM2 digital signature life based on the secret segmentation of product Into method and system.
Background technology
In public-key encryptosystem, in order to ensure the security of private key for user, the private key of user is typically stored in Used in special cryptographic hardware, such as storage is used in USB Key, SmartCard, and private key can not lead from cryptographic hardware Go out.But, in some cases, such as, due to cost, or (such as movement is logical due to no suitable cryptographic hardware Letter terminal) so that user cannot rely on cryptographic hardware to store private key and carry out crypto-operation using private key.For this Situation, current most common method is the crypto module for using pure software, and private key for user is stored in into user's computing device sheet In the permanent storage media on ground (electric board such as in the disk of PC, mobile communication terminal), and by PIN (Personal Identification Number) code is protected to private key.When private key for user is needed to use, software key Code module reads private key for user (requiring user input PIN code if necessary) from the permanent storage media of user's computing device, then Carry out crypto-operation.It is this be stored in using pure software password mould, by private key for user computing device it is local by the way of there is user The risk of private key leakage, such as, attacker steals the private key for user being stored in user's computing device by wooden horse, cracks user The PIN code of private key is protected, so as to obtain private key for user;And it is this by the way of pure software crypto module, private key for user is most Need to be imported into internal memory with plaintext version eventually and used, such attacker steals and be stored in possibly through certain attack pattern Private key for user in internal memory.How in the case where cryptographic hardware is not used, safety is stored and has reality using private key for user Demand, there is good practical application meaning to the solution of this problem.
The solution common to this problem is that private key for user is divided into many parts by certain mode, and every part is referred to as , then by every part of secret shadow storage to different computing devices, especially be stored in for partial secret share by secret shadow Safety precautions in place, in the online cryptographic service system of the good professional cryptographic service mechanism of safety condition;When password should When private key for user is needed to use with program, system carrying out crypto-operation, such as it is digitally signed or during data deciphering, multiple is calculated Device carries out crypto-operation using the secret shadow of oneself respectively, finally by each device calculate result merge, formed it is last, The result (result of digital signature or data deciphering) of crypto-operation is carried out using private key for user.
SM2 be by national Password Management office promulgate a kind of ellipse curve public key cipher algorithm (referring to《SM2 elliptic curves Public key algorithm》Specification, national Password Management office, in December, 2010), can realize that digital signature, key are handed over based on this algorithm Change and data encryption.But, due to the unique digital signature computing mode of SM2 algorithms, common privacy sharing (segmentation) mode And the corresponding crypto-operation mode based on privacy sharing, it is impossible to it is adapted for use with the situation that SM2 private keys are digitally signed.
The content of the invention
The purpose of the present invention is to propose to SM2 digital signature generation method of the one kind based on secret segmentation (or shared), with full In the case of the no cryptographic hardware of foot, the demand that safe handling user's SM2 private keys are digitally signed.
For the purpose of the present invention, technical scheme proposed by the present invention is a kind of SM2 numerals based on the secret segmentation of product Signature generating method.
In the following description to technical solution of the present invention, if P, Q are the element (point) in elliptic curve point group, P+Q Represent that the point of P, Q adds, [k] P represents that the point of k elliptic curve point P adds, i.e. P+P+...+P (has k P);Ellipsis " ... ", Represent the data item of multiple same (types) or multiple same computings;c-1Represent inverse (the i.e. cc of mould n multiplication of integer c-1mod n =1);Multiple integers are multiplied (including integer symbol is multiplied, constant is multiplied with integer symbol), are not producing ambiguous situation Under, multiplication sign " " is dispensed, such as k1·k2It is reduced to k1k2, 3c, simplified position 3c;Mod n represent mould n computings (modulo Operation), correspond to《SM2 ellipse curve public key cipher algorithms》In specification (national Password Management office, in December, 2010) modn;Further, the priority of the operators m od n of mould n computings is minimum, and such as a+b mod n are equal to (a+b) mod n, a-b Mod n are equal to (a-b) mod n, ab mod n and are equal to (ab) mod n.
The method of the present invention is specific as follows.
Methods described is related to two to be referred to as device 1, the device of device 2;
Before digital signature is generated, following initialization operation is carried out for two devices for participating in digital signature generation:
Give the distribution secret shadow of device 1 d1, give the distribution secret shadow of device 2 d2, wherein d1、d2It is in interval [1, n-1] Integer, and the elliptic curve point order of a group that n is SM2 crypto-operations to be used, namely the elliptic curve that SM2 crypto-operations are used The rank (the elliptic curve point group that SM2 crypto-operations are used refers to the cyclic group generated by basic point G) of the basic point G of point group;
Two secret shadows of device and the SM2 private keys d of userAMeet relation:
(1+dA)-1dAMod n=d1d2Mod n, wherein, (1+dA)-1It is (1+dA) the inverse (i.e. (1+d of mould n multiplicationA)-1(1 +dA) mod n=1);
One integer a of random selection in interval [1, n-1], calculates Ga=[a] G, h=a (dA)-1Mod n, wherein G are The basic point of SM2 elliptic curve point groups;By h to device 1, device 2;GaWill be to needing G in digital signature generating processaDevice 1 And/or device 2 (present invention in a be not elliptic curve equation parameter a;GaWithout secrecy, unwanted problem is simply needed);
(two devices do not possess a, dA;Carry out secret segmentation, provide initialization operation can be one special close A crypto module in key management system, or user's computing device, key management instrument);
As the SM2 private keys d for needing to use userAWhen being digitally signed for message M, two devices enter as follows The generation of row digital signature (needs to use the SM2 private keys d of userA, for the main body that message M is digitally signed can be adjust With the cryptographic application of the two devices, system or crypto module, or cryptographic application in one of two devices, it is System):
First, two devices obtain Q=[(k by interactive computing1+k2)]Gb, r=(e+x1) mod n, and r, the Q for obtaining Meet:R ≠ 0 and [r] G+Q are not the null element (infinite point) of SM2 elliptic curve point groups, wherein k1、k2It is during calculating Q Device 1, device 2 randomly selected integer, G in interval [1, n-1] respectivelyb=[b] Ga, b be in interval [1, n-1] only The integer constant (secret) that device 1 is just known, or b is to calculate the random selection in interval [1, n-1] of device 1 during Q An integer, G is the basic point of SM2 elliptic curve point groups, x1Take from (x1,y1)=Q, e are derived from ID and message M Hash Value (i.e. hashed value) (present invention in b be not elliptic curve equation parameter b;By SM2 algorithms, e is from ID IDAEtc. Hash Value Z derived from parameterAThe Hash Value of the data after merging with message M, referring to SM2 specifications);
Afterwards, device 1 calculates w1=d1B mod n, s1=(hk1-(b)-1R) mod n, then by w1、s1It is sent to device 2;
Finally, device 2 receives the w of device 11、s1Afterwards, s=d is calculated2w1(hk2+s1) mod n (now s=d2d1(bh (k2+k1)-r) mod n=(1+dA)-1(ba(k2+k1)-dAr)mod n);(r, s) is exactly that the numeral for message M of generation is signed Name.
Here r is non-private data, can be transmitted between two as needed.
If b is the integer constant (secret) that only device 1 is just known in interval [1, n-1], then generated in digital signature In preceding initialization procedure, (by initialization instrument or system or device 1) calculates Gb=[b] Ga, device 1, device 2 are preserved respectively Gb;When being digitally signed for message M, device 1 and device 2 all obtain G from the local data for preservingb
If b is to calculate the randomly selected integer in interval [1, n-1] of device 1 during Q, then for message When M is digitally signed, the one integer b of random selection in interval [1, n-1] of device 1 is calculated Gb=[b] Ga, then will GbDevice 2 is sent to, thus device 1 and device 2 all obtain Gb
When being digitally signed for message M, two devices as follows, or by the side being equal to following manner Formula, Q=[(k are obtained by interactive computing1+k2)]Gb, r=(e+x1) mod n, and r, Q satisfaction for obtaining:R ≠ 0 and [r] G+Q It is not the null element (infinite point) of SM2 elliptic curve point groups:
First, device 1 and device 2 obtain G from the data for preserving or by calculating and exchange in real time respectivelyb
Afterwards, one integer k of random selection in interval [1, n-1] of device 11, it is calculated Q1=[k1]Gb
One integer k of random selection in interval [1, n-1] of device 22, it is calculated Q2=[k2]Gb, then by Q2Send To device 1;
Device 1 receives Q2Afterwards, Q=Q is calculated1+Q2, now Q=[(k1+k2)]Gb(=[b (k1+k2)]Ga);
Device 1 check Q whether be SM2 elliptic curve point groups null element (infinite point), if so, then device 1 is reselected k1, recalculate Q1=[k1]Gb, recalculate Q=Q1+Q2, rejudge whether Q is null element, this process is repeated, until Q is not Untill null element;If Q is not null element, device 1 takes (x1,y1)=Q, calculates r=(e+x1)mod n;
If r, Q for being calculated meet:R ≠ 0 and [r] G+Q are not the null elements (infinite point) of SM2 elliptic curve point groups, The then calculating of Q, r is completed;Otherwise, device 1 randomly chooses an integer k in interval [1, n-1] again1, then recalculate Q1, Q=Q1+Q2, rejudge whether Q is null element, and r is calculated when Q is not null element, repeat this process, until r ≠ 0 and [r] G+Q is not the null element (infinite point) of SM2 elliptic curve point groups;
Or, if r=0 or [r] G+Q are the null elements (infinite point) of SM2 elliptic curve point groups, two devices together from Head re-starts the calculating of Q, r, and (i.e. device 1 and device 2 retrieves Gb, device 1 reselects k1, device 2 reselects k2, Then Q=Q is calculated1+Q2, judge whether Q is null element, and r=(e+x are calculated when Q is not null element1) mod n), repeat this mistake Journey, until r ≠ 0 and [r] G+Q are not the null elements (infinite point) of SM2 elliptic curve point groups;
The equivalent mode, i.e., can equally obtain Q=[(k1+k2)]GbAnd r is calculated according to Q, and cause that r, Q are full Sufficient r ≠ 0 and [r] G+Q are not the modes of the null element of SM2 elliptic curve point groups.
If device 1 is when Q, r is calculated, only check whether r is zero, does not check whether [r] G+Q is SM2 elliptic curves The null element (infinite point) of point group, and the calculating of Q, r is only re-started in r=0 (as long as r ≠ 0 does not just re-start Q, r meter Calculate), then:
After device 2 is calculated s, (s+r) mod n=0 are found if checking, abandon the s being calculated, device 1 is again One integer k of random selection in interval [1, n-1]1, recalculate Q1, Q=Q1+Q2, rejudge whether Q is null element, and R=(e+x are calculated when Q is not null element1) modn, device 2 recalculates s, this process repeated, until (s+r) mod n ≠ 0;
Or after device 2 is calculated s, (s+r) mod n=0 being found if checking, from the beginning two devices enter again together (i.e. device 1 and device 2 obtains G for the calculating of row Q, rb, device 1 reselects k1, calculate Q1, device 2 reselects k2, calculate Q2, Then device 1 recalculates Q=Q1+Q2, judge whether Q is null element, and r=(e+x are calculated when Q is not null element1)mod N), device 2 recalculates s, until (s+r) mod n ≠ 0.
In above scheme, if b be calculate during Q device 1 in interval [1, n-1] randomly selected one it is whole Count, then k1Both can be to calculate Q1When device 1 in interval [1, n-1] a randomly selected integer, or interval [1, N-1] in the only integer constant just known of device 1 (calculate Q every time1When all use same k1)。
The public key of user is still dAG, calculates and publishes before secret segmentation.
The system includes two devices, wherein, a device is user's computing device, and another is cipher key service system Cipher server, or two devices are all the cipher servers of cipher key service system;Two devices are signed by SM2 numerals Name generation method, generates the digital signature to message M using user SM2 private keys dA
Be can see from the above content of the invention, generated using the SM2 digital signature based on the secret segmentation of product of the invention Method, when user does not have hardware cryptographic device to deposit SM2 private keys, can be by the private key d with userARelated secret data (1 +dA)-1Two parts of secret shadows are divided into by product, the cryptographic service system of different cryptographic service mechanisms is stored in respectively, needed When being signed to message using the SM2 private keys of user, the cryptographic service system of Liang Ge mechanisms is secret using what is each had respectively Close share, the digital signature for message is ultimately produced by interaction;Or, the portion in two parts of secret shadows is stored in one In the cryptographic service system of cryptographic service mechanism, another is stored in the computing device of user, when needing to use user's When SM2 private keys are signed to message, the computing device of user and the cryptographic service system of cryptographic service mechanism are respectively using each From the secret shadow having, the digital signature for message is ultimately produced by interaction;Because attacker is obtained at two simultaneously Secret shadow in the cryptographic service system of different cryptographic service mechanisms, or obtain simultaneously in user's computing device and password clothes The possibility of the secret shadow in the cryptographic service system of business mechanism is extremely low, and this has been considerably improved in the feelings without cryptographic hardware Under condition, the security that user's SM2 private keys are used.
Specific embodiment
With reference to embodiment, the invention will be further described.Following examples are not as a limitation of the invention.
By secret (1+dA)-1It is divided into d1、d2, and (1+dA)-1=d1d2Mod n are easily:In [1, n-1] with Machine selects an integer as d1, afterwards, calculate d2=(d1)-1(1+dA)-1Mod n.
Embodiment 1,
In this embodiment, the computing device (such as PC, mobile communication terminal) of user is SM2 numerals of the invention One (device 1 or device 2) in two devices in signature segmentation generation method, another device is a cryptographic service system Cipher server in system (as device 2 or device 1);The computing device and cipher server of user do not preserve user's SM2 private keys dA、(1+dA)-1;(1+dA)-1Secret shadow d1、d2, portion is stored in user's computing device, and another is stored in In cipher server;When the cryptographic application or system in user's computing device will use the SM2 private keys d of userATo message When being signed, user's computing device (in fact, the crypto module typically in user's computing device) is handed over cipher server Mutually, secret shadow d is used using the method for the present invention1、d2Generate the digital signature of message.
Embodiment 2,
In this embodiment, a device in SM2 digital signature segmentation generation method of the invention is a mechanism Cipher server in cryptographic service system, another device is the cryptographic service in the cryptographic service system of another mechanism Device;The cipher server of user's computing device and Liang Ge cryptographic services mechanism does not preserve the SM2 private keys d of userA、(1+dA )-1;(1+dA)-1Two parts of secret shadow d1、d2, it is stored in respectively in two cipher servers of cryptographic service system;Work as user Cryptographic application or system in computing device will use the SM2 private keys d of userAWhen being signed to message, user calculates Device (crypto module typically in user's computing device) transmits the request to a cryptographic service system, latter two password The cipher server of service system using the method for the present invention, uses secret shadow d by interaction1、d2Generate the numeral of message Signature, is then returned to user's computing device by the signature of generation;In digital signature generating process, two password clothes are adhered to separately In two cipher servers of business system any one can all as the device 1 in digital signature generation method of the invention, Another is used as device 2.
Based on the method for the present invention, it is easy to build the system for implementing the inventive method.
Two devices are included based on the SM2 digital signature segmentation generation system that the method for the present invention builds, wherein, a dress It is user's computing device to put, and another is the cipher server of cipher key service system, or two devices are all cipher key service systems The cipher server of system;Two devices are generated using the method for the present invention and use user's SM2 private keys dANumeral to message M is signed Name.
Other unaccounted particular techniques are implemented, and are it is well known that not saying certainly for those skilled in the relevant art Bright.

Claims (6)

1. a kind of based on the secret SM2 digital signature generation methods split of product, it is characterized in that:
Methods described is related to two devices for being referred to as first device, second device;
Before digital signature is generated, following initialization operation is carried out for two devices for participating in digital signature generation:
Give first device distribution secret shadow d1, give second device distribution secret shadow d2, wherein d1、d2It is in interval [1, n-1] Integer, and the n elliptic curve point orders of a group that to be SM2 crypto-operations used, namely the ellipse that SM2 crypto-operations are used is bent The rank of the basic point G of line point group;Two secret shadows of device and the SM2 private keys d of userAMeet relation:
(1+dA)-1dAMod n=d1d2Mod n, wherein, (1+dA)-1It is (1+dA) mould n multiplication it is inverse;
One integer a of random selection in interval [1, n-1], calculates Ga=[a] G, h=a (dA)-1Mod n, wherein G are SM2 ellipse The basic point of circular curve point group;By h to first device, second device;GaWill be to needing G in digital signature generating processaFirst dress Put and/or second device;
As the SM2 private keys d for needing to use userAWhen being digitally signed for message M, two devices enter line number as follows The generation of word signature:
First, two devices obtain Q=[(k by interactive computing1+k2)]Gb, r=(e+x1) mod n, and r, Q satisfaction for obtaining: R ≠ 0 and [r] G+Q are not the null element of SM2 elliptic curve point groups, wherein k1、k2It is to calculate first device, the second dress during Q Put randomly selected integer, G in interval [1, n-1] respectivelyb=[b] Ga, b be only first device in interval [1, n-1] The integer constant known, or b is to calculate first device randomly selected integer in interval [1, n-1] during Q, G is the basic point of SM2 elliptic curve point groups, x1Take from (x1,y1)=Q, e are the Hash Values derived from ID and message M;
Afterwards, first device calculates w1=d1B mod n, s1=(hk1-(b)-1R) mod n, then by w1、s1It is sent to the second dress Put;
Finally, second device receives the w of first device1、s1Afterwards, s=d is calculated2w1(hk2+s1)mod n;(r, s) is exactly to generate The digital signature for message M.
2. according to claim 1 based on the secret SM2 digital signature generation methods split of product, it is characterized in that:
It is if b is the integer constant that only first device is just known in interval [1, n-1], then initial before digital signature generation During change, G is calculatedb=[b] Ga, first device, second device preserve G respectivelyb;When being digitally signed for message M, First device and second device obtain G from the local data for preserving respectivelyb
If b is to calculate first device randomly selected integer in interval [1, n-1] during Q, then for message M When being digitally signed, first device one integer b of random selection in interval [1, n-1] is calculated Gb=[b] Ga, then By GbSecond device is sent to, thus first device and second device all obtain Gb
3. according to claim 2 based on the secret SM2 digital signature generation methods split of product, it is characterized in that:
When being digitally signed for message M, two devices as follows, or in the way of being equal to following manner, Q=[(k are obtained by interactive computing1+k2)]Gb, r=(e+x1) mod n, and r, Q satisfaction for obtaining:R ≠ 0 and [r] G+Q is not The null element of SM2 elliptic curve point groups:
First, first device and second device obtain G from the data for preserving or by calculating and exchange in real time respectivelyb
Afterwards, first device one integer k of random selection in interval [1, n-1]1, it is calculated Q1=[k1]Gb
Second device one integer k of random selection in interval [1, n-1]2, it is calculated Q2=[k2]Gb, then by Q2It is sent to First device;
First device receives Q2Afterwards, Q=Q is calculated1+Q2, now Q=[(k1+k2)]Gb
First device check Q whether be SM2 elliptic curve point groups null element, if so, then first device reselects k1, count again Calculate Q1=[k1]Gb, recalculate Q=Q1+Q2, rejudge whether Q is null element, this process is repeated, untill Q is not null element; If Q is not null element, first device takes (x1,y1)=Q, calculates r=(e+x1)mod n;
If r, Q for being calculated meet:R ≠ 0 and [r] G+Q are not the null elements of SM2 elliptic curve point groups, then the calculating of Q, r is complete Into;Otherwise, first device randomly chooses an integer k in interval [1, n-1] again1, then recalculate Q1, Q=Q1+Q2, Rejudge whether Q is null element, and r is calculated when Q is not null element, this process is repeated, until r ≠ 0 and [r] G+Q is not SM2 The null element of elliptic curve point group;
Or, if r=0 or [r] G+Q are the null elements of SM2 elliptic curve point groups, from the beginning two devices re-start Q, r together Calculating, this process is repeated, until r ≠ 0 and [r] G+Q are not the null elements of SM2 elliptic curve point groups;
The equivalent mode, i.e., can equally obtain Q=[(k1+k2)]GbAnd r is calculated according to Q, and cause that r, Q meet r ≠ 0 and [r] G+Q is not the mode of the null element of SM2 elliptic curve point groups.
4. according to claim 3 based on the secret SM2 digital signature generation methods split of product, it is characterized in that:
If first device is when Q, r is calculated, only check whether r is zero, does not check whether [r] G+Q is SM2 elliptic curve points The null element of group, and the calculating of Q, r is only re-started in r=0, then:
After second device is calculated s, (s+r) mod n=0 are found if checking, abandon the s being calculated, first device weight New one integer k of random selection in interval [1, n-1]1, recalculate Q1, Q=Q1+Q2, rejudge whether Q is null element, with And r=(e+x are calculated when Q is not null element1) mod n, second device recalculates s, this process repeated, until (s+r) mod n ≠0;
Or after second device is calculated s, (s+r) mod n=0 being found if checking, from the beginning two devices enter again together The calculating of row Q, r, second device recalculates s, until (s+r) mod n ≠ 0.
5. according to claim 4 based on the secret SM2 digital signature generation methods split of product, it is characterized in that:
If b is to calculate first device randomly selected integer in interval [1, n-1] during Q, then k1It is to calculate Q1When First device randomly selected integer in interval [1, n-1], or there was only first device just in interval [1, n-1] The integer constant known.
6. a kind of SM2 digital signature of SM2 digital signature generation methods based on any one of claim 1-4 generates system System, it is characterized in that:
The system includes two devices, wherein, a device is user's computing device, and another is the close of cipher key service system Code server, or two devices are all the cipher servers of cipher key service system;A device in two devices is used as institute The first device in SM2 digital signature generation methods is stated, another device is used as in the SM2 digital signature generation method Two devices;Two devices press the SM2 digital signature generation method, and generation uses user's SM2 private keys dANumeral to message M is signed Name.
CN201710046710.1A 2017-01-22 2017-01-22 SM2 digital signature generation method and system based on product secret division Active CN106850229B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710046710.1A CN106850229B (en) 2017-01-22 2017-01-22 SM2 digital signature generation method and system based on product secret division

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710046710.1A CN106850229B (en) 2017-01-22 2017-01-22 SM2 digital signature generation method and system based on product secret division

Publications (2)

Publication Number Publication Date
CN106850229A true CN106850229A (en) 2017-06-13
CN106850229B CN106850229B (en) 2019-10-25

Family

ID=59119717

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710046710.1A Active CN106850229B (en) 2017-01-22 2017-01-22 SM2 digital signature generation method and system based on product secret division

Country Status (1)

Country Link
CN (1) CN106850229B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107483191A (en) * 2017-08-16 2017-12-15 济南浪潮高新科技投资发展有限公司 A kind of SM2 algorithm secret keys segmentation signature system and method
CN107528696A (en) * 2017-09-27 2017-12-29 武汉理工大学 The digital signature generation method and system of a kind of hiding private key secret
CN107623570A (en) * 2017-11-03 2018-01-23 北京无字天书科技有限公司 A kind of SM2 endorsement methods based on addition Secret splitting
CN107819581A (en) * 2017-10-20 2018-03-20 武汉理工大学 The generation method and system of number and elliptic curve point comprising secret
CN109257176A (en) * 2018-10-18 2019-01-22 天津海泰方圆科技有限公司 Decruption key segmentation and decryption method, device and medium based on SM2 algorithm
CN110166235A (en) * 2019-05-21 2019-08-23 武汉理工大学 The SM9 digital signature collaboration generation method and system of enhancing safety
CN110380855A (en) * 2019-06-14 2019-10-25 武汉理工大学 Support the SM9 digital signature generation method and system of multi-party collaboration enhancing safety
CN112367170A (en) * 2021-01-12 2021-02-12 四川新网银行股份有限公司 Data hiding query security sharing system and method based on multi-party security calculation

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101321053A (en) * 2007-06-08 2008-12-10 华为技术有限公司 Group cipher key generating method, system and apparatus
CN102075931A (en) * 2011-01-14 2011-05-25 中国科学技术大学 Information theoretical security-based key agreement method in satellite network
US20140211938A1 (en) * 2013-01-29 2014-07-31 Certicom Corp. Modified elliptic curve signature algorithm for message recovery
CN104202163A (en) * 2014-08-19 2014-12-10 武汉理工大学 Password system based on mobile terminal
CN104243456A (en) * 2014-08-29 2014-12-24 中国科学院信息工程研究所 Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101321053A (en) * 2007-06-08 2008-12-10 华为技术有限公司 Group cipher key generating method, system and apparatus
CN102075931A (en) * 2011-01-14 2011-05-25 中国科学技术大学 Information theoretical security-based key agreement method in satellite network
US20140211938A1 (en) * 2013-01-29 2014-07-31 Certicom Corp. Modified elliptic curve signature algorithm for message recovery
CN104202163A (en) * 2014-08-19 2014-12-10 武汉理工大学 Password system based on mobile terminal
CN104243456A (en) * 2014-08-29 2014-12-24 中国科学院信息工程研究所 Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
SHILPI SINGH等: "Secured user"s authentication and private data storage- access scheme in cloud computing using Elliptic curve cryptography", 《IEEE XPLORE》 *
庞辽军: "秘密共享技术及其应用研究", 《中国优秀博硕士学位论文全文数据库信息科技辑》 *

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107483191A (en) * 2017-08-16 2017-12-15 济南浪潮高新科技投资发展有限公司 A kind of SM2 algorithm secret keys segmentation signature system and method
CN107483191B (en) * 2017-08-16 2020-04-14 浪潮集团有限公司 SM2 algorithm key segmentation signature system and method
CN107528696A (en) * 2017-09-27 2017-12-29 武汉理工大学 The digital signature generation method and system of a kind of hiding private key secret
CN107819581A (en) * 2017-10-20 2018-03-20 武汉理工大学 The generation method and system of number and elliptic curve point comprising secret
CN107819581B (en) * 2017-10-20 2019-10-25 武汉理工大学 Generation method and system comprising secret number and elliptic curve point
CN107623570A (en) * 2017-11-03 2018-01-23 北京无字天书科技有限公司 A kind of SM2 endorsement methods based on addition Secret splitting
CN107623570B (en) * 2017-11-03 2020-12-04 北京无字天书科技有限公司 SM2 signature method based on addition key segmentation
CN109257176A (en) * 2018-10-18 2019-01-22 天津海泰方圆科技有限公司 Decruption key segmentation and decryption method, device and medium based on SM2 algorithm
CN110166235A (en) * 2019-05-21 2019-08-23 武汉理工大学 The SM9 digital signature collaboration generation method and system of enhancing safety
CN110166235B (en) * 2019-05-21 2020-08-11 武汉理工大学 SM9 digital signature collaborative generation method and system for enhancing security
CN110380855A (en) * 2019-06-14 2019-10-25 武汉理工大学 Support the SM9 digital signature generation method and system of multi-party collaboration enhancing safety
CN112367170A (en) * 2021-01-12 2021-02-12 四川新网银行股份有限公司 Data hiding query security sharing system and method based on multi-party security calculation

Also Published As

Publication number Publication date
CN106850229B (en) 2019-10-25

Similar Documents

Publication Publication Date Title
CN106549770B (en) SM2 digital signature generation method and system
CN106603246B (en) A kind of SM2 digital signature segmentation generation method and system
CN106850229B (en) SM2 digital signature generation method and system based on product secret division
CN106850198B (en) SM2 digital signature generation method and system based on the collaboration of more devices
CN106603231B (en) Based on the distributed SM2 digital signature generation method and system for going secretization
CN106656512B (en) Support the SM2 digital signature generation method and system of threshold cryptography
CN107819585B (en) SM9 digital signature collaborative generation method and system
US8688973B2 (en) Securing communications sent by a first user to a second user
CN106712942B (en) SM2 digital signature generation method and system based on privacy sharing
CN107104793B (en) A kind of digital signature generation method and system
CN109728906B (en) Anti-quantum-computation asymmetric encryption method and system based on asymmetric key pool
CN107872322A (en) Digital signature collaboration generation method and system based on homomorphic cryptography
CN107968710A (en) SM9 digital signature separation interaction generation method and system
CN107483205B (en) A kind of the digital signature generation method and system of the private key secret based on encryption
CN112118113B (en) Multi-party cooperative group signature method, device, system and medium based on SM2 algorithm
CN109905229B (en) Anti-quantum computing Elgamal encryption and decryption method and system based on group asymmetric key pool
CN110213057A (en) SM9 digital signature collaboration generation method and system with product r parameter
CN109951292A (en) The SM9 digital signature simplified separates interaction generation method and system
CN109495244A (en) Anti- quantum calculation cryptographic key negotiation method based on pool of symmetric keys
CN110166235B (en) SM9 digital signature collaborative generation method and system for enhancing security
Chattopadhyay et al. An efficient verifiable (t, n)-threshold secret image sharing scheme with ultralight shares
CN104734847A (en) Shared symmetric key data encrypting and decrypting method for public key cryptography application
CN109962783A (en) SM9 digital signature collaboration generation method and system based on progressive calculating
CN107528696A (en) The digital signature generation method and system of a kind of hiding private key secret
CN110380855A (en) Support the SM9 digital signature generation method and system of multi-party collaboration enhancing safety

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant