CN107342855B - Signature method based on SM2 algorithm - Google Patents

Signature method based on SM2 algorithm Download PDF

Info

Publication number
CN107342855B
CN107342855B CN201710447438.8A CN201710447438A CN107342855B CN 107342855 B CN107342855 B CN 107342855B CN 201710447438 A CN201710447438 A CN 201710447438A CN 107342855 B CN107342855 B CN 107342855B
Authority
CN
China
Prior art keywords
server
client
calculating
signature
mod
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710447438.8A
Other languages
Chinese (zh)
Other versions
CN107342855A (en
Inventor
王永起
王珂
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tongzhi Weiye Software Co.,Ltd.
Original Assignee
Shandong Tongzhi Weiye Software Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Tongzhi Weiye Software Co ltd filed Critical Shandong Tongzhi Weiye Software Co ltd
Priority to CN201710447438.8A priority Critical patent/CN107342855B/en
Publication of CN107342855A publication Critical patent/CN107342855A/en
Application granted granted Critical
Publication of CN107342855B publication Critical patent/CN107342855B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves

Abstract

The signature method based on the SM2 algorithm comprises the following steps: and S1, generating random subkeys a and b by the client and the server in a limited power mode, calculating the inverse elements of a and b for interactive processing to form a constant v, and calculating and outputting a public key P. S2, the client generates e according to the to-be-signed text M, meanwhile generates DH interaction k11 randomly, and transmits e and k11 to the server. S3, the server randomly generates DH interaction k22 and sends the DH interaction k to the client, the client and the server negotiate a temporary key k, and then the client generates a partial signature Q2. S4, the client transmits the Q2 to the server, the server synchronously calculates r and S, and finally outputs a signature value [ r, S ]. The invention avoids the risk of signature overflow caused by overlarge private key, further simplifies the algorithm and improves the operation efficiency.

Description

Signature method based on SM2 algorithm
Technical Field
The invention relates to a signature method based on SM2 algorithm.
Background
The digital signature is an electronic password formed by generating a series of symbols and codes through certain password operation to carry out signature instead of writing signature or seal, the electronic signature can also be technically verified, and the verification accuracy is incomparable with the verification of common manual signature and seal. The digital signature is an electronic signature method which is most commonly applied, has the most mature technology and has the strongest operability in electronic commerce and electronic government at present.
In order to improve the security of the digital signature, the signature algorithm gradually develops towards the direction of less interaction and reduction of the number of transmission parameters, and the processing efficiency of the algorithm is gradually improved.
The Chinese invention patent with application publication number CN104243456A discloses a signature and decryption method and system based on SM2 algorithm, which are applicable to cloud computing, and can store partial private keys respectively at both communication sides, the two sides can only perform operations such as signature or decryption on messages by combining, and the two communication sides can not acquire any information of the private key of the other side, so that an attacker can not forge a signature or decrypt a ciphertext under the condition of invading any one of the two sides, thereby improving the security of the private key in a cloud computing environment; in addition, in the signing process and the decryption process, only the interaction of the two communication parties is needed, so that the application requirements of low delay and less interaction in the cloud computing environment can be met. But the first communication party and the second communication party both generate sub private keys with the length between [1, n-1], the product of the sub private keys can be larger than n, and the private key can be larger than n-2 in actual operation, so that the private key is too large to cause the risk of signature overflow. Moreover, the operation process is relatively complicated in the signature operation process, extra conditions are required for processing, multiple times of network interactive calculation are also required in the signature output process, and the operation efficiency is reduced.
Disclosure of Invention
In order to avoid the risk of signature overflow caused by overlarge private key, further simplify the algorithm and improve the operation efficiency, the invention provides a signature method based on the SM2 algorithm.
The invention provides the following technical scheme: a signature method based on SM2 algorithm comprises the following steps:
step a: the generation of the key is carried out in such a way that,
the client and the server share SM2 elliptic curve algorithm parameters E (Fq), G, n and Z, wherein the elliptic curve E is defined on a finite field Fq, G is a base point of an n-order on the elliptic curve E, and Z is a common identification of the two parties;
the client generates a sub-key a of the client, the server generates a sub-key b of the server, and the client and the server interactively generate a public key P;
step b: signature operation;
it is characterized in that the preparation method is characterized in that,
in the step a, both the client and the server generate random sub-keys a and b in a restricted power mode, so that the product of the sub-keys a and b is smaller than n-2; calculating the inverse elements of a and b for interactive processing to form a constant v, and calculating and outputting a public key P;
the signature operation of the step b comprises the following steps:
step b 1: the client generates e according to the to-be-signed original text M, meanwhile randomly generates DH interaction k11, and transmits e and k11 to the server;
step b 2: the DH interaction k22 generated randomly by the server is sent to the client, the client and the server negotiate a temporary key k, and then the client generates a partial signature Q2;
step b 3: the client transmits the Q2 to the server, and the server synchronously calculates r and s and finally outputs a signature value [ r, s ].
Further, in the step a, the method for generating the random subkeys a and b by using the restricted power mode comprises: SM2 elliptic curve algorithm parameter package shared by client and serverC and T, c being log2 nAnd c is an integer; t2q(c/2)Wherein the q function is an integer function;
making a randomly generated sub-key a between [1, T ] and a sub-key b between [1, T ];
and (3) calculating the inverse elements of the (a) and the (b) for interactive processing to form a constant v, wherein the method for calculating the output public key P comprises the following steps: the client calculates the inverse a of a-1mod n gives its value V1; calculating a [. alpha. ]]G gave a value of P1; sending the V1 and the P1 to a server; the server calculates the inverse element b of b-1mod n gives its value V2, and the result of calculating (V1 × V2) mod n is denoted as V; calculating public key information P ═ P1[ ]]b[-]G。
Further, the step b1 includes: the client side assembles Z and M into M ', calculates HASH (M'), and obtains a result as e;
the client randomly generates a random number k1 such that k1 is between [1, n]In 2k1mod n as k 11.
Further, the step b2 includes:
the server randomly generates a random number k2 such that k2 is between [1, n ]]In 2k2mod n is used as k22, and the server side sends k22 to the client side;
when the client utilizes k22k1mod n and server utilization k11k2mod n is calculated, and the same value k can be obtained;
at the client, calculating a point D (x, y) ═ k [ ] G on the elliptic curve, calculating (e + x) mod n to obtain r, if r is 0 or r + k is equal to n, renegotiating to generate k is needed, calculating Q2 ═ a × r, and sending Q2 to the server.
Further, the step b3 includes:
after receiving Q2, the server calculates (e + x) mod n to obtain r, [ v (k-Q2 b + r) ] mod n by using the same calculation formula, i.e., D (x, y) ═ k [ ] G, and then obtains a signature value s; if s is equal to 0, k needs to be regenerated for signature operation; and after operation, outputting [ r, s ] as a final signature value.
Has the advantages that:
1. by means of limiting the power, the product of each sub-key is not larger than n-2, the final key after the sub-keys are synthesized is guaranteed to be smaller than n-2, and the risk of signature overflow caused by overlarge private key is avoided.
2. The cloud calculates partial information in the synthesized signature value in advance in a precomputation mode, so that subsequent synthesis is facilitated to substitute, and the processing efficiency is improved. And realizing parallel operation. In the signature process, after the calculation of k is completed through interaction, the two parties can simultaneously carry out parallel operation to calculate the r value without carrying out network interaction of the r value.
3. DH interaction is adopted in the signature process, the DH interaction is used for generating a temporary parameter k by two parties, and under the condition of reducing the number of transmission parameters, only a large number product is transmitted, and the sub-secret key is not easy to be broken and restored.
4. And (4) quantitatively storing and using the space to win time. In the process of outputting the final s-signature, the V value output in the process of generating the key pair is directly adopted, and the calculation of (V1V 2) mod n is not repeated, so that the operation efficiency is improved.
Drawings
FIG. 1 is a flow chart of the method of the present invention.
Detailed Description
As shown in fig. 1, the general process of the method is as follows: and S1, generating random subkeys a and b by the client and the server in a limited power mode, calculating the inverse elements of a and b for interactive processing to form a constant v, and calculating and outputting a public key P. S2, the client generates e according to the to-be-signed text M, meanwhile generates DH interaction k11 randomly, and transmits e and k11 to the server. S3, the server randomly generates DH interaction k22 and sends the DH interaction k to the client, the client and the server negotiate a temporary key k, and then the client generates a partial signature Q2. S4, the client transmits the Q2 to the server, the server synchronously calculates r and S, and finally outputs a signature value [ r, S ].
The following is a detailed description of the specific process of the method: the method mainly comprises two processes of key generation and signature operation.
1. Key generation process
The client and the server share SM2 elliptic curve algorithm parameters E (Fq), G, n, c, Z and T, the elliptic curve E is defined on a finite field Fq, G is a base of n orders on the elliptic curve EPoint, c ═ log2 nAnd c is an integer; t2q(c/2)Wherein the q function is an integer taking function, and Z is the identity common to both parties.
The client generates a random number a such that a is between [1, T ], as a subkey for the client.
The server generates a random number b, so that b is between [1, T ], as a subkey of the server.
The client calculates the inverse a of a-1mod n gives its value V1; calculating a [. alpha. ]]G, the value of P1 was obtained. Sending the V1 and the P1 to a server; the server calculates the inverse element b of b-1mod n, whose value is V2, and the result is denoted V by calculating (V1 × V2) mod n; calculating public key information P ═ P1[ ]]b[-]G, wherein [. alpha. ]]For elliptic curve point multiplication calculation [ -]And calculating point subtraction of the elliptic curve.
The generation and distribution of the key are completed, the client side key is a, the service side key is b, and the public key P and the keyword v are contained.
2. Procedure for signature operation
The client side assembles Z and M into M ', calculates HASH (M'), obtains the result as e, and expresses the HASH as a preset HASH function.
The client randomly generates a random number k1 such that k1 is between [1, n]In 2k1mod n as k 11.
The client sends e and k11 to the server.
The server randomly generates a random number k2 such that k2 is between [1, n ]]In 2k2mod n as k 22.
The server sends k22 to the client.
When the client utilizes k22k1mod n and server utilization k11k2mod n, all can yield the same value of k.
At the client, calculating a point D (x, y) ═ k [ ] G on the elliptic curve, calculating (e + x) mod n to obtain r, if r is 0 or r + k is equal to n, renegotiating to generate k is needed, calculating Q2 ═ a × r, and sending Q2 to the server. Where [. sup. ] represents the dot multiplication on the curve (the same below).
After receiving Q2, the server calculates (e + x) mod n to obtain r, [ v (k-Q2 b + r) ] mod n, and then obtains the signature value s, according to the same calculation formula. If s is equal to 0, k needs to be regenerated for signature operation. And after operation, outputting [ r, s ] as a final signature value.

Claims (5)

1. A signature method based on SM2 algorithm comprises the following steps:
step a: the generation of the key is carried out in such a way that,
the client and the server share SM2 elliptic curve algorithm parameters E (Fq), G, n and Z, wherein the elliptic curve E is defined on a finite field Fq, G is a base point of an n-order on the elliptic curve E, and Z is a common identification of the two parties;
the client generates a sub-key a of the client, the server generates a sub-key b of the server, and the client and the server interactively generate a public key P;
step b: signature operation;
it is characterized in that the preparation method is characterized in that,
in the step a, both the client and the server generate random sub-keys a and b in a restricted power mode, so that the product of the sub-keys a and b is smaller than n-2; calculating the inverse elements of a and b for interactive processing to form a constant v, and calculating and outputting a public key P;
the signature operation of the step b comprises the following steps:
step b 1: the client generates e according to the to-be-signed original text M, meanwhile randomly generates DH interaction k11, and transmits e and k11 to the server;
step b 2: the DH interaction k22 generated randomly by the server is sent to the client, the client and the server negotiate a temporary key k, and then the client generates a partial signature Q2;
step b 3: the client transmits Q2 to the server, the server synchronously calculates r and s, and finally outputs a signature value [ r, s ];
DH, an acronym for Diffie-Hellman, is a key exchange protocol.
2. The SM2 algorithm-based signing method of claim 1,
in the step a, the method adoptsThe method for generating the random subkeys a and b by limiting the power mode comprises the following steps: the SM2 elliptic curve algorithm parameters shared by the client and the server also comprise c and T, wherein c is log2 nAnd c is an integer; t2q(c/2)Wherein the q function is an integer function;
making a randomly generated sub-key a between [1, T ] and a sub-key b between [1, T ];
and (3) calculating the inverse elements of the (a) and the (b) for interactive processing to form a constant v, wherein the method for calculating the output public key P comprises the following steps: the client calculates the inverse a of a-1mod n gives its value V1; calculating a [. alpha. ]]G gave a value of P1; sending the V1 and the P1 to a server; the server calculates the inverse element b of b-1mod n gives its value V2, and the result of calculating (V1 × V2) mod n is denoted as V; calculating public key information P ═ P1[ ]]b[-]G;
Wherein [ ] is elliptic curve point multiplication calculation, and [ - ] is elliptic curve point subtraction calculation.
3. The SM2 algorithm-based signing method of claim 1, wherein the step b1 comprises: the client side assembles Z and M into M ', calculates HASH (M'), and obtains a result as e;
the client randomly generates a random number k1 such that k1 is between [1, n]In 2k1mod n as k 11.
4. The SM2 algorithm-based signing method of claim 1, wherein the step b2 comprises:
the server randomly generates a random number k2 such that k2 is between [1, n ]]In 2k2mod n is used as k22, and the server side sends k22 to the client side;
when the client utilizes k22k1mod n and server utilization k11k2mod n is calculated, and the same value k can be obtained;
at the client, calculating a point D (x, y) ═ k [ ] G on the elliptic curve, calculating (e + x) mod n to obtain r, if r is 0 or r + k is equal to n, renegotiating to generate k, calculating Q2 ═ a × r, and sending Q2 to the server;
wherein [ ] is elliptic curve point multiplication calculation, and [ - ] is elliptic curve point subtraction calculation.
5. The SM2 algorithm-based signing method of claim 1, wherein the step b3 comprises:
after receiving Q2, the server calculates (e + x) mod n to obtain r, [ v (k-Q2 b + r) ] mod n by using the same calculation formula, i.e., D (x, y) ═ k [ ] G, and then obtains a signature value s; if s is equal to 0, k needs to be regenerated for signature operation; after operation, outputting [ r, s ] as a final signature value;
wherein [ ] is elliptic curve point multiplication calculation, and [ - ] is elliptic curve point subtraction calculation.
CN201710447438.8A 2017-06-14 2017-06-14 Signature method based on SM2 algorithm Active CN107342855B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710447438.8A CN107342855B (en) 2017-06-14 2017-06-14 Signature method based on SM2 algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710447438.8A CN107342855B (en) 2017-06-14 2017-06-14 Signature method based on SM2 algorithm

Publications (2)

Publication Number Publication Date
CN107342855A CN107342855A (en) 2017-11-10
CN107342855B true CN107342855B (en) 2021-02-09

Family

ID=60220778

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710447438.8A Active CN107342855B (en) 2017-06-14 2017-06-14 Signature method based on SM2 algorithm

Country Status (1)

Country Link
CN (1) CN107342855B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109936455B (en) * 2017-12-19 2022-06-07 航天信息股份有限公司 Digital signature method, device and system
CN109450640B (en) * 2018-10-24 2022-05-17 成都卫士通信息产业股份有限公司 SM 2-based two-party signature method and system

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104243456A (en) * 2014-08-29 2014-12-24 中国科学院信息工程研究所 Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104243456A (en) * 2014-08-29 2014-12-24 中国科学院信息工程研究所 Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm

Also Published As

Publication number Publication date
CN107342855A (en) 2017-11-10

Similar Documents

Publication Publication Date Title
CN104243456B (en) Suitable for signature of the cloud computing based on SM2 algorithms and decryption method and system
US9172529B2 (en) Hybrid encryption schemes
US11546135B2 (en) Key sequence generation for cryptographic operations
CN111585759B (en) Efficient on-line and off-line encryption method based on SM9 public key encryption algorithm
CN109450640B (en) SM 2-based two-party signature method and system
CN105099672A (en) Hybrid encryption method and device for realizing the same
WO2009026771A1 (en) The method for negotiating the key, encrypting and decrypting the information, signing and authenticating the information
CN109743166B (en) Multiparty signature generation method and security information verification system
CN109995509B (en) Authentication key exchange method based on message recovery signature
WO2016088453A1 (en) Encryption apparatus, decryption apparatus, cryptography processing system, encryption method, decryption method, encryption program, and decryption program
CN107342855B (en) Signature method based on SM2 algorithm
JunLi et al. Email encryption system based on hybrid AES and ECC
CN110535636B (en) Lightweight cooperative signature method and device based on SM2 algorithm
CN115994559A (en) Efficient method for converting unintentional neural network
Tiwari Cryptography in blockchain
US20060251248A1 (en) Public key cryptographic methods and systems with preprocessing
US10615961B2 (en) Method and encryption node for encrypting message
EP2571192A1 (en) Hybrid encryption schemes
US20080019508A1 (en) Public key cryptographic methods and systems with rebalancing
EP3996321A1 (en) Method for processing encrypted data
WO2022172041A1 (en) Asymmetric cryptographic schemes
EP3923512A1 (en) Method for processing encrypted data
CN113849831A (en) Two-party collaborative signature and decryption method and system based on SM2 algorithm
CN112822026B (en) Digital signature method, device and system
Al-Doori et al. Securing IoT Networks with NTRU Cryptosystem: A Practical Approach on ARM-based Devices for Edge and Fog Layer Integration.

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 250101 room 2301, 6 tower, Shun Tai Plaza, 2000 Shun Hua Road, hi tech Zone, Ji'nan, Shandong.

Patentee after: Tongzhi Weiye Software Co.,Ltd.

Address before: 250101 room 2301, 6 tower, Shun Tai Plaza, 2000 Shun Hua Road, hi tech Zone, Ji'nan, Shandong.

Patentee before: SHANDONG TONGZHI WEIYE SOFTWARE Co.,Ltd.