CN107196763A - SM2 algorithms collaboration signature and decryption method, device and system - Google Patents

SM2 algorithms collaboration signature and decryption method, device and system Download PDF

Info

Publication number
CN107196763A
CN107196763A CN201710546334.2A CN201710546334A CN107196763A CN 107196763 A CN107196763 A CN 107196763A CN 201710546334 A CN201710546334 A CN 201710546334A CN 107196763 A CN107196763 A CN 107196763A
Authority
CN
China
Prior art keywords
elliptic curve
communication party
signature
group element
curve group
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710546334.2A
Other languages
Chinese (zh)
Other versions
CN107196763B (en
Inventor
张永强
刘
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Authentication Technology Co Ltd
Age Of Security Polytron Technologies Inc
Original Assignee
Guangdong Authentication Technology Co Ltd
Age Of Security Polytron Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Authentication Technology Co Ltd, Age Of Security Polytron Technologies Inc filed Critical Guangdong Authentication Technology Co Ltd
Priority to CN201710546334.2A priority Critical patent/CN107196763B/en
Publication of CN107196763A publication Critical patent/CN107196763A/en
Application granted granted Critical
Publication of CN107196763B publication Critical patent/CN107196763B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a kind of SM2 algorithms collaboration signature and decryption method, device and system, wherein the SM2 algorithms implemented from first communication party angle cooperate with endorsement method, comprise the following steps:According to default cryptographic Hash algorithm, the eap-message digest of message to be signed is generated;Receive the first elliptic curve group element of random number back of the second communication party based on the first public key parameter and selection;According to eap-message digest and the first elliptic curve group element, generation Part I signature;Modular arithmetic is carried out based on Part I signature, intermediate result is obscured in generation, and intermediate result will be obscured to be transferred to second communication party;When receiving second communication party according to the middle signature for obscuring intermediate result feedback, signed according to middle signature and Part I, generation Part II signature;According to Part I signature and Part II signature, complete SM2 digital signature is obtained.

Description

SM2 algorithms collaboration signature and decryption method, device and system
Technical field
The present invention relates to technical field of cryptology, more particularly to a kind of SM2 algorithms collaboration signature and decryption method, device With system.
Background technology
Elliptic curve cipher (abbreviation ECC) is a kind of public affairs of the difficult math question based on the elliptic curve defined in finite field Open key cryptosystem.SM2 algorithms refer to what is formulated by national Password Management office《GM/T 0003-2012 SM2 curve public keys are close Code algorithm》Ellipse curve public key cipher algorithm specified in standard, is a kind of specific algorithm of ECC cipher systems.
In order to improve the security of the private key in cloud computing environment, conventional art proposes to store part respectively in communicating pair Private key, two sides joint such as could be signed or be decrypted at the operation to message, and communicating pair can not get times of other side's private key What information, therefore attacker can not forge a signature or decrypt ciphertext in the case where invading the side of any of which one.
In implementation process, inventor has found that at least there are the following problems in conventional art:Conventional art disappears to be signed The eap-message digest of breath is sent to another communication party, is unfavorable for protecting privacy of user.Meanwhile, if malicious attacker is believed by controlling Eap-message digest is replaced in road, and communicating pair can produce digital signature according to the eap-message digest being tampered and export so that attack Person can forge a signature.
The content of the invention
Based on this, it is necessary to which there is provided one kind for the problem of can not protecting privacy of user, resistance malicious attack for conventional art SM2 algorithms collaboration signature and decryption method, device and system.
To achieve these goals, on the one hand, the embodiments of the invention provide the SM2 implemented from first communication party angle calculations Method cooperates with endorsement method, comprises the following steps:
According to default cryptographic Hash algorithm, the eap-message digest of message to be signed is generated;
Receive the first elliptic curve group member of random number back of the second communication party based on the first public key parameter and selection Element;According to eap-message digest and the first elliptic curve group element, generation Part I signature;
Modular arithmetic is carried out based on Part I signature, intermediate result is obscured in generation, and intermediate result will be obscured to be transferred to the Two communication parties;
When receiving second communication party according to the middle signature for obscuring intermediate result feedback, according to middle signature and first Part is signed, generation Part II signature;
According to Part I signature and Part II signature, complete SM2 digital signature is obtained.
On the other hand, the embodiment of the present invention additionally provides a kind of SM2 algorithms implemented from second communication party's angle and cooperates with label Name method, comprises the following steps:
According to the random number of selection and the first public key parameter of first communication party, the first elliptic curve group element is generated, And the first elliptic curve group element is transferred to first communication party;
Receive first communication party and obscure intermediate result based on what the first elliptic curve group element fed back, and according to the second private key Component and obscure intermediate result, generate middle signature;
Middle signature is transferred to first communication party.
On the one hand, decryption side is cooperateed with the embodiments of the invention provide a kind of SM2 algorithms implemented from second communication party's angle Method, comprises the following steps:
Receive first communication party transmission according to the first private key component and the corresponding elliptic curve group of first Bit String The first dot product result that element is obtained;
Second private key component and the first dot product result are subjected to product calculation, the second dot product result is obtained;
Receive the corresponding elliptic curve group of the first Bit String that first communication party is transmitted according to the first Bit String of SM2 ciphertexts Element;
According to the second dot product result and the corresponding elliptic curve group element of the first Bit String, temporary symmetric key is obtained, and Extract the second Bit String of SM2 ciphertexts;
Step-by-step XOR is carried out to temporary symmetric key and the second Bit String, decrypted plaintext is obtained;
Decrypted plaintext is verified, and decrypted plaintext is exported when verifying successfully.
On the other hand, the embodiment of the present invention additionally provides a kind of SM2 algorithms implemented from first communication party angle and cooperates with solution Decryption method, comprises the following steps:
Obtain the first Bit String of SM2 ciphertexts;Data type conversion is carried out to the first Bit String, the first Bit String pair is obtained The elliptic curve group element answered;
According to the first private key component and the corresponding elliptic curve group element of the first Bit String, the first dot product result is obtained;
First dot product result and the corresponding elliptic curve group element of the first Bit String are transferred to second communication party.
On the one hand, the embodiments of the invention provide a kind of SM2 algorithms collaboration signature dress implemented from first communication party angle Put, including:
First communication party eap-message digest generation unit, for generating message to be signed according to default cryptographic Hash algorithm Eap-message digest;
First communication party information signature generation unit, the first public key parameter and selection are based on for receiving second communication party Random number back the first elliptic curve group element;According to eap-message digest and the first elliptic curve group element, first is generated Sign name separately;Modular arithmetic is carried out based on Part I signature, intermediate result is obscured in generation, and intermediate result will be obscured to be transferred to second Communication party;When receiving second communication party according to the middle signature for obscuring intermediate result feedback, according to middle signature and first Part is signed, generation Part II signature;According to Part I signature and Part II signature, complete SM2 numeral label are obtained Name.
On the other hand, the embodiment of the present invention additionally provides a kind of SM2 algorithms implemented from second communication party's angle and cooperates with label Name device, including:
Second communication party's parameter generating unit, the first public key for the random number according to selection and first communication party is joined Number, generates the first elliptic curve group element, and the first elliptic curve group element is transferred into first communication party;
Second communication party's middle signature generation unit, it is anti-based on the first elliptic curve group element for receiving first communication party That presents obscures intermediate result, and according to the second private key component and obscures intermediate result, generates middle signature;Middle signature is transmitted To first communication party.
On the one hand, the embodiments of the invention provide a kind of SM2 algorithms collaboration decryption dress implemented from second communication party's angle Put, including:
Second communication party's receiving unit, for receive first communication party transmission according to the first private key component and described first The first dot product result that the corresponding elliptic curve group element of Bit String is obtained;And first communication party is received according to SM2 ciphertexts The corresponding elliptic curve group element of the first Bit String of first Bit String transmission;
Second communication party's decryption unit, for the second private key component and the first dot product result to be carried out into product calculation, is obtained Second dot product result;According to the second dot product result and the corresponding elliptic curve group element of the first Bit String, temporary symmetric is obtained close Key, and extract the second Bit String of SM2 ciphertexts;Step-by-step XOR is carried out to temporary symmetric key and the second Bit String, obtained Decrypted plaintext;Decrypted plaintext is verified, and decrypted plaintext is exported when verifying successfully.
On the other hand, the embodiment of the present invention additionally provides a kind of SM2 algorithms implemented from first communication party angle and cooperates with solution Close device, including:
First communication party processing unit, the first Bit String for obtaining SM2 ciphertexts;Data class is carried out to the first Bit String Type is changed, and obtains the corresponding elliptic curve group element of the first Bit String;And according to the first private key component and the first Bit String correspondence Elliptic curve group element, obtain the first dot product result;
First communication party transmission unit, for by the first dot product result and the corresponding elliptic curve group element of the first Bit String It is transferred to second communication party.
On the one hand, signature system, including first communication party and second are cooperateed with the embodiments of the invention provide a kind of SM2 algorithms Communication party;
Second communication party is according to the random number of selection and the first public key parameter of first communication party, and generation first is oval bent Line-group element, and the first elliptic curve group element is transferred to first communication party;
First communication party generates the eap-message digest of message to be signed according to default cryptographic Hash algorithm, and is plucked according to message Part I signature is generated with the first elliptic curve group element;Modular arithmetic is carried out based on Part I signature, during generation is obscured Between result, and intermediate result will be obscured be transferred to second communication party;Second communication party is according to the second private key component and obscures centre As a result, middle signature is generated;And middle signature is transferred to first communication party;
First communication party is signed according to middle signature and Part I, generation Part II signature;And according to Part I Signature and Part II signature, obtain complete SM2 digital signature.
On the one hand, the embodiment of the present invention additionally provides a kind of SM2 algorithms collaboration decryption system, including first communication party and the Two communication parties;
First communication party obtains the first Bit String of SM2 ciphertexts;Data type conversion is carried out to the first Bit String, the is obtained The corresponding elliptic curve group element of one Bit String;And according to the first private key component and the corresponding elliptic curve group member of the first Bit String Element, obtains the first dot product result;First dot product result and the corresponding elliptic curve group element of the first Bit String are transferred to second Communication party;
Second private key component and the first dot product result are carried out product calculation by second communication party, obtain the second dot product result; According to the second dot product result and the corresponding elliptic curve group element of the first Bit String, temporary symmetric key is obtained, and it is close to extract SM2 Second Bit String of text;Step-by-step XOR is carried out to temporary symmetric key and the second Bit String, decrypted plaintext is obtained;To decryption Verified in plain text, and decrypted plaintext is exported when verifying successfully.
The embodiment of the present invention additionally provides a kind of computer-readable recording medium, is stored thereon with computer program, the journey Step during the above-mentioned SM2 algorithms collaboration endorsement method from first communication party angle embodiment is realized when sequence is executed by processor.
The embodiments of the invention provide a kind of computer equipment, including memory, processor and store on a memory simultaneously The computer program that can be run on a processor, is realized above-mentioned from first communication party angle embodiment during computing device program Step in SM2 algorithms collaboration endorsement method.
The embodiments of the invention provide a kind of computer-readable recording medium, computer program is stored thereon with, the program Step during the above-mentioned SM2 algorithms collaboration endorsement method from second communication party's angle embodiment is realized when being executed by processor.
The embodiments of the invention provide a kind of computer equipment, including memory, processor and store on a memory simultaneously The computer program that can be run on a processor, is realized above-mentioned from second communication party's angle embodiment during computing device program Step in SM2 algorithms collaboration endorsement method.
The embodiments of the invention provide a kind of computer-readable recording medium, computer program is stored thereon with, the program Step during the above-mentioned SM2 algorithms collaboration decryption method from second communication party's angle embodiment is realized when being executed by processor.
The embodiments of the invention provide a kind of computer equipment, including memory, processor and store on a memory simultaneously The computer program that can be run on a processor, is realized above-mentioned from second communication party's angle embodiment during computing device program Step in SM2 algorithms collaboration decryption method.
The embodiments of the invention provide a kind of computer-readable recording medium, computer program is stored thereon with, the program Step during the above-mentioned SM2 algorithms collaboration decryption method from first communication party angle embodiment is realized when being executed by processor.
The embodiments of the invention provide a kind of computer equipment, including memory, processor and store on a memory simultaneously The computer program that can be run on a processor, is realized above-mentioned from first communication party angle embodiment during computing device program Step in SM2 algorithms collaboration decryption method.
The invention has the advantages that and beneficial effect:
SM2 algorithms collaboration signature of the present invention and decryption method, device and system, first communication party calculate eap-message digest and portion Sign a result separately, and export signature result, therefore privacy of user will not be leaked during digital signature is produced.Signed with part The related intermediate result of name result, it is impossible to which leak signs a result separately so that first communication party is with the help of second communication party Digital signature is completed, but second communication party and is unaware of what message is first communication party endorsed, the effect of Proxy Signature is reached. First communication party, second communication party's collaboration produce signature, and attacker can not obtain complete private under conditions of kidnapping a wherein side Key, can not also realize that private key off line is used, in the application scenario of private key escrow, and the service for providing private key escrow can be avoided to carry Supplier's unauthorized use private key for user forges digital signature.During signature process of the present invention and decryption, communicating pair passes through Less interaction can complete to sign and decrypt, so as to the application demand for meeting low latency in cloud computing environment, interacting less. The present invention can protect privacy of user and resist malicious attack.
Brief description of the drawings
The flow signal for the SM2 algorithms collaboration endorsement method embodiment 1 that Fig. 1 is implemented for the present invention from first communication party angle Figure;
The flow signal for the SM2 algorithms collaboration endorsement method embodiment 1 that Fig. 2 is implemented for the present invention from second communication party's angle Figure;
The flow signal for the SM2 algorithms collaboration decryption method embodiment 1 that Fig. 3 is implemented for the present invention from second communication party's angle Figure;
The flow signal for the SM2 algorithms collaboration decryption method embodiment 1 that Fig. 4 is implemented for the present invention from first communication party angle Figure;
The structural representation for the SM2 algorithms collaboration signature apparatus embodiment 1 that Fig. 5 is implemented for the present invention from first communication party angle Figure;
The structural representation for the SM2 algorithms collaboration signature apparatus embodiment 1 that Fig. 6 is implemented for the present invention from second communication party's angle Figure;
The structural representation for the SM2 algorithms collaboration decryption device embodiment 1 that Fig. 7 is implemented for the present invention from second communication party's angle Figure;
The structural representation for the SM2 algorithms collaboration decryption device embodiment 1 that Fig. 8 is implemented for the present invention from first communication party angle Figure.
Embodiment
For the ease of understanding the present invention, the present invention is described more fully below with reference to relevant drawings.In accompanying drawing Give the preferred embodiment of the present invention.But, the present invention can be realized in many different forms, however it is not limited to this paper institutes The embodiment of description.On the contrary, the purpose that these embodiments are provided be make to the disclosure more it is thorough comprehensively.
Unless otherwise defined, all of technologies and scientific terms used here by the article is with belonging to technical field of the invention The implication that technical staff is generally understood that is identical.Term used in the description of the invention herein is intended merely to description tool The purpose of the embodiment of body, it is not intended that in the limitation present invention.Term as used herein " and/or " include one or more phases The arbitrary and all combination of the Listed Items of pass.
The concrete application scene explanation of SM2 algorithms collaboration signature of the present invention and decryption method, device and system:
The selection reference of elliptic curve systems parameter《GM/T 0003.5-2012SM2 ellipse curve public key ciphers algorithm the 5th Part:Parameter definition》Specification.Relevant parameter includes finite field FqScale q, define elliptic curve E (Fq) two elements a, b ∈Fq, E (Fq) on basic point G=(xG, yG) (G ≠ O), wherein xGAnd yGIt is FqIn two elements;G rank n and other are optional (such as n cofactor h), n is prime number to item.
As the user A of signer there is length to be entlenADistinguishing for bit identifies IDA, remember ENTLAIt is by integer entlenATwo converted bytes, use the cryptographic Hash function H that eap-message digest length is v bitsvTry to achieve the miscellaneous of user A Gather value ZA=H256(ENTLA||IDA||a||b||xG||yG||xA||yA);Wherein, xA、yAFor user A public key PACoordinate;
The generating algorithm of SM2 digital signature is as follows:
If message to be signed be M, in order to obtain message M digital signature (r, s), as signer user A realize with Lower calculation step:
A) putWhereinInclude message M to be signed and Hash Value ZA
B) calculateThe method provided by the 4.2.3 and 4.2.4 of GM/T 0003.1-2012 standards is by e's Data type conversion is integer;
C) random number k ∈ [1 ..., n-1] is produced with randomizer;
D) client calculates elliptic curve group element (x1, y1)=[k] G, by by GM/T 0003.1-2012 standards 4.2.8 the method provided is by x1Data type conversion be integer;
E) r=e+x is calculated1(mod n), the return to step c) if r=0 or r+k=n;
F) s=(1+d are calculatedA)-1(k-r·dA) (mod n), the return to step c) if s=0;
G) r, s data type conversion are byte serial by the details provided by GM/T 0003.1-2012 standards 4.2.2, so Output message M digital signature result (r, s) afterwards.
In order to improve the security of the private key in cloud computing environment, conventional art proposes to store part respectively in communicating pair Private key, two sides joint such as could be signed or be decrypted at the operation to message, and communicating pair can not get times of other side's private key What information, therefore attacker can not forge a signature or decrypt ciphertext in the case where invading the side of any of which one.Wherein, pass Eap-message digest e is sent to second communication party by system technology, and second communication party is according to e generating portions signature r.And eap-message digest e belongs to In user privacy information, part signature r is a part for final output digital signature (r, s), therefore conventional art is unfavorable for guarantor Protect privacy of user.
In addition, if malicious attacker replaces eap-message digest e by control channel, both sides can be according to the message being tampered Make a summary e to produce digital signature and export so that attacker is likely to be breached the target forged a signature.Can be by output numeral Increase a step before signature, perform the flow of once signed checking to resist such malicious attack, but SM2 password bodies The characteristic of system determines that the process of signature verification consumes more resources than producing digital signature, and such improvement, which will be reduced, is The efficiency of system.
The SM2 algorithms collaboration endorsement method embodiment 1 that the present invention is implemented from first communication party angle:
In order to solve the problem of conventional art can not protect privacy of user, resistance malicious attack, the invention provides one kind The SM2 algorithms collaboration endorsement method embodiment 1 implemented from first communication party angle;Fig. 1 is to be of the invention from first communication party angle The schematic flow sheet of the SM2 algorithms collaboration endorsement method embodiment 1 of implementation;As shown in figure 1, may comprise steps of:
Step S110:According to default cryptographic Hash algorithm, the eap-message digest of message to be signed is generated;
Step S120:Receive random number back of the second communication party based on the first public key parameter and selection first is oval Curve group element;According to eap-message digest and the first elliptic curve group element, generation Part I signature;
Step S130:Modular arithmetic is carried out based on Part I signature, intermediate result is obscured in generation, and will obscure intermediate result It is transferred to second communication party;
Step S140:When receiving second communication party according to the middle signature for obscuring intermediate result feedback, according to centre Signature and Part I signature, generation Part II signature;
Step S150:According to Part I signature and Part II signature, complete SM2 digital signature is obtained;
Specifically, SM2 algorithms collaboration endorsement method of the present invention can include two participants:First communication party and second Communication party.Both sides determine default cryptographic Hash function H according to SM2 canonical algorithmsv, elliptic curve E, elliptic curve group generation member G and plus order of a group n.Wherein, first communication party is as signer, with Z as defined in SM2AParameter.It is preferred that, default password Hash algorithm can be SM3 digest algorithms;
Based on the present invention so that first communication party calculates eap-message digest and part signature result, and exports signature result, because This will not leak privacy of user during digital signature is produced.Related to Part I signature obscures intermediate result, makes First communication party completes digital signature with the help of second communication party, but second communication party and be unaware of first communication party Any message endorsed, it is impossible to which leak signs a result separately, reach the effect of Proxy Signature.The present invention can protect privacy of user simultaneously Resist malicious attack.
In a specific embodiment, according to default cryptographic Hash algorithm, the message for generating message to be signed is plucked Also include step before the step of wanting:
First private key component is generated based on below equation:
d1∈ [1 ..., n-1]
Wherein, d1For the first private key component;
According to the first private key component, the first public key parameter is obtained based on below equation:
P1=[d1]G
Wherein, P1For the first public key parameter;
Specifically, first communication party random selection private key component d1∈ [1 ..., n-1];And first communication party generation the The process of one private key component is simple, and amount of calculation is smaller.The first private key component that first communication party is held according to oneself produces label Name, even if attacker kidnaps the first private key component, can not also obtain complete private key, it is impossible to realize that private key off line is used.In private In the application scenario of key trustship, it can avoid providing the service provider unauthorized use private key for user of private key escrow forging number Word is signed.
Further, first communication party calculates public key parameter P1=[d1] G, and send public key parameter P1To second communication party.
It is preferred that, after the step of the first public key parameter is transferred into second communication party, in addition to step:
Receive the common public key generated according to the first public key parameter of second communication party's transmission.
Specifically, first communication party receives second communication party according to public key parameter P1With private key parameter d2, the both sides of generation Common public key PA=[d2]P1- G=[d1d2-1]G。
It should be noted that calculating common public key PAIt is respectively necessary for first communication party and second communication party's respective private key point Amount is participated in calculating and could obtained.Wherein, common public key PAIt can be calculated by either party, which side is first initiated meter depending on Calculation process.
In addition, the common private key of first communication party and second communication party are designated as into dA, then PA=[dA] G=[d1d2- 1] G, because This has dA=(d1d2- 1),Above-mentioned formula is disclosed between private key component and common private key Mathematical relationship, also reveal that the mathematical relationship between private key component and public key, in the proof procedure for correctness of signing below These mathematical relationships will be used.
In a specific embodiment, the first elliptic curve group element includes elliptic curve group element R1And elliptic curve Group element R2
According to eap-message digest and the first elliptic curve group element, the step of generation Part I is signed includes:
Random number k is chosen respectively3, random number k4, the second elliptic curve group element (x is generated based on below equation1, y1):
(x1, y1)=[k3]R1+R2+[k4]G
Wherein, k3∈ [1 ..., n-1];k4∈ [1 ..., n-1];G is elliptic curve E (Fq) on basic point;N is oval bent Line E (Fq) on basic point G rank;x1For the second elliptic curve group element (x1, y1) x-axis coordinate, y1For the second elliptic curve group member Element (x1, y1) y-axis coordinate;
According to the second elliptic curve group element (x1, y1) and eap-message digest, based on below equation generation Part I signature:
R=e+x1(mod n)
Wherein, e is eap-message digest;R signs for Part I;Mod n are mould n computings.
In a specific embodiment, modular arithmetic is carried out based on Part I signature, the step of intermediate result is obscured in generation Suddenly include:
According to random number k4With Part I signature r, intermediate result is obscured based on below equation generation:
R '=r+k4(mod n)
Wherein, r ' is to obscure intermediate result.
In a specific embodiment, middle signature includes the first middle signature s1With the second middle signature s2
Signed according to middle signature and Part I, in the step of generation Part II is signed, based on below equation generation Part II is signed:
Wherein, s signs for Part II;d1For the first private key component.
Specifically, first communication party receives the elliptic curve group element R of second communication party's transmission1, elliptic curve group member Plain R2;First communication party selects random number k3∈ [1 ..., n-1], random number k4∈ [1 ..., n-1], calculates elliptic curve group member Element (x1, y1)=[k3]R1+R2+[k4] G, wherein x1It is elliptic curve group element (x1, y1) x-axis coordinate;
Further, the step of first communication party generates the eap-message digest of message to be signed includes:By ZAIt is spliced to form with MAnd calculateIt regard the result of calculation as eap-message digest;Wherein, M is the message to be signed;ZAFor according to Family A's distinguishes mark IDAThe Hash Value of calculating;For ZA||M;HvFor cryptographic Hash function;
I.e. first communication party calculates eap-message digest e=Hv(ZA | | M), calculating section signature result r=e+x1(mod n), its Middle ZAIt is that mark ID is distinguished according to user AAThe Hash Value of calculating, M is the original text to be signed of input;And use random number k4 Calculated with part signature result r and obscure intermediate result r '=r+k4(mon) r ' then, is sent to second communication party.
It should be noted that user A possesses the ownership of private key;And first communication party and second communication party are to participate in performing Two communication parties of agreement, can be client, service end.The private key of user is divided into two parts by the present invention, is deposited respectively It is placed on client, service end, i.e. communicating pair and produces random number respectively as private key component, the present invention produces private key and calculates public The process of key is fairly simple, and amount of calculation is smaller.Two sides that communicated in the present invention hold private key component and produce signature to cooperate with respectively, attack The person of hitting can not obtain complete private key under conditions of kidnapping a wherein side, can not also realize that private key off line is used.Communication two simultaneously Side holds private key component and produces signature to cooperate with respectively, in the application scenario of private key escrow, can avoid providing private key escrow Service provider unauthorized use private key for user forge digital signature.
First communication party receives the middle signature s of second communication party's feedback1And s2;Use private key parameter d1, random number k3, part Sign result r, the middle signature s of reception1And s2, calculating section signature result
First communication party output meets the digital signature (r, s) of SM2 signature call formats, uses common public key PAIt can test Demonstrate,prove the signature result.
It is preferred that, before the step of Part I is signed according to eap-message digest and the first elliptic curve group element, is generated Also include step:
According to the first elliptic curve group element R1, dot product result S is obtained based on below equation1
S1=[h] R1
Wherein, h is n cofactor;
Detecting dot product result S1For elliptic curve E (Fq) infinite point when, receive second communication party public according to first The first elliptic curve group element that key parameter and the random number chosen again are fed back again;
Or
According to the first elliptic curve group element R2, dot product result S is obtained based on below equation2
S2=[h] R2
Wherein, h is n cofactor;
Detecting dot product result S2For elliptic curve E (Fq) infinite point when, receive second communication party public according to first The first elliptic curve group element that key parameter and the random number chosen again are fed back again.
Specifically, for security, elliptic curve group element R is received in first communication party1、R2Afterwards, S is calculated1= [h]R1, S2=[h] R2, wherein h is n cofactor.If S1Or S2It is infinite point, then return to step S120, that is, notify second The step of communication party re-executes the elliptic curve group element according to the generation of the first public key parameter.Above-mentioned steps are returned to count again Calculate, it is therefore an objective to regenerate random number, it is to avoid intermediate result of the output without randomness.
In a specific embodiment, according to eap-message digest and the first elliptic curve group element, Part I is generated Also include step after the step of signature:
Part I signature r value is detected, when Part I signature r value is 0, second communication party is received according to first The first elliptic curve group element that public key parameter and the random number chosen again are fed back again;
Or
According to the second elliptic curve group element (x1, y1), calculated based on below equation, obtain result of calculation S0
S0=[r] G+ (x1, y1)
Detecting result of calculation S0For elliptic curve E (Fq) infinite point when, receive second communication party public according to first The first elliptic curve group element that key parameter and the random number chosen again are fed back again.
Specifically, in ECC cipher systems, signature is to calculate r and s, multiple linear sides based on a linear equation Journey may be constructed an equation group, then calculate private key for user by solving equations.In order to avoid this attack, ECC label Name employs the encryption principle of one-time pad, a random number k is all introduced in signing each time, for hiding private key for user. Due to 0 being a fixed value, rather than random effect, there is 0 value and just represent a kind of signature of non-trivial in all result of calculations, meaning Taste, which, to be simplified Signature function, so as to calculate private key for user.Return to step S120, it is therefore an objective to regenerate Random number, it is to avoid intermediate result of the output without randomness.
Further, s=(1+d in SM2 Signature functionsA)-1(k-r·dA) (mod n), if r=0, k-rdA=k, That is this part and private key dAIt is not related, security can be weakened.
If r+k=n, it is meant that k=n-r, and n and r are disclosed result, thus equal to can calculate k, k It is not just a random number, now according to Signature function s=(1+dA)-1(k-rdA (mod n) just can directly calculate private Key d.
It is preferred that, signed according to middle signature and Part I, also include step before the step of generation Part II is signed Suddenly:
Detect the first middle signature s1Value;Detecting the first middle signature s1Value be 0 when, receive second communication party The the first elliptic curve group element fed back again according to the first public key parameter and the random number chosen again;
Or
Detect the second middle signature s2Value;Detecting the second middle signature s2Value be 0 when, receive second communication party The the first elliptic curve group element fed back again according to the first public key parameter and the random number chosen again.
Specifically, for security, intermediate result s is received in first communication party1And s2Afterwards, s is found if checking1=0 Or s2=0, notify second communication party to re-execute the elliptic curve group element generated according to the first public key parameter.
In a specific embodiment, according to middle signature, Part I signature and the first private key component, based on following Also include step after the step of formula generation Part II is signed:
Detect Part II signature s value;When detecting Part I signature s value for 0 or n-r, receive second and lead to The first elliptic curve group element that letter root feeds back again according to the first public key parameter and the random number chosen again.
Specifically, if s=0, second communication party is notified to re-execute the ellipse song generated according to the first public key parameter The step of line-group element;R+s can be calculated simultaneously, if meeting r+s=n, notifies second communication party re-executes public according to first The step of elliptic curve group element of key parameter generation.
The SM2 algorithms that the present invention is implemented from first communication party angle cooperate with endorsement method so that first communication party, which is calculated, to disappear Breath summary and part signature result, and export signature result, digital signature being total to by first communication party and second communication party With public key PAChecking.By random number hidden parts signature result r, and obscure intermediate result r ' and part signature result r phases Close, but can't leak sign a result r separately, hence in so that first communication party completes number with the help of second communication party Word is signed, but second communication party is not aware that what message is first communication party endorsed, and on the one hand avoids leak and signs separately Name result r, the feature on the other hand with similar Proxy Signature.
The SM2 algorithms collaboration endorsement method embodiment 1 that the present invention is implemented from second communication party's angle:
The SM2 algorithms implemented based on more than from first communication party angle cooperate with the technical scheme of endorsement method, while in order to The problem of privacy of user, resistance malicious attack can not be protected by solving conventional art, the invention provides one kind from second communication party The SM2 algorithms collaboration endorsement method embodiment 1 that angle is implemented;The SM2 algorithms that Fig. 2 is implemented for the present invention from second communication party's angle Cooperate with the schematic flow sheet of endorsement method embodiment 1;As shown in Fig. 2 may comprise steps of:
Step S210:According to the random number of selection and the first public key parameter of first communication party, generation first is oval bent Line-group element, and the first elliptic curve group element is transferred to first communication party;
Step S220:Receive first communication party and obscure intermediate result, and root based on what the first elliptic curve group element fed back According to the second private key component and obscure intermediate result, generate middle signature;
Step S230:Middle signature is transferred to first communication party.
Specifically, under the collaboration of second communication party so that first communication party calculates eap-message digest and part signature knot Really, and export signature result, therefore privacy of user will not be leaked during digital signature is produced.With Part I signature phase What is closed obscures intermediate result so that first communication party completes digital signature with the help of second communication party, but second communicates What message is Fang Wufa first communication partys endorsed, will not leak sign a result separately, reach the effect of Proxy Signature.
The process that second communication party generates the second private key component is simple, and amount of calculation is smaller.First communication party is held according to oneself The second private key component for having produces signature, even if attacker kidnaps the second private key component, can not also obtain complete private key, nothing Method realizes that private key off line is used.In the application scenario of private key escrow, the service provider for providing private key escrow can be avoided non- Private key for user is licensed to forge digital signature.The present invention can protect privacy of user and resist malicious attack.
In a specific embodiment, the step of generating the second private key component includes:
Second private key component is generated based on below equation:
d2∈ [1 ..., n-1]
Wherein, d2For the second private key component;N is elliptic curve E (Fq) on basic point G rank;
According to the random number of selection and the first public key parameter of first communication party, the first elliptic curve group element of generation Also include step before step:
Receive the first public key parameter P of first communication party transmission1
According to the first public key parameter and the second private key component, common public key is generated based on below equation:
PA=[d2]P1-G
Wherein, PAFor common public key;
The common public key P is disclosedA
Specifically, second communication party's random selection private key component d2∈ [1 ..., n-1], according to the public key parameter P of reception1 With private key parameter d2, generate the common public key P of both sidesA=[d2]P1- G=[d1d2- 1] G, and common public key P is disclosedA
Wherein, common public key P is disclosedAWhile, can also be by common public key PABeing sent to CA mechanisms is used to sign and issue for subscriber Digital certificate.
It is preferred that, producing public key PAAfterwards, the method validation public key P provided by GM/T 0003.1-2012 standards 6.2A It is whether effective.And checking herein is the completeness for technical solution of the present invention, public key is directly used if being not added with checking, Safety issue is there may be, private key can be caused to leak.
In a specific embodiment, elliptic curve group element includes elliptic curve group element R1With elliptic curve group member Plain R2
According to the random number of selection and the first public key parameter of first communication party, the first elliptic curve group element of generation Step includes:
Random number k is chosen respectively1, random number k2, based on below equation generation elliptic curve group element R1And elliptic curve group Element R2
R1=[k1]P1
R2=[k2]G
Wherein, k1∈ [1 ..., n-1];k2∈ [1 ..., n-1].
Specifically, second communication party's selection random number k1∈ [1 ..., n-1], random number k2∈ [1 ..., n-1], is calculated Elliptic curve group element R1=[k1]P1=[k1d1] G, elliptic curve group element R2=[k2] G, then by elliptic curve group element R1, elliptic curve group element R2It is sent to first communication party.
In a specific embodiment, middle signature includes the first middle signature s1With the second middle signature s2
Included according to the second private key component with the step of obscuring intermediate result, generation middle signature:
According to the second private key component d2And random number k1, the first middle signature s is generated based on below equation1
According to the second private key component d2, random number k2With obscure intermediate result, based on below equation generate the second middle signature s2
Wherein, r ' is to obscure intermediate result.
Specifically, second communication party's selection random number k1∈ [1 ..., n-1], random number k2∈ [1 ..., n-1], is calculated Elliptic curve group element R1=[k1]P1=[k1d1] G, elliptic curve group element R2=[k2] G, then by elliptic curve group element R1 With elliptic curve group element R2It is sent to first communication party.
Specifically, second communication party uses private key parameter d2, random number k1, random number k2With the intermediate result r ' of reception, Calculate intermediate resultWithThen by s1And s2Send To first communication party.
In a specific embodiment, according to the second private key component and intermediate result is being obscured, generation middle signature Also include step before step:
Intermediate result r ' value is obscured in detection;When it is 0 to detect the value for obscuring intermediate result r ', joined according to the first public key Number and the random number chosen again, regenerate the first elliptic curve group element.
Specifically, for security, second communication party checks the intermediate result r ' received, if r '=0, re-executes According to the first public key parameter and the second private key component, the step of generating elliptic curve group element.
The SM2 algorithms that the present invention is implemented from second communication party's angle cooperate with endorsement method so that second communication party can assist First communication party is helped to generate digital signature, digital signature can be by first communication party and the common public key P of second communication partyATest Card.By random number hidden parts sign result r, can't leak sign a result r separately, hence in so that second communication party assist First communication party completes digital signature, but second communication party is not aware that what message is first communication party endorsed, on the one hand Avoid leak and sign a result r separately, the feature on the other hand with similar Proxy Signature.
The SM2 algorithms collaboration decryption method embodiment 1 that the present invention is implemented from second communication party's angle:
In order to solve the problem of conventional art can not protect privacy of user, resistance malicious attack, present invention also offers one Plant the SM2 algorithms collaboration decryption method embodiment 1 implemented from second communication party's angle;Fig. 3 is to be of the invention from second communication party angle The schematic flow sheet for the SM2 algorithms collaboration decryption method embodiment 1 that degree is implemented;As shown in figure 3, may comprise steps of:
Step S310:The first Bit String that reception first communication party is transmitted according to the first Bit String of SM2 ciphertexts is corresponding Elliptic curve group element;Receive first communication party transmission according to the first private key component and the corresponding elliptic curve of the first Bit String The first dot product result that group element is obtained;
Step S320:Second private key component and the first dot product result are subjected to product calculation, the second dot product result is obtained;
Step S330:According to the second dot product result and the corresponding elliptic curve group element of the first Bit String, obtain interim right Claim key, and extract the second Bit String of SM2 ciphertexts;
Step S340:Step-by-step XOR is carried out to temporary symmetric key and the second Bit String, decrypted plaintext is obtained;To solution Close plaintext is verified, and exports decrypted plaintext when verifying successfully.
Specifically, the technical scheme based on above-mentioned collaboration endorsement method, the decrypting process of present invention collaboration decryption method, Communicating pair only needs to carry out seldom interaction, so as to the application demand for meeting low latency in cloud computing environment, interacting less.
In a specific embodiment, according to the second dot product result and the corresponding elliptic curve group member of the first Bit String Element, the step of obtaining temporary symmetric key includes:
Elliptic curve group element (x is obtained based on below equation2, y2):
(x2, y2)=T2-C1 *
Wherein, T2For the second dot product result;C1 *For the corresponding elliptic curve group element of the first Bit String;
According to elliptic curve group element (x2, y2), temporary symmetric key is generated based on below equation:
T=KDF (x2||y2, klen)
Wherein, t is temporary symmetric key;| | represent splicing;KDF (*) is pre-defined cipher key derivation function;Klen tables State the bit-string length of output;
Decrypted plaintext is verified, and included when verifying successfully the step of output decrypted plaintext:
Check code is obtained based on below equation:
U=Hash (x2||M′||y2),
Wherein, u is check code;M ' is decrypted plaintext;Hash represents default cryptographic Hash algorithm;
Extract the 3rd Bit String C in SM2 ciphertexts3, in u=C3When, confirmation is verified successfully, output decrypted plaintext M '.
Specifically, second communication party uses the private key component d of itself2Calculate the second dot product result T2=[d2]T1, its In, T1Represent the first dot product result;Then elliptic curve group element (x is calculated2, y2)=T2-C1 *=[d1d2-1]C1 *=[dA] C1 *
It should be noted that the role of first communication party and second communication party can exchange in above-mentioned decrypting process, i.e., by Second communication party first calculates [d2]C1 *First communication party is sent to, then first communication party completes follow-up decrypting process and exports bright Literary M '.
Further, second communication party calculates temporary symmetric key t=KDF (x2||y2, klen), wherein | | splicing is represented, KDF (*) is pre-defined cipher key derivation function, the bit-string length of klen statement outputs.Wherein, if t is full 0 Bit String, Then report an error and exit.It is nonsensical to be encrypted using fixed key, and encrypted result is also fixed value.
Second communication party extracts Bit String C from ciphertext C2, and calculateWhereinRepresent step-by-step XOR Computing.And calculate check code u=Hash (x2||M′||y2), Bit String C is then extracted from ciphertext C3If, u ≠ C3, represent close Literary C is tampered, and is reported an error and is exited.Second communication party's output plaintext M '.
The SM2 algorithms collaboration decryption method embodiment 1 that the present invention is implemented from first communication party angle:
It is logical from second based on more than in order to solve the problem of conventional art can not protect privacy of user, resistance malicious attack Believe that SM2 algorithms that square degree is implemented cooperate with the technical scheme of decryption method, the invention provides one kind from second communication party's angle The SM2 algorithms collaboration decryption method embodiment 1 of implementation;The SM2 algorithms collaboration that Fig. 4 is implemented for the present invention from first communication party angle The schematic flow sheet of decryption method embodiment 1;As shown in figure 4, may comprise steps of:
Step S410:Obtain the first Bit String of SM2 ciphertexts;Data type conversion is carried out to the first Bit String, the is obtained The corresponding elliptic curve group element of one Bit String;
Step S420:According to the first private key component and the corresponding elliptic curve group element of the first Bit String, obtain at first point Multiply result;
Step S430:First dot product result and the corresponding elliptic curve group element of the first Bit String are transferred to the second communication Side.
Specifically, first communication party obtains SM2 ciphertexts:C=C1||C3||C2, Bit String C is extracted from ciphertext C1;It is right First Bit String C1Data type conversion is carried out, the corresponding elliptic curve group Elements C of the first Bit String is obtained1 *;First communication party Use private key component d1(in the case that i.e. first communication party is above-mentioned first communication party), which calculates, obtains the first dot product result T1= [d1]C1 *, and by T1It is sent to second communication party.
In a specific embodiment, according to the first private key component and the corresponding elliptic curve group member of the first Bit String Also include step before element, the step of obtaining the first dot product result:
Elliptic curve group element corresponding to the first Bit String is verified, is verifying the corresponding ellipse of the first Bit String When curve group element is the infinite point of elliptic curve, reports an error and exit decryption;
And
According to the first Bit String, dot product result S is calculated based on below equation:
S=[h] C1 *
Wherein, h is the cofactor of the rank n of basic point on elliptic curve;C1 *For the corresponding elliptic curve group member of the first Bit String Element;
When detecting the infinite point that dot product result S is elliptic curve, report an error and exit decryption.
Specifically, the method that first communication party can be provided by GM/T 0003.1-2012 standards 4.2.4 and 4.2.10 By the first Bit String C1Data type conversion be elliptic curve group Elements C1 *, then verify C1 *Whether it is elliptic curve E (Fq) Infinite point, if then pointing out mistake and exiting decryption flow.
It is preferred that, the method for checking is by elliptic curve group Elements C1 *Coordinate x and y substitute into elliptic curve equation y=f (x), look at whether equation is set up.If not verifying whether element belongs to elliptic curve, on the one hand follow-up point multiplication operation will Mistake, on the other hand there may be the attack of special input, causes safety issue.
And if [h] C1 *For infinite point, represent and performing data encryption stage, not using the generation of elliptic curve First G calculates dot product, may so cause malicious attack, can leak private key for user.
The SM2 algorithms collaboration signature apparatus embodiment 1 that the present invention is implemented from first communication party angle:
In order to solve the problem of conventional art can not protect privacy of user, resistance malicious attack, the invention provides one kind The SM2 algorithms collaboration signature apparatus embodiment 1 implemented from first communication party angle;Fig. 5 is to be of the invention from first communication party angle The structural representation of the SM2 algorithms collaboration signature apparatus embodiment 1 of implementation;As shown in figure 5, can include:
First communication party eap-message digest generation unit 510, for disappearing according to the generation of default cryptographic Hash algorithm is to be signed The eap-message digest of breath;
First communication party information signature generation unit 520, for receive second communication party be based on the first public key parameter and First elliptic curve group element of the random number back of selection;According to eap-message digest and the first elliptic curve group element, generation the Part signature;Modular arithmetic is carried out based on Part I signature, intermediate result is obscured in generation, and intermediate result will be obscured to be transferred to Second communication party;When receiving second communication party according to the middle signature for obscuring intermediate result feedback, according to middle signature and Part I is signed, generation Part II signature;According to Part I signature and Part II signature, complete SM2 numbers are obtained Word is signed.
It should be noted that each list in the SM2 algorithms collaboration signature apparatus that the present invention is implemented from first communication party angle Element module, can correspond to each flow step in realizing the above-mentioned SM2 algorithms collaboration endorsement method implemented from first communication party angle Suddenly, it is no longer repeated herein.
The SM2 algorithms collaboration signature apparatus embodiment 1 that the present invention is implemented from second communication party's angle:
In order to solve the problem of conventional art can not protect privacy of user, resistance malicious attack, the invention provides one kind The SM2 algorithms collaboration signature apparatus embodiment 1 implemented from second communication party's angle;Fig. 6 is to be of the invention from second communication party's angle The structural representation of the SM2 algorithms collaboration signature apparatus embodiment 1 of implementation;As shown in fig. 6, can include:
Second communication party's parameter generating unit 610, first for the random number according to selection and first communication party is public Key parameter, generates the first elliptic curve group element, and the first elliptic curve group element is transferred into first communication party;
Second communication party's middle signature generation unit 620, the first elliptic curve group member is based on for receiving first communication party What element fed back obscures intermediate result, and according to the second private key component and obscures intermediate result, generates middle signature;By middle signature It is transferred to first communication party.
It should be noted that each list in the SM2 algorithms collaboration signature apparatus that the present invention is implemented from second communication party's angle Element module, can correspond to each flow step in realizing the above-mentioned SM2 algorithms collaboration endorsement method implemented from second communication party's angle Suddenly, it is no longer repeated herein.
The SM2 algorithms collaboration decryption device embodiment 1 that the present invention is implemented from second communication party's angle:
In order to solve the problem of conventional art can not protect privacy of user, resistance malicious attack, the invention provides one kind The SM2 algorithms collaboration decryption device embodiment 1 implemented from second communication party's angle;Fig. 7 is to be of the invention from second communication party's angle The structural representation of the SM2 algorithms collaboration decryption device embodiment 1 of implementation;As shown in fig. 7, can include:
Second communication party's receiving unit 710, for receive first communication party transmission according to the first private key component and described The first dot product result that the corresponding elliptic curve group element of first Bit String is obtained;And reception first communication party is close according to SM2 The corresponding elliptic curve group element of the first Bit String of the first Bit String transmission of text;
Second communication party's decryption unit 720, for the second private key component and the first dot product result to be carried out into product calculation, is obtained To the second dot product result;According to the second dot product result and the corresponding elliptic curve group element of the first Bit String, temporary symmetric is obtained Key, and extract the second Bit String of SM2 ciphertexts;Step-by-step XOR is carried out to temporary symmetric key and the second Bit String, obtained To decrypted plaintext;Decrypted plaintext is verified, and decrypted plaintext is exported when verifying successfully.
It should be noted that each list in the SM2 algorithms collaboration decryption device that the present invention is implemented from second communication party's angle Element module, can correspond to each flow step in realizing the above-mentioned SM2 algorithms collaboration decryption method implemented from second communication party's angle Suddenly, it is no longer repeated herein.
The SM2 algorithms collaboration decryption device embodiment 1 that the present invention is implemented from first communication party angle:
In order to solve the problem of conventional art can not protect privacy of user, resistance malicious attack, the invention provides one kind The SM2 algorithms collaboration decryption device embodiment 1 implemented from first communication party angle;Fig. 8 is to be of the invention from first communication party angle The structural representation of the SM2 algorithms collaboration decryption device embodiment 1 of implementation;As shown in figure 8, can include:
First communication party processing unit 810, the first Bit String for obtaining SM2 ciphertexts;According to the first private key component and The corresponding elliptic curve group element of first Bit String, obtains the first dot product result;Data type conversion is carried out to the first Bit String, Obtain the corresponding elliptic curve group element of the first Bit String;
First communication party transmission unit 820, for by the first dot product result and the corresponding elliptic curve group of the first Bit String Element is transferred to second communication party.
It should be noted that each in the SM2 algorithms collaboration decryption device that the present invention passes angle implementation from first communication party Unit module, can correspond to each stream in realizing the above-mentioned SM2 algorithms collaboration decryption method for passing angle implementation from first communication party Journey step, it is no longer repeated herein.
SM2 algorithms collaboration signature system embodiment 1 of the present invention:
In order to solve the problem of conventional art can not protect privacy of user, resistance malicious attack, the invention provides one kind SM2 algorithms collaboration signature system embodiment 1, can include first communication party and second communication party;
Second communication party is according to the random number of selection and the first public key parameter of first communication party, and generation first is oval bent Line-group element, and the first elliptic curve group element is transferred to first communication party;
First communication party generates the eap-message digest of message to be signed according to default cryptographic Hash algorithm, and is plucked according to message Part I signature is generated with the first elliptic curve group element;Modular arithmetic is carried out based on Part I signature, during generation is obscured Between result, and intermediate result will be obscured be transferred to second communication party;Second communication party is according to the second private key component and obscures centre As a result, middle signature is generated;And middle signature is transferred to first communication party;
First communication party is signed according to middle signature and Part I, generation Part II signature;And according to Part I Signature and Part II signature, obtain complete SM2 digital signature.
Specifically, in order to describe the technical scheme that SM2 algorithms of the present invention cooperate with signature system in detail, spy is with practical application In implementation process exemplified by explanation:
SM2 algorithms collaboration signature system can include two participant first communication partys and second communication party.Both sides according to SM2 canonical algorithms determine hash function Hv, elliptic curve E, elliptic curve group generation member G, and add order of a group n.First communication party As signer, with Z as defined in SM2AParameter.Implementing flow includes:
1st, the agreement of key pair is generated
1) first communication party random selection private key component d1∈ [1 ..., n-1], calculates public key parameter P1=[d1] G, concurrently Send public key parameter P1To second communication party.
2) first communication party random selection private key component d2∈ [1 ..., n-1], according to the public key parameter P of reception1And private key Parameter d2, generate the common public key P of both sidesA=[d2]P1- G=[d1d2- 1] G, and common public key P is disclosedA
Wherein, common public key PAIt is that first communication party and second communication party are generated using respective private key component.By first The common private key of communication party and second communication party are designated as dA, then PA=[dA] G=[d1d2- 1] G, therefore have dA=(d1d2- 1),
It should be noted that calculating P1Need to use d1, in P1On the basis of calculate PA.Here can also be by second communication party First calculate P1, then first communication party is in P1On the basis of calculate PA, because result of calculation is symmetrical.
It is preferred that:Second communication party is producing public key PAAfterwards, the method provided by GM/T 0003.1-2012 standards 6.2 Verification public key PAIt is whether effective.
In a specific embodiment, elliptic curve group element includes the first elliptic curve group element R1It is oval with first Curve group element R2
Second communication party chooses random number k respectively1, random number k2, the first elliptic curve group element is generated based on below equation R1With the first elliptic curve group element R2
R1=[k1]P1
R2=[k2]G
Wherein, k1∈ [1 ..., n-1];k2∈ [1 ..., n-1];G is elliptic curve E (Fq) on basic point;N is oval bent Line E (Fq) on basic point G rank;
First communication party chooses random number k respectively3, random number k4, based on below equation generation elliptic curve group element (x1, y1):
(x1, y1)=[k3]R1+R2+[k4]G
Wherein, k3∈ [1 ..., n-1];k4∈ [1 ..., n-1];x1For elliptic curve group element (x1, y1) x-axis coordinate, y1For elliptic curve group element (x1, y1) y-axis coordinate;
According to elliptic curve group element (x1, y1) and eap-message digest, based on below equation generation Part I signature:
R=e+x1(mod n)
Wherein, e is eap-message digest;R signs for Part I;Mod n are mould n computings.
2nd, collaboration produces the agreement of digital signature
1) second communication party's selection random number k1∈ [1 ..., n-1], random number k2∈ [1 ..., n-1], calculates elliptic curve Group element R1=[k1]P1=[k1d1] G, elliptic curve group element R2=[k2] G, then by elliptic curve group element R1It is bent with ellipse Line-group element R2It is sent to first communication party.
2) first communication party receives elliptic curve group element R1, elliptic curve group element R2;First communication party selects random number k3∈ [1 ..., n-1], random number k4∈ [1 ..., n-1], calculates elliptic curve group element (x1, y1)=[k3]R1+R2+[k4] G, Wherein x1It is elliptic curve group element (x1, y1) x-axis coordinate;First communication party calculates eap-message digest e=H (ZA| | M), calculate Part signature result r=e+x1(mod n), wherein ZAIt is that mark ID is distinguished according to user AAThe Hash Value of calculating, M is defeated The original text to be signed entered;The return to step 1 if r=0) re-execute;First communication party uses random number k4Signed with part As a result r, which is calculated, obscures intermediate result r '=r+k4(mod n), is then sent to second communication party by r '.
3) second communication party uses private key parameter d2, random number k1, random number k2With the intermediate result r ' of reception, in calculating Between resultWithThen by s1And s2It is sent to One communication party.
4) first communication party receives intermediate result s1And s2;First communication party uses private key parameter d1, random number k3, part Sign result r, the intermediate result s of reception1And s2, calculating section signature result The return to step 1 if s=0) re-execute.
First communication party output meets the digital signature (r, s) of SM2 signature call formats, uses common public key PAIt can test Demonstrate,prove the signature result.
It must be noted that this protocol steps 1) in second communication party need obtain first communication party private key component d1Correspondence Public key parameter P1=[d1] G, this by first communication party can be sent to second communication party by increasing a previous step, The parameter can be prestored by second communication party and calculating is directly used in.
In a specific embodiment, random number k1, random number k2, random number k3And random number k4Meet following bar Part:
Random number k1, random number k2, random number k3And random number k4Middle part random number is chosen by second communication party Arrive, remainder random number is chosen by first communication party and obtained;
Random number equation for generating SM2 digital signature includes random number k1, random number k2, random number k3And random number k4
In a specific embodiment, random number k1, random number k2, random number k3And random number k4Meet it is following with Machine number equation:
K=k1k3d1+k2+k4(mod n)
Wherein, k is random number and k ∈ [1 ..., n-1];d1For the first private key.
Specifically, signature result correctness proof:
Remember k=k1k3d1+k2+k4(mod n), then (x1, y1)=[k] G;
(x1, y1)=[k1k3d1+k2+k4]G
R=H (ZA||M)+x1(mod n)
It can be seen that, part signature result r and s form are identical with the SM2 signature results of standard, have only used a kind of spy Determine mode to produce random number k, due to k1、k2、k3、k4It is random selection, still meets the requirement of one-time pad.Due to 4 Random number is contributed respectively by first communication party and second communication party, it ensure that either party uncontrollable final output signature is tied Random number k in fruit, in other words either party private key d can not be derived according to known random number kA
Specifically, not only a kind of construction of the random number k in the present invention, it is understood that there may be a variety of, basic demand is: (1) random number k1, random number k2, random number k3And random number k4Must respectively it be contributed by communicating pair, should not be by a wherein side Produce;(2) final calculation result allows for being transformed to k-rd form, you can so that all k [i] conversion is arranged to a system One item.
The agreement that this collaboration produces digital signature enables first communication party to generate digital signature, and digital signature can be by One first communication party and the common public key P of second communication partyAChecking.
Intermediate result r ' is related to part signature result r in the agreement of this collaboration generation digital signature, but can't let out Leakage part signature result r, hence in so that first communication party completes a digital signature with the help of second communication party, still Second communication party is not aware that what message is first communication party endorsed, and on the one hand avoids leak and signs result r separately, another Aspect has the feature of similar Proxy Signature.
It is preferred that, this protocol steps 2) in, in addition to judging r=0, in addition it is also necessary to calculate [r] G+ (x1, y1), Ran Houjian Look into result of calculation whether equal with O, this protocol steps should be returned if equal and 1) reselects random number.Wherein, O is oval bent The identical element of line module, referred to as infinite point or zero point.
It is preferred that, in this agreement in step 2) in first communication party receive elliptic curve group element R1、R2Afterwards, S is calculated1 =[h] R1, S2=[h] R2, wherein h is n cofactor.If S1Or S2It is infinite point, then returns to this protocol steps 1) again Perform.
It is preferred that, this protocol steps 2) in second communication party check receive intermediate result r ', if r '=0 return step It is rapid 1) to re-execute.
It is preferred that, this protocol steps 4) in first communication party receive intermediate result s1And s2Afterwards, s is found if checking1= 0 or s2=0, then return to step 1) re-execute.
It is preferred that, 4) increase a step afterwards in this protocol steps, calculate r+s, the return to step if r+s=n is met 1) re-execute.
It should be noted that the first communication party and second communication party in the present invention can represent client, service end its In a role, second communication party is service end if first communication party is client.Usually, prioritizing selection service end is held The step of row second communication party, because the step of client executing first communication party, then client is calculated makes a summary and exports in plain text Signature result, is so conducive to protecting privacy of user.
SM2 algorithms collaboration decryption system embodiment 1 of the present invention:
In order to solve the problem of conventional art can not protect privacy of user, resistance malicious attack, present invention also offers one SM2 algorithms collaboration decryption system embodiment 1 is planted, first communication party and second communication party can be included;
First communication party obtains the first Bit String of SM2 ciphertexts;It is corresponding according to the first private key component and the first Bit String Elliptic curve group element, obtains the first dot product result;Data type conversion is carried out to the first Bit String, the first Bit String pair is obtained The elliptic curve group element answered;First dot product result and the corresponding elliptic curve group element of the first Bit String are transferred to second and led to Letter side;
Second private key component and the first dot product result are carried out product calculation by second communication party, obtain the second dot product result; According to the second dot product result and the corresponding elliptic curve group element of the first Bit String, temporary symmetric key is obtained, and it is close to extract SM2 Second Bit String of text;Step-by-step XOR is carried out to temporary symmetric key and the second Bit String, decrypted plaintext is obtained;To decryption Verified in plain text, and decrypted plaintext is exported when verifying successfully.
Specifically, the implementation process of SM2 algorithms collaboration decryption system of the present invention may comprise steps of:
3rd, collaboration decryption ciphertext C agreement
1) first communication party obtains SM2 ciphertexts:C=C1||C3||C2, Bit String C is extracted from ciphertext C1, by GM/T The method that 0003.1-2012 standards 4.2.4 and 4.2.10 are provided by data type conversion be elliptic curve group Elements C1, then Verify C1Whether it is elliptic curve F (Fq) infinite point, if then pointing out mistake and exiting decryption flow.
2) first communication party uses private key component d1Calculate T1=[d1]C1, and by T1It is sent to second communication party.
3) second communication party uses private key component d2Calculate T2=[d2]T1, then calculate (x2, y2)=T2-C1=[d1d2- 1]C1=[dA]C1
4) second communication party calculates t=KDF (x2||y2, klen), wherein | | splicing is represented, KDF (*) is pre-defined Cipher key derivation function, the bit-string length of klen statement outputs.If t is full 0 Bit String, reports an error and exit.
5) second communication party extracts Bit String C from ciphertext C2, and calculateWhereinRepresent that step-by-step is different Or computing.
6) second communication party calculates u=Hash (x2||M′||y2), Bit String C is then extracted from ciphertext C3If, u ≠ C3 Then report an error and exit.
7) second communication party output plaintext M '.
Need explanation but, the role of first communication party and second communication party can exchange in calculating process above, [d is first calculated by second communication party2]C1First communication party is sent to, then first communication party completes follow-up decrypting process and defeated Go out plaintext M '.
It is preferred that, in the step 2 of decryption flow) above increase a step, first communication party calculates S=[h] C1, wherein H is n cofactor.If S is infinite point, reports an error and exit.
SM2 algorithms collaboration signature of the present invention and decryption method, device and system have the following advantages that:
1) eap-message digest e and part signature result r are calculated by first communication party, are finally also exported and signed by first communication party Name result, therefore will not leak privacy of user during digital signature is produced.
2) intermediate result r ' is related to part signature result r, but can't leak sign a result r separately, hence in so that First communication party completes a digital signature with the help of second communication party, but second communication party is not aware that first leads to Letter side endorsed any message, the feature with similar Proxy Signature.
3) communicating pair produces random number as private key component respectively, and the process for producing private key and calculating public key is simpler Single, amount of calculation is smaller.
4) two sides of communication hold private key component and signed to cooperate with to produce respectively, and attacker kidnaps nothing under conditions of a wherein side Method obtains complete private key, can not also realize that private key off line is used.
5) two sides of communication hold private key component and produce signature to cooperate with respectively, can be with the application scenario of private key escrow Avoid providing the service provider unauthorized use private key for user of private key escrow forging digital signature.
6) signature process is with during decryption, and communicating pair only needs to carry out seldom interaction, so as to meet cloud meter Calculate low latency in environment, the application demand interacted less.
Present invention also offers a kind of computer-readable recording medium, computer program is stored thereon with, the program is located Step during the above-mentioned SM2 algorithms collaboration endorsement method from first communication party angle embodiment is realized during reason device execution.
The invention provides a kind of computer equipment, including memory, processor and store on a memory and can locate The computer program run on reason device, realizes that the above-mentioned SM2 from first communication party angle embodiment is calculated during computing device program Step in method collaboration endorsement method.
The invention provides a kind of computer-readable recording medium, computer program is stored thereon with, the program is processed Step during the above-mentioned SM2 algorithms collaboration endorsement method from second communication party's angle embodiment is realized during device execution.
The invention provides a kind of computer equipment, including memory, processor and store on a memory and can locate The computer program run on reason device, realizes that the above-mentioned SM2 from second communication party's angle embodiment is calculated during computing device program Step in method collaboration endorsement method.
The invention provides a kind of computer-readable recording medium, computer program is stored thereon with, the program is processed Step during the above-mentioned SM2 algorithms collaboration decryption method from second communication party's angle embodiment is realized during device execution.
The invention provides a kind of computer equipment, including memory, processor and store on a memory and can locate The computer program run on reason device, realizes that the above-mentioned SM2 from second communication party's angle embodiment is calculated during computing device program Step in method collaboration decryption method.
The invention provides a kind of computer-readable recording medium, computer program is stored thereon with, the program is processed Step during the above-mentioned SM2 algorithms collaboration decryption method from first communication party angle embodiment is realized during device execution.
The invention provides a kind of computer equipment, including memory, processor and store on a memory and can locate The computer program run on reason device, realizes that the above-mentioned SM2 from first communication party angle embodiment is calculated during computing device program Step in method collaboration decryption method.
Each technical characteristic of embodiment described above can be combined arbitrarily, to make description succinct, not to above-mentioned reality Apply all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited In contradiction, the scope of this specification record is all considered to be.One of ordinary skill in the art will appreciate that realizing above-mentioned implementation All or part of step in example method can be by program to instruct the hardware of correlation to complete, and described program can be deposited Be stored in a computer read/write memory medium, the program upon execution, including the step described in above method, described storage Medium, such as:ROM/RAM, magnetic disc, CD etc..
Embodiment described above only expresses the several embodiments of the present invention, and it describes more specific and detailed, but simultaneously Can not therefore it be construed as limiting the scope of the patent.It should be pointed out that coming for one of ordinary skill in the art Say, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to the protection of the present invention Scope.Therefore, the protection domain of patent of the present invention should be determined by the appended claims.

Claims (36)

1. a kind of SM2 algorithms cooperate with endorsement method, it is characterised in that comprise the following steps:
According to default cryptographic Hash algorithm, the eap-message digest of message to be signed is generated;
Receive the first elliptic curve group element of random number back of the second communication party based on the first public key parameter and selection;Root According to the eap-message digest and the first elliptic curve group element, generation Part I signature;
Modular arithmetic is carried out based on Part I signature, intermediate result is obscured in generation, and obscures intermediate result transmission by described To the second communication party;
In the middle signature for receiving the second communication party and obscuring intermediate result feedback according to described, signed according in the middle of described Name and Part I signature, generation Part II signature;
According to Part I signature and Part II signature, complete SM2 digital signature is obtained.
2. SM2 algorithms according to claim 1 cooperate with endorsement method, it is characterised in that the default cryptographic Hash is calculated Method is SM3 algorithms;The first elliptic curve group element includes elliptic curve group element R1With elliptic curve group element R2
According to the eap-message digest and the first elliptic curve group element, the step of generation Part I is signed includes:
Random number k is chosen respectively3, random number k4, the second elliptic curve group element (x is generated based on below equation1, y1):
(x1, y1)=[k3]R1+R2+[k4]G
Wherein, k3∈ [1 ..., n-1];k4∈ [1 ..., n-1];G is elliptic curve E (Fq) on basic point;N is elliptic curve E (Fq) on basic point G rank;x1For the second elliptic curve group element (x1, y1) x-axis coordinate, y1For second elliptic curve Group element (x1, y1) y-axis coordinate;
According to the second elliptic curve group element (x1, y1) and the eap-message digest, based on described first of below equation generation Sign name separately:
R=e+x1(mod n)
Wherein, e is the eap-message digest;R signs for the Part I;Mod n are mould n computings.
3. SM2 algorithms according to claim 2 cooperate with endorsement method, it is characterised in that according to the eap-message digest and Also include step before the first elliptic curve group element, the step of generation Part I is signed:
According to the elliptic curve group element R1, dot product result S is obtained based on below equation1
S1=[h] R1
Wherein, h is n cofactor;
Detecting the dot product result S1For elliptic curve E (Fq) infinite point when, receive the second communication party according to institute State the first public key parameter and the first elliptic curve group element that the random number chosen again is fed back again;
Or
According to the elliptic curve group element R2, dot product result S is obtained based on below equation2
S2=[h] R2
Wherein, h is n cofactor;
Detecting the dot product result S2For elliptic curve E (Fq) infinite point when, receive the second communication party according to institute State the first public key parameter and the first elliptic curve group element that the random number chosen again is fed back again.
4. SM2 algorithms according to claim 2 cooperate with endorsement method, it is characterised in that according to the eap-message digest and Also include step after the first elliptic curve group element, the step of generation Part I is signed:
The value of the Part I signature r is detected, when Part I signature r value is 0, the second communication party is received The the first elliptic curve group element fed back again according to the first public key parameter and the random number chosen again;
Or
According to the second elliptic curve group element (x1, y1), calculated based on below equation, obtain result of calculation S0
S0=[r] G+ (x1, y1)
Detecting the result of calculation S0For elliptic curve E (Fq) infinite point when, receive the second communication party according to institute State the first public key parameter and the first elliptic curve group element that the random number chosen again is fed back again.
5. the SM2 algorithms collaboration endorsement method according to claim 2 to 4 any one, it is characterised in that based on described the Part signature carries out modular arithmetic, and the step of intermediate result is obscured in generation includes:
According to the random number k4With Part I signature r, intermediate result is obscured based on below equation generation:
R '=r+k4(mod n)
Wherein, r ' obscures intermediate result to be described.
6. SM2 algorithms according to claim 5 cooperate with endorsement method, it is characterised in that according to default cryptographic Hash Also include step before algorithm, the step of generating the eap-message digest of message to be signed:
First private key component is generated based on below equation:
d1∈ [1 ..., n-1]
Wherein, d1For the first private key component;
According to the first private key component, the first public key parameter is obtained based on below equation:
P1=[d1]G
Wherein, P1For the first public key parameter;
The first public key parameter is transferred to the second communication party.
7. SM2 algorithms according to claim 6 cooperate with endorsement method, it is characterised in that the middle signature includes first Middle signature s1With the second middle signature s2
Signed according to the middle signature and the Part I, in the step of generation Part II is signed, based on below equation Generate the Part II signature:
<mrow> <mi>s</mi> <mo>=</mo> <msub> <mi>k</mi> <mn>3</mn> </msub> <msub> <mi>s</mi> <mn>1</mn> </msub> <mo>+</mo> <msubsup> <mi>d</mi> <mn>1</mn> <mrow> <mo>-</mo> <mn>1</mn> </mrow> </msubsup> <msub> <mi>s</mi> <mn>2</mn> </msub> <mo>-</mo> <mi>r</mi> <mrow> <mo>(</mo> <mi>mod</mi> <mi> </mi> <mi>n</mi> <mo>)</mo> </mrow> </mrow>
Wherein, s signs for the Part II;d1For the first private key component.
8. SM2 algorithms according to claim 7 cooperate with endorsement method, it is characterised in that according to the middle signature and institute Also include step before stating Part I signature, the step of generation Part II is signed:
Detect the first middle signature s1Value;Detecting the first middle signature s1Value when being 0, receive described the The first elliptic curve group element that two communication roots feed back again according to the first public key parameter and the random number chosen again;
Or
Detect the second middle signature s2Value;Detecting the second middle signature s2Value when being 0, receive described the The first elliptic curve group element that two communication roots feed back again according to the first public key parameter and the random number chosen again.
9. SM2 algorithms according to claim 7 cooperate with endorsement method, it is characterised in that according to the middle signature and institute State Part I to sign, also include step after the step of generation Part II is signed:
Detect the value of the Part II signature s;When detecting the value of the Part I signature s for 0 or n-r, institute is received State the first elliptic curve group that second communication party feeds back again according to the first public key parameter and the random number chosen again Element.
10. a kind of SM2 algorithms cooperate with endorsement method, it is characterised in that comprise the following steps:
According to the random number of selection and the first public key parameter of first communication party, the first elliptic curve group element is generated, and will The first elliptic curve group element is transferred to first communication party;
Receive the first communication party and obscure intermediate result based on what the first elliptic curve group element fed back, and according to second Private key component and it is described obscure intermediate result, generate middle signature;
The middle signature is transferred to the first communication party.
11. SM2 algorithms according to claim 10 cooperate with endorsement method, it is characterised in that in the random number according to selection And the first public key parameter of first communication party, generation the first elliptic curve group element the step of before also include step:
The second private key component is generated based on below equation:
d2∈ [1 ..., n-1]
Wherein, d2For the second private key component;N is elliptic curve E (Fq) on basic point G rank;
According to the random number of selection and the first public key parameter of first communication party, the step of generating the first elliptic curve group element Also include step before:
Receive the first public key parameter P of first communication party transmission1
According to the first public key parameter P1With the second private key component d2, common public key is generated based on below equation:
PA=[d2]P1-G
Wherein, PAFor the common public key;
The common public key P is disclosedA
12. SM2 algorithms according to claim 11 cooperate with endorsement method, it is characterised in that first elliptic curve group Element includes elliptic curve group element R1With elliptic curve group element R2
According to the random number of selection and the first public key parameter of first communication party, the step of generating the first elliptic curve group element Including:
Random number k is chosen respectively1, random number k2, the elliptic curve group element R is generated based on below equation1And elliptic curve group Element R2
R1=[k1]P1
R2=[k2]G
Wherein, k1∈ [1 ..., n-1];k2∈ [1 ..., n-1];P1For the first public key parameter;G is elliptic curve E (Fq) on Basic point;N is elliptic curve E (Fq) on basic point G rank.
13. SM2 algorithms according to claim 12 cooperate with endorsement method, it is characterised in that the middle signature includes the One middle signature s1With the second middle signature s2
According to the second private key component and it is described obscure intermediate result, include the step of generation middle signature:
According to the second private key component d2With the random number k1, the first middle signature s is generated based on below equation1
<mrow> <msub> <mi>s</mi> <mn>1</mn> </msub> <mo>=</mo> <msub> <mi>k</mi> <mn>1</mn> </msub> <msubsup> <mi>d</mi> <mn>2</mn> <mrow> <mo>-</mo> <mn>1</mn> </mrow> </msubsup> <mrow> <mo>(</mo> <mi>mod</mi> <mi> </mi> <mi>n</mi> <mo>)</mo> </mrow> </mrow>
According to the second private key component d2, the random number k2Obscure intermediate result with described, it is described based on below equation generation Second middle signature s2
<mrow> <msub> <mi>s</mi> <mn>2</mn> </msub> <mo>=</mo> <mrow> <mo>(</mo> <msup> <mi>r</mi> <mo>&amp;prime;</mo> </msup> <mo>+</mo> <msub> <mi>k</mi> <mn>2</mn> </msub> <mo>)</mo> </mrow> <msubsup> <mi>d</mi> <mn>2</mn> <mrow> <mo>-</mo> <mn>1</mn> </mrow> </msubsup> <mrow> <mo>(</mo> <mi>mod</mi> <mi> </mi> <mi>n</mi> <mo>)</mo> </mrow> </mrow>
Wherein, r ' obscures intermediate result to be described.
14. SM2 algorithms according to claim 13 cooperate with endorsement method, it is characterised in that according to the second private key component Obscure intermediate result with described, step is also included before the step of generating middle signature:
Intermediate result r ' value is obscured described in detection;When it is 0 to detect the value for obscuring intermediate result r ', according to described the One public key parameter and the random number chosen again, regenerate the first elliptic curve group element.
15. a kind of SM2 algorithms cooperate with decryption method, it is characterised in that comprise the following steps:
Receive the corresponding elliptic curve group of first Bit String that first communication party is transmitted according to the first Bit String of SM2 ciphertexts Element;Receive first communication party transmission according to the first private key component and the corresponding elliptic curve group element of first Bit String The first obtained dot product result;
Second private key component and the first dot product result are subjected to product calculation, the second dot product result is obtained;
According to the second dot product result and the corresponding elliptic curve group element of first Bit String, temporary symmetric is obtained close Key, and extract the second Bit String of the SM2 ciphertexts;
Step-by-step XOR is carried out to the temporary symmetric key and second Bit String, decrypted plaintext is obtained;
The decrypted plaintext is verified, and the decrypted plaintext is exported in described verify successfully.
16. SM2 algorithms according to claim 15 cooperate with decryption method, it is characterised in that according to the second dot product knot Fruit elliptic curve group element corresponding with first Bit String, the step of obtaining temporary symmetric key includes:
Elliptic curve group element (x is obtained based on below equation2, y2):
(x2, y2)=T2-C1 *
Wherein, T2For the second dot product result;C1 *For the corresponding elliptic curve group element of first Bit String;
According to the elliptic curve group element (x2, y2), the temporary symmetric key is generated based on below equation:
T=KDF (x2||y2, klen)
Wherein, t is the temporary symmetric key;| | represent splicing;KDF (*) is pre-defined cipher key derivation function;Klen tables State the bit-string length of output;
The step of being verified to the decrypted plaintext, and export the decrypted plaintext in described verify successfully includes:
Check code is obtained based on below equation:
U=Hash (x2||M′||y2),
Wherein, u is the check code;M ' is the decrypted plaintext;Hash represents default cryptographic Hash algorithm;
Extract the 3rd Bit String C in the SM2 ciphertexts3, in u=C3When, confirmation is described to be verified successfully, exports the decryption bright Literary M '.
17. a kind of SM2 algorithms cooperate with decryption method, it is characterised in that comprise the following steps:
Obtain the first Bit String of SM2 ciphertexts;Data type conversion is carried out to first Bit String, first bit is obtained Go here and there corresponding elliptic curve group element;
According to the first private key component and the corresponding elliptic curve group element of first Bit String, the first dot product result is obtained;
The first dot product result and the corresponding elliptic curve group element of first Bit String are transferred to second communication party.
18. SM2 algorithms according to claim 17 cooperate with decryption method, it is characterised in that by the first dot product knot Also include step before the step of fruit elliptic curve group element corresponding with first Bit String is transferred to second communication party:
Elliptic curve group element corresponding to first Bit String verifies that first Bit String is corresponding verifying When elliptic curve group element is the infinite point of elliptic curve, reports an error and exit decryption;
And
According to the corresponding elliptic curve group element of first Bit String, dot product result S is calculated based on below equation:
S=[h] C1 *
Wherein, h is the cofactor of the rank n of basic point on elliptic curve;C1 *For the corresponding elliptic curve group member of first Bit String Element;
When detecting the infinite point that the dot product result S is elliptic curve, report an error and exit decryption.
19. a kind of SM2 algorithms cooperate with signature apparatus, it is characterised in that including:
First communication party eap-message digest generation unit, the message for generating message to be signed according to default cryptographic Hash algorithm Summary;
First communication party information signature generation unit, for receive second communication party based on the first public key parameter and selection with First elliptic curve group element of machine number feedback;According to the eap-message digest and the first elliptic curve group element, generation the Part signature;Modular arithmetic is carried out based on Part I signature, intermediate result is obscured in generation, and obscures middle knot by described Fruit is transferred to the second communication party;The second communication party is being received according to the middle label for obscuring intermediate result feedback During name, signed according to the middle signature and the Part I, generation Part II signature;Signed according to the Part I With Part II signature, complete SM2 digital signature is obtained.
20. a kind of SM2 algorithms cooperate with signature apparatus, it is characterised in that including:
Second communication party's parameter generating unit, for the random number according to selection and the first public key parameter of first communication party, The first elliptic curve group element is generated, and the first elliptic curve group element is transferred to first communication party;
Second communication party's middle signature generation unit, first elliptic curve group member is based on for receiving the first communication party Element feedback obscures intermediate result, and according to the second private key component and it is described obscure intermediate result, generate middle signature;Will be described Middle signature is transferred to the first communication party.
21. a kind of SM2 algorithms collaboration decryption device, it is characterised in that including:
Second communication party's receiving unit, for receiving first communication party is transmitted according to the first Bit String of SM2 ciphertexts described The corresponding elliptic curve group element of one Bit String;And receive first communication party transmission according to the first private key component and described the The first dot product result that the corresponding elliptic curve group element of one Bit String is obtained;
Second communication party's decryption unit, for the second private key component and the first dot product result to be carried out into product calculation, is obtained Second dot product result;According to the second dot product result and the corresponding elliptic curve group element of first Bit String, faced When symmetric key, and extract the second Bit String of the SM2 ciphertexts;The temporary symmetric key and second Bit String are entered Row step-by-step XOR, obtains decrypted plaintext;The decrypted plaintext is verified, and exports described in described verify successfully Decrypted plaintext.
22. a kind of SM2 algorithms collaboration decryption device, it is characterised in that including:
First communication party processing unit, the first Bit String for obtaining SM2 ciphertexts;Data class is carried out to first Bit String Type is changed, and obtains the corresponding elliptic curve group element of first Bit String;And according to the first private key component and first ratio The corresponding elliptic curve group element of spy's string, obtains the first dot product result;
First communication party transmission unit, for by the first dot product result and the corresponding elliptic curve group of first Bit String Element is transferred to second communication party.
23. a kind of SM2 algorithms cooperate with signature system, it is characterised in that including first communication party and second communication party;
The second communication party is according to the random number of selection and the first public key parameter of first communication party, and generation first is oval bent Line-group element, and the first elliptic curve group element is transferred to first communication party;
The first communication party generates the eap-message digest of message to be signed according to default cryptographic Hash algorithm, and is disappeared according to described Breath summary and the first elliptic curve group element, generation Part I signature;Mould fortune is carried out based on Part I signature Calculate, intermediate result is obscured in generation, and obscure intermediate result by described and be transferred to the second communication party;Second communication party's root According to the second private key component and it is described obscure intermediate result, generate middle signature;And the middle signature is transferred to described first Communication party;
The first communication party is signed according to the middle signature and the Part I, generation Part II signature;And according to The Part I signature and Part II signature, obtain complete SM2 digital signature.
24. SM2 algorithms according to claim 23 cooperate with signature system, it is characterised in that first elliptic curve group Element includes elliptic curve group element R1With elliptic curve group element R2
The second communication party chooses random number k respectively1, random number k2, the elliptic curve group element is generated based on below equation R1With elliptic curve group element R2
R1=[k1]P1
R2=[k2]G
Wherein, k1∈ [1 ..., n-1];k2∈ [1 ..., n-1];G is elliptic curve E (Fq) on basic point;N is elliptic curve E (Fq) on basic point G rank;
The first communication party chooses random number k respectively3, random number k4, the second elliptic curve group element is generated based on below equation (x1, y1):
(x1, y1)=[k3]R1+R2+[k4]G
Wherein, k3∈ [1 ..., n-1];k4∈ [1 ..., n-1];x1For the second elliptic curve group element (x1, y1) x-axis sit Mark, y1For the second elliptic curve group element (x1, y1) y-axis coordinate;
According to the second elliptic curve group element (x1, y1) and the eap-message digest, based on described first of below equation generation Sign name separately:
R=e+x1(mod n)
Wherein, e is the eap-message digest;R signs for the Part I;Mod n are mould n computings.
25. SM2 algorithms according to claim 24 cooperate with signature system, it is characterised in that the random number k1, it is described with Machine number k2, the random number k3And the random number k4Meet following condition:
The random number k1, the random number k2, the random number k3And the random number k4Middle part random number is by described Two communication parties choose and obtained, and remainder random number is chosen by the first communication party and obtained;
Random number equation for generating the SM2 digital signature includes the random number k1, the random number k2, it is described random Number k3With the random number k4
26. SM2 algorithms according to claim 25 cooperate with signature system, it is characterised in that the random number k1, it is described with Machine number k2, the random number k3And the random number k4Meet following random number equation:
K=k1k3d1+k2+k4(mod n)
Wherein, k is random number and k ∈ [1 ..., n-1];d1For the first private key component.
27. the SM2 algorithms collaboration signature system according to claim 23 to 26 any one, it is characterised in that described the One communication party is client;The second communication party is service end.
28. a kind of SM2 algorithms cooperate with decryption system, it is characterised in that including first communication party and second communication party;
The first communication party obtains the first Bit String of SM2 ciphertexts;Data type conversion is carried out to first Bit String, obtained To the corresponding elliptic curve group element of first Bit String;And it is corresponding according to the first private key component and first Bit String Elliptic curve group element, obtains the first dot product result;By the first dot product result and the corresponding ellipse of first Bit String Curve group element is transferred to second communication party;
Second private key component and the first dot product result are carried out product calculation by the second communication party, obtain the second dot product knot Really;According to the second dot product result and the corresponding elliptic curve group element of first Bit String, temporary symmetric key is obtained, And extract the second Bit String of the SM2 ciphertexts;Step-by-step XOR is carried out to the temporary symmetric key and second Bit String Computing, obtains decrypted plaintext;The decrypted plaintext is verified, and the decrypted plaintext is exported in described verify successfully.
29. a kind of computer-readable recording medium, is stored thereon with computer program, it is characterised in that the program is by processor The step of any one methods described in claim 1 to 9 is realized during execution.
30. a kind of computer equipment, including memory, processor and storage are on a memory and the meter that can run on a processor Calculation machine program, it is characterised in that side described in any one in claim 1 to 9 is realized during the computing device described program The step of method.
31. a kind of computer-readable recording medium, is stored thereon with computer program, it is characterised in that the program is by processor The step of any one methods described in claim 10 to 14 is realized during execution.
32. a kind of computer equipment, including memory, processor and storage are on a memory and the meter that can run on a processor Calculation machine program, it is characterised in that realized during the computing device described program in claim 10 to 14 described in any one The step of method.
33. a kind of computer-readable recording medium, is stored thereon with computer program, it is characterised in that the program is by processor The step of any one methods described in claim 15 to 16 is realized during execution.
34. a kind of computer equipment, including memory, processor and storage are on a memory and the meter that can run on a processor Calculation machine program, it is characterised in that realized during the computing device described program right want 15 to 16 in side described in any one The step of method.
35. a kind of computer-readable recording medium, is stored thereon with computer program, it is characterised in that the program is by processor The step of any one methods described in claim 17 to 18 is realized during execution.
36. a kind of computer equipment, including memory, processor and storage are on a memory and the meter that can run on a processor Calculation machine program, it is characterised in that realized during the computing device described program in claim 17 to 18 described in any one The step of method.
CN201710546334.2A 2017-07-06 2017-07-06 SM2 algorithm collaborative signature and decryption method, device and system Active CN107196763B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710546334.2A CN107196763B (en) 2017-07-06 2017-07-06 SM2 algorithm collaborative signature and decryption method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710546334.2A CN107196763B (en) 2017-07-06 2017-07-06 SM2 algorithm collaborative signature and decryption method, device and system

Publications (2)

Publication Number Publication Date
CN107196763A true CN107196763A (en) 2017-09-22
CN107196763B CN107196763B (en) 2020-02-18

Family

ID=59881484

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710546334.2A Active CN107196763B (en) 2017-07-06 2017-07-06 SM2 algorithm collaborative signature and decryption method, device and system

Country Status (1)

Country Link
CN (1) CN107196763B (en)

Cited By (59)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107566128A (en) * 2017-10-10 2018-01-09 武汉大学 A kind of two side's distribution SM9 digital signature generation methods and system
CN107623570A (en) * 2017-11-03 2018-01-23 北京无字天书科技有限公司 A kind of SM2 endorsement methods based on addition Secret splitting
CN107707353A (en) * 2017-09-26 2018-02-16 深圳奥联信息安全技术有限公司 The implementation method and device of SM9 algorithms
CN107888380A (en) * 2017-10-30 2018-04-06 武汉大学 A kind of the RSA digital signature generation method and system of two sides distribution identity-based
CN107911217A (en) * 2017-10-30 2018-04-13 陈彦丰 The method, apparatus and data handling system of generation signature are cooperateed with based on ECDSA algorithms
CN107911223A (en) * 2017-11-23 2018-04-13 上海众人网络安全技术有限公司 A kind of method and device for intersecting signature
CN107947913A (en) * 2017-11-15 2018-04-20 武汉大学 The anonymous authentication method and system of a kind of identity-based
CN108055136A (en) * 2017-12-22 2018-05-18 上海众人网络安全技术有限公司 Endorsement method, device, computer equipment and storage medium based on elliptic curve
CN108199835A (en) * 2018-01-19 2018-06-22 北京江南天安科技有限公司 A kind of multi-party joint private key decryption method and system
CN108650094A (en) * 2018-04-13 2018-10-12 武汉大学 A kind of Proxy Signature generation method and system based on SM2 digital signature
CN108650080A (en) * 2018-03-27 2018-10-12 北京迪曼森科技有限公司 A kind of key management method and system
CN108880807A (en) * 2018-08-02 2018-11-23 中钞信用卡产业发展有限公司杭州区块链技术研究院 Private key signature process method, apparatus, equipment and medium
CN108964923A (en) * 2018-06-22 2018-12-07 成都卫士通信息产业股份有限公司 Hide interactive SM2 endorsement method, system and the terminal of private key
CN108989047A (en) * 2018-07-19 2018-12-11 郑州信大捷安信息技术股份有限公司 A kind of communicating pair collaboration endorsement method and system based on SM2 algorithm
CN109088726A (en) * 2018-07-19 2018-12-25 郑州信大捷安信息技术股份有限公司 Communicating pair collaboration signature and decryption method and system based on SM2 algorithm
CN109245903A (en) * 2018-09-29 2019-01-18 北京信安世纪科技股份有限公司 Both sides cooperate with endorsement method, device and the storage medium for generating SM2 algorithm
CN109274503A (en) * 2018-11-05 2019-01-25 北京仁信证科技有限公司 Distributed collaboration endorsement method and distributed collaboration signature apparatus, soft shield system
CN109309569A (en) * 2018-09-29 2019-02-05 北京信安世纪科技股份有限公司 The method, apparatus and storage medium of collaboration signature based on SM2 algorithm
CN109600232A (en) * 2018-12-05 2019-04-09 北京智慧云测科技有限公司 For attack verifying, means of defence and the device of SM2 signature algorithm
CN109600224A (en) * 2018-11-06 2019-04-09 卓望数码技术(深圳)有限公司 A kind of SM2 key generation, endorsement method, terminal, server and storage medium
CN109672539A (en) * 2019-03-01 2019-04-23 深圳市电子商务安全证书管理有限公司 SM2 algorithm collaboration signature and decryption method, apparatus and system
CN109818741A (en) * 2017-11-22 2019-05-28 航天信息股份有限公司 A kind of decryption calculation method and device based on elliptic curve
CN109936455A (en) * 2017-12-19 2019-06-25 航天信息股份有限公司 A kind of methods, devices and systems of digital signature
CN110035065A (en) * 2019-03-12 2019-07-19 华为技术有限公司 Data processing method, relevant apparatus and computer storage medium
CN110380855A (en) * 2019-06-14 2019-10-25 武汉理工大学 Support the SM9 digital signature generation method and system of multi-party collaboration enhancing safety
CN110535635A (en) * 2019-07-19 2019-12-03 北京向芯力科技有限公司 A kind of collaboration endorsement method that supporting Information hiding and system
CN110601841A (en) * 2019-11-01 2019-12-20 成都卫士通信息产业股份有限公司 SM2 collaborative signature and decryption method and device
CN110958115A (en) * 2019-12-03 2020-04-03 成都卫士通信息产业股份有限公司 Digital signature device, method, storage medium and equipment based on SM9 white box
CN110990896A (en) * 2019-12-03 2020-04-10 成都卫士通信息产业股份有限公司 Digital signature device, method, storage medium and equipment based on SM2 white box
CN111130804A (en) * 2019-12-27 2020-05-08 上海市数字证书认证中心有限公司 SM2 algorithm-based collaborative signature method, device, system and medium
CN111314089A (en) * 2020-02-18 2020-06-19 数据通信科学技术研究所 SM 2-based two-party collaborative signature method and decryption method
CN111510299A (en) * 2020-04-10 2020-08-07 宁波富万信息科技有限公司 Joint digital signature generation method, electronic device, and computer-readable medium
CN111582867A (en) * 2020-05-11 2020-08-25 浙江同花顺智能科技有限公司 Collaborative signature and decryption method and device, electronic equipment and storage medium
CN107948189B (en) * 2017-12-19 2020-10-30 数安时代科技股份有限公司 Asymmetric password identity authentication method and device, computer equipment and storage medium
CN112131596A (en) * 2020-09-30 2020-12-25 北京海泰方圆科技股份有限公司 Encryption and decryption method, equipment and storage medium
CN112188465A (en) * 2020-09-29 2021-01-05 江苏恒宝智能系统技术有限公司 Emergency command communication system and working method thereof
CN112181974A (en) * 2019-07-01 2021-01-05 上海宏路数据技术股份有限公司 Identification information distribution method, system and storage equipment
CN112241527A (en) * 2020-12-15 2021-01-19 杭州海康威视数字技术股份有限公司 Key generation method and system and electronic equipment
CN112311549A (en) * 2020-03-26 2021-02-02 神州融安科技(北京)有限公司 Signature generation or assistance method, device, system, electronic equipment and storage medium
CN111447065B (en) * 2019-01-16 2021-03-09 中国科学院软件研究所 Active and safe SM2 digital signature two-party generation method
CN112632630A (en) * 2019-10-08 2021-04-09 航天信息股份有限公司 SM 2-based collaborative signature calculation method and device
CN112737778A (en) * 2020-12-30 2021-04-30 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) Digital signature generation and verification method and device, electronic equipment and storage medium
CN112737783A (en) * 2019-10-28 2021-04-30 航天信息股份有限公司 Decryption method and device based on SM2 elliptic curve
CN113014386A (en) * 2021-03-30 2021-06-22 宋煜 Cipher system based on multi-party cooperative computing
CN113055189A (en) * 2021-06-02 2021-06-29 工业信息安全(四川)创新中心有限公司 SM2 digital signature verification failure reason judgment method, device, equipment and medium
CN113158176A (en) * 2021-06-02 2021-07-23 工业信息安全(四川)创新中心有限公司 Public key analysis method, device, equipment and storage medium based on SM2 signature
CN113255010A (en) * 2021-05-21 2021-08-13 郑州信大捷安信息技术股份有限公司 Detection method and system for collaborative signature and decrypted product
WO2021169521A1 (en) * 2020-02-24 2021-09-02 华为技术有限公司 Signature method, terminal device and network device
CN113468580A (en) * 2021-07-23 2021-10-01 建信金融科技有限责任公司 Multi-party collaborative signature method and system
CN113849831A (en) * 2021-08-27 2021-12-28 北京握奇数据股份有限公司 Two-party collaborative signature and decryption method and system based on SM2 algorithm
CN113904777A (en) * 2021-09-23 2022-01-07 武汉大学 Signcryption method based on SM2 digital signature algorithm
CN114003948A (en) * 2021-10-12 2022-02-01 杭州趣链科技有限公司 Method for protecting user privacy based on online health consultation
CN114329518A (en) * 2021-12-10 2022-04-12 奇安信科技集团股份有限公司 Encryption and decryption method and device for software cryptographic module account
CN114329542A (en) * 2021-12-24 2022-04-12 上海市数字证书认证中心有限公司 File signature method, device, terminal and storage medium
CN114567448A (en) * 2022-04-29 2022-05-31 华南师范大学 Collaborative signature method and collaborative signature system
CN115134093A (en) * 2022-08-30 2022-09-30 北京信安世纪科技股份有限公司 Digital signature method and computing device
CN115314205A (en) * 2022-10-11 2022-11-08 中安网脉(北京)技术股份有限公司 Collaborative signature system and method based on key segmentation
CN115801322A (en) * 2022-10-20 2023-03-14 浪潮软件股份有限公司 Encryption method and system for realizing server-side secure communication
CN116318688A (en) * 2023-05-24 2023-06-23 北京信安世纪科技股份有限公司 Collaborative signature method, device and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102387019A (en) * 2011-10-19 2012-03-21 西安电子科技大学 Certificateless partially blind signature method
CN103780385A (en) * 2012-10-23 2014-05-07 航天信息股份有限公司 Blind signature method based on elliptic curve and device thereof
CN104243456A (en) * 2014-08-29 2014-12-24 中国科学院信息工程研究所 Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102387019A (en) * 2011-10-19 2012-03-21 西安电子科技大学 Certificateless partially blind signature method
CN103780385A (en) * 2012-10-23 2014-05-07 航天信息股份有限公司 Blind signature method based on elliptic curve and device thereof
CN104243456A (en) * 2014-08-29 2014-12-24 中国科学院信息工程研究所 Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
尚铭等: "SM2椭圆曲线门限密码算法", 《密码学报》 *

Cited By (93)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107707353A (en) * 2017-09-26 2018-02-16 深圳奥联信息安全技术有限公司 The implementation method and device of SM9 algorithms
CN107707353B (en) * 2017-09-26 2020-10-23 深圳奥联信息安全技术有限公司 SM9 algorithm implementation method and device
CN107566128A (en) * 2017-10-10 2018-01-09 武汉大学 A kind of two side's distribution SM9 digital signature generation methods and system
CN107888380A (en) * 2017-10-30 2018-04-06 武汉大学 A kind of the RSA digital signature generation method and system of two sides distribution identity-based
CN107911217A (en) * 2017-10-30 2018-04-13 陈彦丰 The method, apparatus and data handling system of generation signature are cooperateed with based on ECDSA algorithms
CN107911217B (en) * 2017-10-30 2021-02-26 陈彦丰 Method and device for cooperatively generating signature based on ECDSA algorithm and data processing system
CN107623570B (en) * 2017-11-03 2020-12-04 北京无字天书科技有限公司 SM2 signature method based on addition key segmentation
CN107623570A (en) * 2017-11-03 2018-01-23 北京无字天书科技有限公司 A kind of SM2 endorsement methods based on addition Secret splitting
CN107947913A (en) * 2017-11-15 2018-04-20 武汉大学 The anonymous authentication method and system of a kind of identity-based
CN107947913B (en) * 2017-11-15 2020-08-07 武汉大学 Anonymous authentication method and system based on identity
CN109818741A (en) * 2017-11-22 2019-05-28 航天信息股份有限公司 A kind of decryption calculation method and device based on elliptic curve
CN107911223A (en) * 2017-11-23 2018-04-13 上海众人网络安全技术有限公司 A kind of method and device for intersecting signature
CN107948189B (en) * 2017-12-19 2020-10-30 数安时代科技股份有限公司 Asymmetric password identity authentication method and device, computer equipment and storage medium
CN109936455A (en) * 2017-12-19 2019-06-25 航天信息股份有限公司 A kind of methods, devices and systems of digital signature
CN108055136A (en) * 2017-12-22 2018-05-18 上海众人网络安全技术有限公司 Endorsement method, device, computer equipment and storage medium based on elliptic curve
CN108199835A (en) * 2018-01-19 2018-06-22 北京江南天安科技有限公司 A kind of multi-party joint private key decryption method and system
CN108199835B (en) * 2018-01-19 2021-11-30 北京江南天安科技有限公司 Multi-party combined private key decryption method
CN108650080A (en) * 2018-03-27 2018-10-12 北京迪曼森科技有限公司 A kind of key management method and system
CN108650094A (en) * 2018-04-13 2018-10-12 武汉大学 A kind of Proxy Signature generation method and system based on SM2 digital signature
CN108964923A (en) * 2018-06-22 2018-12-07 成都卫士通信息产业股份有限公司 Hide interactive SM2 endorsement method, system and the terminal of private key
CN108964923B (en) * 2018-06-22 2021-07-20 成都卫士通信息产业股份有限公司 Interactive SM2 signature method, system and terminal for hiding private key
CN109088726B (en) * 2018-07-19 2021-01-26 郑州信大捷安信息技术股份有限公司 SM2 algorithm-based collaborative signing and decrypting method and system for two communication parties
CN109088726A (en) * 2018-07-19 2018-12-25 郑州信大捷安信息技术股份有限公司 Communicating pair collaboration signature and decryption method and system based on SM2 algorithm
CN108989047A (en) * 2018-07-19 2018-12-11 郑州信大捷安信息技术股份有限公司 A kind of communicating pair collaboration endorsement method and system based on SM2 algorithm
CN108989047B (en) * 2018-07-19 2021-03-02 郑州信大捷安信息技术股份有限公司 SM2 algorithm-based cooperative signature method and system for two communication parties
CN108880807A (en) * 2018-08-02 2018-11-23 中钞信用卡产业发展有限公司杭州区块链技术研究院 Private key signature process method, apparatus, equipment and medium
CN109245903A (en) * 2018-09-29 2019-01-18 北京信安世纪科技股份有限公司 Both sides cooperate with endorsement method, device and the storage medium for generating SM2 algorithm
CN109245903B (en) * 2018-09-29 2021-10-01 北京信安世纪科技股份有限公司 Signature method and device for cooperatively generating SM2 algorithm by two parties and storage medium
CN109309569A (en) * 2018-09-29 2019-02-05 北京信安世纪科技股份有限公司 The method, apparatus and storage medium of collaboration signature based on SM2 algorithm
CN109309569B (en) * 2018-09-29 2021-10-01 北京信安世纪科技股份有限公司 SM2 algorithm-based collaborative signature method and device and storage medium
CN109274503B (en) * 2018-11-05 2022-01-04 北京仁信证科技有限公司 Distributed collaborative signature method, distributed collaborative signature device and soft shield system
CN109274503A (en) * 2018-11-05 2019-01-25 北京仁信证科技有限公司 Distributed collaboration endorsement method and distributed collaboration signature apparatus, soft shield system
CN109600224A (en) * 2018-11-06 2019-04-09 卓望数码技术(深圳)有限公司 A kind of SM2 key generation, endorsement method, terminal, server and storage medium
CN109600232A (en) * 2018-12-05 2019-04-09 北京智慧云测科技有限公司 For attack verifying, means of defence and the device of SM2 signature algorithm
CN109600232B (en) * 2018-12-05 2021-08-06 北京智慧云测科技有限公司 Attack verification and protection method and device for SM2 signature algorithm
CN111447065B (en) * 2019-01-16 2021-03-09 中国科学院软件研究所 Active and safe SM2 digital signature two-party generation method
CN109672539B (en) * 2019-03-01 2021-11-05 深圳市电子商务安全证书管理有限公司 SM2 algorithm collaborative signature and decryption method, device and system
CN109672539A (en) * 2019-03-01 2019-04-23 深圳市电子商务安全证书管理有限公司 SM2 algorithm collaboration signature and decryption method, apparatus and system
CN110035065A (en) * 2019-03-12 2019-07-19 华为技术有限公司 Data processing method, relevant apparatus and computer storage medium
CN110380855A (en) * 2019-06-14 2019-10-25 武汉理工大学 Support the SM9 digital signature generation method and system of multi-party collaboration enhancing safety
CN112181974A (en) * 2019-07-01 2021-01-05 上海宏路数据技术股份有限公司 Identification information distribution method, system and storage equipment
CN112181974B (en) * 2019-07-01 2023-06-02 上海嗨普智能信息科技股份有限公司 Identification information distribution method, system and storage device
CN110535635A (en) * 2019-07-19 2019-12-03 北京向芯力科技有限公司 A kind of collaboration endorsement method that supporting Information hiding and system
CN110535635B (en) * 2019-07-19 2022-06-17 北京向芯力科技有限公司 Cooperative signature method and system supporting information hiding
CN112632630A (en) * 2019-10-08 2021-04-09 航天信息股份有限公司 SM 2-based collaborative signature calculation method and device
CN112737783B (en) * 2019-10-28 2022-08-12 航天信息股份有限公司 Decryption method and device based on SM2 elliptic curve
CN112737783A (en) * 2019-10-28 2021-04-30 航天信息股份有限公司 Decryption method and device based on SM2 elliptic curve
CN110601841A (en) * 2019-11-01 2019-12-20 成都卫士通信息产业股份有限公司 SM2 collaborative signature and decryption method and device
CN110601841B (en) * 2019-11-01 2022-06-14 成都卫士通信息产业股份有限公司 SM2 collaborative signature and decryption method and device
CN110990896B (en) * 2019-12-03 2023-01-06 成都卫士通信息产业股份有限公司 Digital signature device, method, storage medium and equipment based on SM2 white box
CN110958115B (en) * 2019-12-03 2022-08-23 成都卫士通信息产业股份有限公司 Digital signature device, method, storage medium and equipment based on SM9 white box
CN110958115A (en) * 2019-12-03 2020-04-03 成都卫士通信息产业股份有限公司 Digital signature device, method, storage medium and equipment based on SM9 white box
CN110990896A (en) * 2019-12-03 2020-04-10 成都卫士通信息产业股份有限公司 Digital signature device, method, storage medium and equipment based on SM2 white box
CN111130804A (en) * 2019-12-27 2020-05-08 上海市数字证书认证中心有限公司 SM2 algorithm-based collaborative signature method, device, system and medium
CN111314089A (en) * 2020-02-18 2020-06-19 数据通信科学技术研究所 SM 2-based two-party collaborative signature method and decryption method
CN111314089B (en) * 2020-02-18 2023-08-08 数据通信科学技术研究所 SM 2-based two-party collaborative signature method and decryption method
WO2021169521A1 (en) * 2020-02-24 2021-09-02 华为技术有限公司 Signature method, terminal device and network device
CN112311549B (en) * 2020-03-26 2024-09-10 神州融安数字科技(北京)有限公司 Signature generation or assistance method, device, system, electronic equipment and storage medium
CN112311549A (en) * 2020-03-26 2021-02-02 神州融安科技(北京)有限公司 Signature generation or assistance method, device, system, electronic equipment and storage medium
CN111510299A (en) * 2020-04-10 2020-08-07 宁波富万信息科技有限公司 Joint digital signature generation method, electronic device, and computer-readable medium
CN111510299B (en) * 2020-04-10 2021-03-19 宁波富万信息科技有限公司 Joint digital signature generation method, electronic device, and computer-readable medium
CN111582867B (en) * 2020-05-11 2023-09-22 浙江同花顺智能科技有限公司 Collaborative signature and decryption method and device, electronic equipment and storage medium
CN111582867A (en) * 2020-05-11 2020-08-25 浙江同花顺智能科技有限公司 Collaborative signature and decryption method and device, electronic equipment and storage medium
CN112188465A (en) * 2020-09-29 2021-01-05 江苏恒宝智能系统技术有限公司 Emergency command communication system and working method thereof
CN112188465B (en) * 2020-09-29 2021-10-26 江苏恒宝智能系统技术有限公司 Emergency command communication system and working method thereof
CN112131596B (en) * 2020-09-30 2021-11-09 北京海泰方圆科技股份有限公司 Encryption and decryption method, equipment and storage medium
CN112131596A (en) * 2020-09-30 2020-12-25 北京海泰方圆科技股份有限公司 Encryption and decryption method, equipment and storage medium
CN112241527A (en) * 2020-12-15 2021-01-19 杭州海康威视数字技术股份有限公司 Key generation method and system and electronic equipment
CN112737778A (en) * 2020-12-30 2021-04-30 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) Digital signature generation and verification method and device, electronic equipment and storage medium
CN112737778B (en) * 2020-12-30 2022-08-12 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) Digital signature generation and verification method and device, electronic equipment and storage medium
CN113014386A (en) * 2021-03-30 2021-06-22 宋煜 Cipher system based on multi-party cooperative computing
CN113014386B (en) * 2021-03-30 2023-06-02 宋煜 Cryptographic system based on multiparty collaborative computing
CN113255010B (en) * 2021-05-21 2022-03-15 郑州信大捷安信息技术股份有限公司 Detection method and system for collaborative signature and decrypted product
CN113255010A (en) * 2021-05-21 2021-08-13 郑州信大捷安信息技术股份有限公司 Detection method and system for collaborative signature and decrypted product
CN113055189A (en) * 2021-06-02 2021-06-29 工业信息安全(四川)创新中心有限公司 SM2 digital signature verification failure reason judgment method, device, equipment and medium
CN113158176B (en) * 2021-06-02 2022-08-02 工业信息安全(四川)创新中心有限公司 Public key analysis method, device, equipment and storage medium based on SM2 signature
CN113158176A (en) * 2021-06-02 2021-07-23 工业信息安全(四川)创新中心有限公司 Public key analysis method, device, equipment and storage medium based on SM2 signature
CN113468580A (en) * 2021-07-23 2021-10-01 建信金融科技有限责任公司 Multi-party collaborative signature method and system
CN113849831A (en) * 2021-08-27 2021-12-28 北京握奇数据股份有限公司 Two-party collaborative signature and decryption method and system based on SM2 algorithm
CN113904777B (en) * 2021-09-23 2023-10-03 武汉大学 SM2 digital signature algorithm-based signcryption method
CN113904777A (en) * 2021-09-23 2022-01-07 武汉大学 Signcryption method based on SM2 digital signature algorithm
CN114003948A (en) * 2021-10-12 2022-02-01 杭州趣链科技有限公司 Method for protecting user privacy based on online health consultation
CN114329518A (en) * 2021-12-10 2022-04-12 奇安信科技集团股份有限公司 Encryption and decryption method and device for software cryptographic module account
CN114329542A (en) * 2021-12-24 2022-04-12 上海市数字证书认证中心有限公司 File signature method, device, terminal and storage medium
CN114567448B (en) * 2022-04-29 2022-08-02 华南师范大学 Collaborative signature method and collaborative signature system
CN114567448A (en) * 2022-04-29 2022-05-31 华南师范大学 Collaborative signature method and collaborative signature system
CN115134093B (en) * 2022-08-30 2022-11-15 北京信安世纪科技股份有限公司 Digital signature method and computing device
CN115134093A (en) * 2022-08-30 2022-09-30 北京信安世纪科技股份有限公司 Digital signature method and computing device
CN115314205B (en) * 2022-10-11 2023-01-03 中安网脉(北京)技术股份有限公司 Collaborative signature system and method based on key segmentation
CN115314205A (en) * 2022-10-11 2022-11-08 中安网脉(北京)技术股份有限公司 Collaborative signature system and method based on key segmentation
CN115801322A (en) * 2022-10-20 2023-03-14 浪潮软件股份有限公司 Encryption method and system for realizing server-side secure communication
CN116318688A (en) * 2023-05-24 2023-06-23 北京信安世纪科技股份有限公司 Collaborative signature method, device and storage medium
CN116318688B (en) * 2023-05-24 2023-08-15 北京信安世纪科技股份有限公司 Collaborative signature method, device and storage medium

Also Published As

Publication number Publication date
CN107196763B (en) 2020-02-18

Similar Documents

Publication Publication Date Title
CN107196763A (en) SM2 algorithms collaboration signature and decryption method, device and system
Qadir et al. A review paper on cryptography
Kumar et al. Development of modified AES algorithm for data security
US20220141038A1 (en) Method of rsa signature or decryption protected using a homomorphic encryption
CN110933045A (en) Block chain digital asset privacy protection method based on commitment
Teh et al. A Chaos‐Based Authenticated Cipher with Associated Data
CN106789087A (en) Determine the data summarization of message, the method and system based on multi-party digital signature
MAQABLEH Analysis and design security primitives based on chaotic systems for ecommerce
Sakib Analysis of Fundamental Algebraic Concepts and Information Security System
Li et al. Differential fault analysis on Camellia
Bhowmik et al. A symmetric key based secret data sharing scheme
Chen et al. Controlled SWAP attack and improved quantum encryption of arbitrated quantum signature schemes
Sunday et al. An efficient data protection for cloud storage through encryption
US20040039918A1 (en) Secure approach to send data from one system to another
Asif et al. A review on classical and modern encryption techniques
Yap et al. Security analysis of GCM for communication
Al-Attab et al. Lightweight effective encryption algorithm for securing data in cloud computing
Hwang et al. PFX: an essence of authencryption for block‐cipher security
Kim et al. New Type of Collision Attack on First‐Order Masked AESs
CN115296806B (en) Quantum digital signature method and system without privacy amplification
Liu Software protection with encryption and verification
Preneel et al. Cryptographic Algorithms: Basic concepts and application to multimedia security
Oguntunde et al. A comparative study of some traditional and modern cryptographic techniques
Van Der Merwe et al. An examination of the security of the TR-31 and AS 2805 schemes
Kaushik et al. Stream Encryption Standard for Digital Images

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant