CN107342855B - Signature method based on SM2 algorithm - Google Patents
Signature method based on SM2 algorithm Download PDFInfo
- Publication number
- CN107342855B CN107342855B CN201710447438.8A CN201710447438A CN107342855B CN 107342855 B CN107342855 B CN 107342855B CN 201710447438 A CN201710447438 A CN 201710447438A CN 107342855 B CN107342855 B CN 107342855B
- Authority
- CN
- China
- Prior art keywords
- server
- client
- calculating
- signature
- mod
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
Abstract
The signature method based on the SM2 algorithm comprises the following steps: and S1, generating random subkeys a and b by the client and the server in a limited power mode, calculating the inverse elements of a and b for interactive processing to form a constant v, and calculating and outputting a public key P. S2, the client generates e according to the to-be-signed text M, meanwhile generates DH interaction k11 randomly, and transmits e and k11 to the server. S3, the server randomly generates DH interaction k22 and sends the DH interaction k to the client, the client and the server negotiate a temporary key k, and then the client generates a partial signature Q2. S4, the client transmits the Q2 to the server, the server synchronously calculates r and S, and finally outputs a signature value [ r, S ]. The invention avoids the risk of signature overflow caused by overlarge private key, further simplifies the algorithm and improves the operation efficiency.
Description
Technical Field
The invention relates to a signature method based on SM2 algorithm.
Background
The digital signature is an electronic password formed by generating a series of symbols and codes through certain password operation to carry out signature instead of writing signature or seal, the electronic signature can also be technically verified, and the verification accuracy is incomparable with the verification of common manual signature and seal. The digital signature is an electronic signature method which is most commonly applied, has the most mature technology and has the strongest operability in electronic commerce and electronic government at present.
In order to improve the security of the digital signature, the signature algorithm gradually develops towards the direction of less interaction and reduction of the number of transmission parameters, and the processing efficiency of the algorithm is gradually improved.
The Chinese invention patent with application publication number CN104243456A discloses a signature and decryption method and system based on SM2 algorithm, which are applicable to cloud computing, and can store partial private keys respectively at both communication sides, the two sides can only perform operations such as signature or decryption on messages by combining, and the two communication sides can not acquire any information of the private key of the other side, so that an attacker can not forge a signature or decrypt a ciphertext under the condition of invading any one of the two sides, thereby improving the security of the private key in a cloud computing environment; in addition, in the signing process and the decryption process, only the interaction of the two communication parties is needed, so that the application requirements of low delay and less interaction in the cloud computing environment can be met. But the first communication party and the second communication party both generate sub private keys with the length between [1, n-1], the product of the sub private keys can be larger than n, and the private key can be larger than n-2 in actual operation, so that the private key is too large to cause the risk of signature overflow. Moreover, the operation process is relatively complicated in the signature operation process, extra conditions are required for processing, multiple times of network interactive calculation are also required in the signature output process, and the operation efficiency is reduced.
Disclosure of Invention
In order to avoid the risk of signature overflow caused by overlarge private key, further simplify the algorithm and improve the operation efficiency, the invention provides a signature method based on the SM2 algorithm.
The invention provides the following technical scheme: a signature method based on SM2 algorithm comprises the following steps:
step a: the generation of the key is carried out in such a way that,
the client and the server share SM2 elliptic curve algorithm parameters E (Fq), G, n and Z, wherein the elliptic curve E is defined on a finite field Fq, G is a base point of an n-order on the elliptic curve E, and Z is a common identification of the two parties;
the client generates a sub-key a of the client, the server generates a sub-key b of the server, and the client and the server interactively generate a public key P;
step b: signature operation;
it is characterized in that the preparation method is characterized in that,
in the step a, both the client and the server generate random sub-keys a and b in a restricted power mode, so that the product of the sub-keys a and b is smaller than n-2; calculating the inverse elements of a and b for interactive processing to form a constant v, and calculating and outputting a public key P;
the signature operation of the step b comprises the following steps:
step b 1: the client generates e according to the to-be-signed original text M, meanwhile randomly generates DH interaction k11, and transmits e and k11 to the server;
step b 2: the DH interaction k22 generated randomly by the server is sent to the client, the client and the server negotiate a temporary key k, and then the client generates a partial signature Q2;
step b 3: the client transmits the Q2 to the server, and the server synchronously calculates r and s and finally outputs a signature value [ r, s ].
Further, in the step a, the method for generating the random subkeys a and b by using the restricted power mode comprises: SM2 elliptic curve algorithm parameter package shared by client and serverC and T, c being log2 nAnd c is an integer; t2q(c/2)Wherein the q function is an integer function;
making a randomly generated sub-key a between [1, T ] and a sub-key b between [1, T ];
and (3) calculating the inverse elements of the (a) and the (b) for interactive processing to form a constant v, wherein the method for calculating the output public key P comprises the following steps: the client calculates the inverse a of a-1mod n gives its value V1; calculating a [. alpha. ]]G gave a value of P1; sending the V1 and the P1 to a server; the server calculates the inverse element b of b-1mod n gives its value V2, and the result of calculating (V1 × V2) mod n is denoted as V; calculating public key information P ═ P1[ ]]b[-]G。
Further, the step b1 includes: the client side assembles Z and M into M ', calculates HASH (M'), and obtains a result as e;
the client randomly generates a random number k1 such that k1 is between [1, n]In 2k1mod n as k 11.
Further, the step b2 includes:
the server randomly generates a random number k2 such that k2 is between [1, n ]]In 2k2mod n is used as k22, and the server side sends k22 to the client side;
when the client utilizes k22k1mod n and server utilization k11k2mod n is calculated, and the same value k can be obtained;
at the client, calculating a point D (x, y) ═ k [ ] G on the elliptic curve, calculating (e + x) mod n to obtain r, if r is 0 or r + k is equal to n, renegotiating to generate k is needed, calculating Q2 ═ a × r, and sending Q2 to the server.
Further, the step b3 includes:
after receiving Q2, the server calculates (e + x) mod n to obtain r, [ v (k-Q2 b + r) ] mod n by using the same calculation formula, i.e., D (x, y) ═ k [ ] G, and then obtains a signature value s; if s is equal to 0, k needs to be regenerated for signature operation; and after operation, outputting [ r, s ] as a final signature value.
Has the advantages that:
1. by means of limiting the power, the product of each sub-key is not larger than n-2, the final key after the sub-keys are synthesized is guaranteed to be smaller than n-2, and the risk of signature overflow caused by overlarge private key is avoided.
2. The cloud calculates partial information in the synthesized signature value in advance in a precomputation mode, so that subsequent synthesis is facilitated to substitute, and the processing efficiency is improved. And realizing parallel operation. In the signature process, after the calculation of k is completed through interaction, the two parties can simultaneously carry out parallel operation to calculate the r value without carrying out network interaction of the r value.
3. DH interaction is adopted in the signature process, the DH interaction is used for generating a temporary parameter k by two parties, and under the condition of reducing the number of transmission parameters, only a large number product is transmitted, and the sub-secret key is not easy to be broken and restored.
4. And (4) quantitatively storing and using the space to win time. In the process of outputting the final s-signature, the V value output in the process of generating the key pair is directly adopted, and the calculation of (V1V 2) mod n is not repeated, so that the operation efficiency is improved.
Drawings
FIG. 1 is a flow chart of the method of the present invention.
Detailed Description
As shown in fig. 1, the general process of the method is as follows: and S1, generating random subkeys a and b by the client and the server in a limited power mode, calculating the inverse elements of a and b for interactive processing to form a constant v, and calculating and outputting a public key P. S2, the client generates e according to the to-be-signed text M, meanwhile generates DH interaction k11 randomly, and transmits e and k11 to the server. S3, the server randomly generates DH interaction k22 and sends the DH interaction k to the client, the client and the server negotiate a temporary key k, and then the client generates a partial signature Q2. S4, the client transmits the Q2 to the server, the server synchronously calculates r and S, and finally outputs a signature value [ r, S ].
The following is a detailed description of the specific process of the method: the method mainly comprises two processes of key generation and signature operation.
1. Key generation process
The client and the server share SM2 elliptic curve algorithm parameters E (Fq), G, n, c, Z and T, the elliptic curve E is defined on a finite field Fq, G is a base of n orders on the elliptic curve EPoint, c ═ log2 nAnd c is an integer; t2q(c/2)Wherein the q function is an integer taking function, and Z is the identity common to both parties.
The client generates a random number a such that a is between [1, T ], as a subkey for the client.
The server generates a random number b, so that b is between [1, T ], as a subkey of the server.
The client calculates the inverse a of a-1mod n gives its value V1; calculating a [. alpha. ]]G, the value of P1 was obtained. Sending the V1 and the P1 to a server; the server calculates the inverse element b of b-1mod n, whose value is V2, and the result is denoted V by calculating (V1 × V2) mod n; calculating public key information P ═ P1[ ]]b[-]G, wherein [. alpha. ]]For elliptic curve point multiplication calculation [ -]And calculating point subtraction of the elliptic curve.
The generation and distribution of the key are completed, the client side key is a, the service side key is b, and the public key P and the keyword v are contained.
2. Procedure for signature operation
The client side assembles Z and M into M ', calculates HASH (M'), obtains the result as e, and expresses the HASH as a preset HASH function.
The client randomly generates a random number k1 such that k1 is between [1, n]In 2k1mod n as k 11.
The client sends e and k11 to the server.
The server randomly generates a random number k2 such that k2 is between [1, n ]]In 2k2mod n as k 22.
The server sends k22 to the client.
When the client utilizes k22k1mod n and server utilization k11k2mod n, all can yield the same value of k.
At the client, calculating a point D (x, y) ═ k [ ] G on the elliptic curve, calculating (e + x) mod n to obtain r, if r is 0 or r + k is equal to n, renegotiating to generate k is needed, calculating Q2 ═ a × r, and sending Q2 to the server. Where [. sup. ] represents the dot multiplication on the curve (the same below).
After receiving Q2, the server calculates (e + x) mod n to obtain r, [ v (k-Q2 b + r) ] mod n, and then obtains the signature value s, according to the same calculation formula. If s is equal to 0, k needs to be regenerated for signature operation. And after operation, outputting [ r, s ] as a final signature value.
Claims (5)
1. A signature method based on SM2 algorithm comprises the following steps:
step a: the generation of the key is carried out in such a way that,
the client and the server share SM2 elliptic curve algorithm parameters E (Fq), G, n and Z, wherein the elliptic curve E is defined on a finite field Fq, G is a base point of an n-order on the elliptic curve E, and Z is a common identification of the two parties;
the client generates a sub-key a of the client, the server generates a sub-key b of the server, and the client and the server interactively generate a public key P;
step b: signature operation;
it is characterized in that the preparation method is characterized in that,
in the step a, both the client and the server generate random sub-keys a and b in a restricted power mode, so that the product of the sub-keys a and b is smaller than n-2; calculating the inverse elements of a and b for interactive processing to form a constant v, and calculating and outputting a public key P;
the signature operation of the step b comprises the following steps:
step b 1: the client generates e according to the to-be-signed original text M, meanwhile randomly generates DH interaction k11, and transmits e and k11 to the server;
step b 2: the DH interaction k22 generated randomly by the server is sent to the client, the client and the server negotiate a temporary key k, and then the client generates a partial signature Q2;
step b 3: the client transmits Q2 to the server, the server synchronously calculates r and s, and finally outputs a signature value [ r, s ];
DH, an acronym for Diffie-Hellman, is a key exchange protocol.
2. The SM2 algorithm-based signing method of claim 1,
in the step a, the method adoptsThe method for generating the random subkeys a and b by limiting the power mode comprises the following steps: the SM2 elliptic curve algorithm parameters shared by the client and the server also comprise c and T, wherein c is log2 nAnd c is an integer; t2q(c/2)Wherein the q function is an integer function;
making a randomly generated sub-key a between [1, T ] and a sub-key b between [1, T ];
and (3) calculating the inverse elements of the (a) and the (b) for interactive processing to form a constant v, wherein the method for calculating the output public key P comprises the following steps: the client calculates the inverse a of a-1mod n gives its value V1; calculating a [. alpha. ]]G gave a value of P1; sending the V1 and the P1 to a server; the server calculates the inverse element b of b-1mod n gives its value V2, and the result of calculating (V1 × V2) mod n is denoted as V; calculating public key information P ═ P1[ ]]b[-]G;
Wherein [ ] is elliptic curve point multiplication calculation, and [ - ] is elliptic curve point subtraction calculation.
3. The SM2 algorithm-based signing method of claim 1, wherein the step b1 comprises: the client side assembles Z and M into M ', calculates HASH (M'), and obtains a result as e;
the client randomly generates a random number k1 such that k1 is between [1, n]In 2k1mod n as k 11.
4. The SM2 algorithm-based signing method of claim 1, wherein the step b2 comprises:
the server randomly generates a random number k2 such that k2 is between [1, n ]]In 2k2mod n is used as k22, and the server side sends k22 to the client side;
when the client utilizes k22k1mod n and server utilization k11k2mod n is calculated, and the same value k can be obtained;
at the client, calculating a point D (x, y) ═ k [ ] G on the elliptic curve, calculating (e + x) mod n to obtain r, if r is 0 or r + k is equal to n, renegotiating to generate k, calculating Q2 ═ a × r, and sending Q2 to the server;
wherein [ ] is elliptic curve point multiplication calculation, and [ - ] is elliptic curve point subtraction calculation.
5. The SM2 algorithm-based signing method of claim 1, wherein the step b3 comprises:
after receiving Q2, the server calculates (e + x) mod n to obtain r, [ v (k-Q2 b + r) ] mod n by using the same calculation formula, i.e., D (x, y) ═ k [ ] G, and then obtains a signature value s; if s is equal to 0, k needs to be regenerated for signature operation; after operation, outputting [ r, s ] as a final signature value;
wherein [ ] is elliptic curve point multiplication calculation, and [ - ] is elliptic curve point subtraction calculation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710447438.8A CN107342855B (en) | 2017-06-14 | 2017-06-14 | Signature method based on SM2 algorithm |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710447438.8A CN107342855B (en) | 2017-06-14 | 2017-06-14 | Signature method based on SM2 algorithm |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107342855A CN107342855A (en) | 2017-11-10 |
CN107342855B true CN107342855B (en) | 2021-02-09 |
Family
ID=60220778
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710447438.8A Active CN107342855B (en) | 2017-06-14 | 2017-06-14 | Signature method based on SM2 algorithm |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107342855B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109936455B (en) * | 2017-12-19 | 2022-06-07 | 航天信息股份有限公司 | Digital signature method, device and system |
CN109450640B (en) * | 2018-10-24 | 2022-05-17 | 成都卫士通信息产业股份有限公司 | SM 2-based two-party signature method and system |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104243456A (en) * | 2014-08-29 | 2014-12-24 | 中国科学院信息工程研究所 | Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm |
-
2017
- 2017-06-14 CN CN201710447438.8A patent/CN107342855B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104243456A (en) * | 2014-08-29 | 2014-12-24 | 中国科学院信息工程研究所 | Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm |
Also Published As
Publication number | Publication date |
---|---|
CN107342855A (en) | 2017-11-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104243456B (en) | Suitable for signature of the cloud computing based on SM2 algorithms and decryption method and system | |
US9172529B2 (en) | Hybrid encryption schemes | |
US11546135B2 (en) | Key sequence generation for cryptographic operations | |
CN111585759B (en) | Efficient on-line and off-line encryption method based on SM9 public key encryption algorithm | |
CN109450640B (en) | SM 2-based two-party signature method and system | |
CN105099672A (en) | Hybrid encryption method and device for realizing the same | |
WO2009026771A1 (en) | The method for negotiating the key, encrypting and decrypting the information, signing and authenticating the information | |
CN109743166B (en) | Multiparty signature generation method and security information verification system | |
CN109995509B (en) | Authentication key exchange method based on message recovery signature | |
WO2016088453A1 (en) | Encryption apparatus, decryption apparatus, cryptography processing system, encryption method, decryption method, encryption program, and decryption program | |
CN107342855B (en) | Signature method based on SM2 algorithm | |
JunLi et al. | Email encryption system based on hybrid AES and ECC | |
CN110535636B (en) | Lightweight cooperative signature method and device based on SM2 algorithm | |
CN115994559A (en) | Efficient method for converting unintentional neural network | |
Tiwari | Cryptography in blockchain | |
US20060251248A1 (en) | Public key cryptographic methods and systems with preprocessing | |
US10615961B2 (en) | Method and encryption node for encrypting message | |
EP2571192A1 (en) | Hybrid encryption schemes | |
US20080019508A1 (en) | Public key cryptographic methods and systems with rebalancing | |
EP3996321A1 (en) | Method for processing encrypted data | |
WO2022172041A1 (en) | Asymmetric cryptographic schemes | |
EP3923512A1 (en) | Method for processing encrypted data | |
CN113849831A (en) | Two-party collaborative signature and decryption method and system based on SM2 algorithm | |
CN112822026B (en) | Digital signature method, device and system | |
Al-Doori et al. | Securing IoT Networks with NTRU Cryptosystem: A Practical Approach on ARM-based Devices for Edge and Fog Layer Integration. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP01 | Change in the name or title of a patent holder | ||
CP01 | Change in the name or title of a patent holder |
Address after: 250101 room 2301, 6 tower, Shun Tai Plaza, 2000 Shun Hua Road, hi tech Zone, Ji'nan, Shandong. Patentee after: Tongzhi Weiye Software Co.,Ltd. Address before: 250101 room 2301, 6 tower, Shun Tai Plaza, 2000 Shun Hua Road, hi tech Zone, Ji'nan, Shandong. Patentee before: SHANDONG TONGZHI WEIYE SOFTWARE Co.,Ltd. |