CN108306737A - A kind of method of ether mill cryptographic algorithm production domesticization - Google Patents

A kind of method of ether mill cryptographic algorithm production domesticization Download PDF

Info

Publication number
CN108306737A
CN108306737A CN201711395856.3A CN201711395856A CN108306737A CN 108306737 A CN108306737 A CN 108306737A CN 201711395856 A CN201711395856 A CN 201711395856A CN 108306737 A CN108306737 A CN 108306737A
Authority
CN
China
Prior art keywords
algorithm
type
encryption algorithm
encryption
added
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711395856.3A
Other languages
Chinese (zh)
Inventor
张锐
何恺
肖禹亭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Information Engineering of CAS
Original Assignee
Institute of Information Engineering of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Information Engineering of CAS filed Critical Institute of Information Engineering of CAS
Priority to CN201711395856.3A priority Critical patent/CN108306737A/en
Publication of CN108306737A publication Critical patent/CN108306737A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The method of ether mill provided in an embodiment of the present invention cryptographic algorithm production domesticization, the method are applied to the block platform chain, including:Obtain confidential information to be added;According to the type of the confidential information to be added, Encryption Algorithm corresponding with the type is obtained;Wherein, the Encryption Algorithm is to substitute the domestic cryptographic algorithm of ether mill Open Source Code foreign countries cryptographic algorithm;The confidential information to be added is encrypted according to the Encryption Algorithm, to generate encryption information.The method of ether mill provided in an embodiment of the present invention cryptographic algorithm production domesticization, the external cryptographic algorithm in ether mill is replaced using domestic cryptographic algorithm, and carry out the adjustment of parameter, the extension of SM3 hashed value length, the verification etc. by restoring public key realization SM2 signature algorithms, since external cryptographic algorithm is dangerous, there may be implantation back door, truly autonomous controllable can be realized using the domestic cryptographic algorithm after replacement.

Description

A kind of method of ether mill cryptographic algorithm production domesticization
Technical field
The present embodiments relate to block chain technical fields, and in particular to a kind of side of ether mill cryptographic algorithm production domesticization Method.
Background technology
Block chain technique functions are derived from bit coin, are a kind of distributed storages for protecting data safety using cryptography method Technology, having the significant properties such as can not distort, can not forge, and be widely used in digital economy, internet improvement and big data Multiple technical fields such as development.The essence of block chain is that safe and reliable data store and process, and then cryptographic algorithm just becomes The part of the most critical of block platform chain.
However, the block platform chain of mainstream generally uses external cryptographic algorithm at present, such as ECDSA elliptic curve label Name algorithm, SHA3 cryptographic Hash algorithm, RIPEMD160 cryptographic Hash algorithm, AES block ciphers etc..These algorithms are most It is the algorithm of Unite States Standard.
Information security has risen to today of national strategy, and core algorithm-cryptographic algorithm of block chain ought to be autonomous Controllably.
Invention content
In view of the problems of the existing technology, the embodiment of the present invention provides a kind of side of ether mill cryptographic algorithm production domesticization Method.
The method that the embodiment of the present invention provides a kind of cryptographic algorithm production domesticization of ether mill, the method includes:
Obtain confidential information to be added;
According to the type of the confidential information to be added, Encryption Algorithm corresponding with the type is obtained;Wherein, described to add Close algorithm is the domestic cryptographic algorithm for substituting ether mill Open Source Code foreign countries cryptographic algorithm;
The confidential information to be added is encrypted according to the Encryption Algorithm, to generate encryption information.
The method of ether mill provided in an embodiment of the present invention cryptographic algorithm production domesticization, using domestic cryptographic algorithm replace with External cryptographic algorithm too in mill, and carry out the adjustment of parameter, the extension of SM3 hashed value length, realized by restoring public key The verification etc. of SM2 signature algorithms may have implantation back door since external cryptographic algorithm is dangerous, using domestic close after replacement Code algorithm can realize truly autonomous controllable.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, below will to embodiment or Attached drawing needed to be used in the description of the prior art is briefly described, it should be apparent that, the accompanying drawings in the following description is this Some embodiments of invention without creative efforts, may be used also for those of ordinary skill in the art With obtain other attached drawings according to these attached drawings.
Fig. 1 is the method flow schematic diagram of ether of embodiment of the present invention mill cryptographic algorithm production domesticization.
Specific implementation mode
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people The every other embodiment that member is obtained without creative efforts, shall fall within the protection scope of the present invention.
Fig. 1 is the method flow schematic diagram of ether of embodiment of the present invention mill cryptographic algorithm production domesticization, as shown in Figure 1, this hair A kind of method for ether mill cryptographic algorithm production domesticization that bright embodiment provides, includes the following steps:
S1:Obtain confidential information to be added.
Specifically, the cipher processing apparatus in block platform chain obtains confidential information to be added.Confidential information to be added may include not Same type.
S2:According to the type of the confidential information to be added, Encryption Algorithm corresponding with the type is obtained;Wherein, described Encryption Algorithm is to substitute the domestic cryptographic algorithm of ether mill Open Source Code foreign countries cryptographic algorithm.
Specifically, type of the cipher processing apparatus according to the confidential information to be added, obtains add corresponding with the type Close algorithm;Wherein, the Encryption Algorithm is to substitute the domestic cryptographic algorithm of ether mill Open Source Code foreign countries cryptographic algorithm.It is to be added The type of confidential information may include signature character, public key character and abstract character etc., Encryption Algorithm corresponding with signature character Can be SM2 Digital Signature Algorithms;Encryption Algorithm corresponding with public key character can be SM2 public key encryption algorithms;With pluck It can be SM3 cryptographic Hash algorithms to want the corresponding Encryption Algorithm of character.It should be noted that:Above-mentioned SM2 digital signature is calculated Method, SM2 public key encryption algorithms and SM3 cryptographic Hash algorithm are all domestic cryptographic algorithms;It can be replaced with SM2 Digital Signature Algorithms For the ellipse curve signature algorithm ECDSA of ether mill Open Source Code;Ether mill can be substituted with SM2 public key encryption algorithms to increase income The elliptic curve integration encryption algorithm ECIES of code;SM3 cryptographic Hash algorithms can be used to substitute the one of ether mill Open Source Code Serial hash algorithm can be SHA3 algorithms.
S3:The confidential information to be added is encrypted according to the Encryption Algorithm, to generate encryption information.
Specifically, cipher processing apparatus is encrypted the confidential information to be added according to the Encryption Algorithm, with life At encryption information.It is illustrated below:
One, Digital Signature Algorithm sample data
Ellipse curve signature algorithm ECDSA examples:
The encapsulation that all cryptographic algorithm interfaces are contained in the crypto submodules in ether mill, under crypto modules Also secp256k1 attached bags, the packet realize the basic operation on secp256k1 curves domain, use secp256k1 curves y^2 It is illustrated for=x^3+ax+b:
Parameter of curve:
P=FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F
A=00000000 00,000,000 00,000,000 00,000,000 00,000,000 00,000,000 00000000 00000000
B=00000000 00,000,000 00,000,000 00,000,000 00,000,000 00,000,000 00000000 00000007
Basic point G:
Gx=79BE667E F9DCBBAC 55A06295CE870B07 029BFCDB 2DCE28D9 59F2815B 16F81798
Gy=483ADA77 26A3C465 5DA4FBFC 0E1108A8FD17B448 A6855419 9C47D08F FB10D4B8
Rank n:
N=FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141
Generate public private key pair:
Prv=4d17899cbd204fdef0ddcac345dd8ae826de063d39d30a5b270d fb58cf32bdd0
Pub=(744444566f38297da677000ba1f09d897180c53d22fb8abc108 b7f88c6121f0c,
886ef5e9d6ce015dd9cdd0c7927ff13b649510a959d212f1446577f4 8895983d)
Character string of signing (signature character):
“may4thbwizu”
Signature output:
R=caa814bf03e32cc2c5f2b72151af83172d3e2902389186e43788b0 a2d1352ae4e3
S=a1fab94862e83b50e929630fbd44d62cf7399e9ca2faab1bc8bb24 a 22d9ad200
SM2 Digital Signature Algorithm examples:
Parameter uses the curve provided in SM2 standards.
Generate public private key pair:
Prv=9655826314c9cfddb1e17341ad52afe009c625b159c9cc7d5cde 41733d3b9cf3
Pub=(2bdcd5db5042bbc0d1fcee1aeef964fc22a8254354ad8be30d1 3052ddddf61cd,
144ad97e61ce26d200d3b7688581b508072b96b1aa7a923e6539a7e e8233b816)
Character string of signing (signature character):
“may4thbwizu”
Signature output:
R=b1578406895b69bb3bc6bec3874bd0fc7e00c6caae3b8a401ddd2a 20603c9412
S=9b802e5eb1115193e26388421c643f9cc998f3006f66f64f5a298b a a578e98e.
Two, public key encryption algorithm sample data:
Elliptic curve integration encryption algorithm ECIES examples:
Generate public private key pair:
Prv=13d08f4a34a9c87db08c102485c017f62c97988e33621b099c7b 17a55d47c95f
Pub=(76b7de101c63816487232bd25539fd4c07090012b643856a17 82b65351d5992e,
de3aae59b3b988c69b92eecf0b67ce4291e9ae08b82420aaabbbb72a eb9c258f)
Encrypted characters string (public key character):
“Hello,world.”
Ciphertext after encryption:
04ec30defd14b52d1bf427f21e072f5e15a11591a6258a652729ea0 c5b9baea3e015f4147ee6163ea1a4106b0683087220ccae44bbc2caafad29 ddac73e905b08bab17afd574ec08ded8fec7c6127afd197218ff8644ad48d 143508a143f890274d99da70497235b0cbc1317a5cc05b507b82865553e 0810167de5b74a4c
Message after decryption:
48656c6c6f2c20776f726c642e, i.e., " ASCII of Hello, world. " are encoded.
SM2 public key encryption algorithm examples:
Generate public private key pair:
Prv=ded17a6bf28bf5c469a882ccc37bf618d1cda2e543767dbd7d36 de6cd8cafe4
Pub=(2d282e530b9a377de1a0dbc2a6059084be5d6220cbea083909 b31a9b9dd360ac,
180991a4f674eb43f906acdfa0fad9205652caa3d0a74b55bdf6ad839 609ae5b)
Encrypted characters string (public key character):
“Hello,world.”
Ciphertext after encryption:
04435dd04fafcbd7eb9bac470ae973f3bd4560a0398373e20d4926 789130882afb208551e8bd21b8ef3cfdf31dccc93eb76859a66a2c8cc1539 c5f4a8db18219feabb9768cfad8a2f3af2c02cd6377d268ee9b3be3ea9f4a3 3c95443beaf80db16ec48cf92a52dfe9b0fe19889b4
Message after decryption:
48656c6c6f2c20776f726c642e, i.e., " ASCII of Hello, world. " are encoded.
Three, cryptographic Hash algorithm sample data:
Secure Hash Algorithm 3SHA3 abstract examples:
Input data (abstract character):
“abc”
Abstract result:
4e03657aea45a94fc7d47ba826c8d667c0d1e6e33a64a036ec44f58fa 12d6c45
SM3 cryptographic Hash algorithm examples:
Input data (abstract character):
“abc”
Abstract result:
66c7f0f462eeedd9d1f2d46bdc10e4e24167c4875cf2f7a2297da02b8 f4ba8e0。
Below to SM2 elliptic curves cryptosystem algorithms, how compatible with ether mill the specific implementation of SM3 cryptographic Hash algorithms is is done into one Step detailed description.
Digital Signature Algorithm is replaced
ECDSA algorithm brief introductions
The workflow of ECDSA algorithms is introduced first.One group of number that hereinafter systematic parameter is shared by system participant According to it is all known to any user.We indicate that the signer of message, user B indicate the authentication of message with user A, dAIndicate the private key of user A, QAIndicate its public key.
Systematic parameter:(CURVE, G, n), wherein CURVE are the elliptic curve that algorithm is based on, the song in ether mill Line is the secp256k1 curves specified in SEC2-V2 standards;G is the basic point that a rank is prime number on elliptic curve domain, and n is base The rank of point G.
Key generates:
User A chooses the random number d of safetyA∈ [1, n-1] is used as its private key
User A calculates QA=dA× G is as its public key
Digital signature:User A uses its private key dAIt signs to message m
Calculate e=HASH (m)
Choose the random number k ∈ [1, n-1] of safety
Calculate the point (x on elliptic curve1,y1)=k × G
Calculate r=x1modn
Calculate s=k-1(z+r·dA)modn
Export final signature (r, s)
Signature verification:User B obtain user A to message m ' signature (r ', s ') and its legal public key QA, attempt Verify the correctness of signature.
Calculate e '=HASH (m ')
Calculate w=s-1modn
Calculate u1=e ' w mod n and u2=rw mod n
Calculate elliptic curve point (x1,y1)=u1×G+u2×QA
If u1=r ', then the signature is legal;Otherwise, signature is illegal
Restore public key:A special operation is that the public key of signer is recovered from signature in ECDSA algorithms.Logical The limited occasion of letter, storage resource, necessity which can remove transmission from, store signer public key.Ether largely makes in mill With the operation for restoring public key.The flow for restoring public key from signature is as follows.
According to signature r two point R on elliptic curve are calculated (using r as the abscissa put)1,R2
The inverse r of calculate the signature r-1
The abstract Z=H (M) of calculate the signature message
Calculate the signature person's public key QA
If v=0, public key Q is exportedA=r-1(sR1-zG)
If v=1, public key Q is exportedA=r-1(sR2-zG)
SM2 signature algorithm brief introductions
The workflow of SM2 algorithms is briefly described below.Identical as ECDSA algorithms, hereinafter systematic parameter is to be One group of data that system participant is shared, it is all known to any user.We indicate the signer of message with user A, User B indicates the authentication of message, dAIndicate the private key of user A, QAIndicate its public key.
Systematic parameter:(CURVE, G, n), wherein CURVE are the elliptic curve that is based on of algorithm, we used with The too identical secp256k1 curves in mill;G is the basic point that a rank is prime number on elliptic curve domain, and n is the rank of basic point G.
Key generates:
User A chooses the random number d of safetyA∈ [1, n-1] is used as its private key
User A calculates QA=dA× G is as its public key
Digital signature:User A uses its private key dAIt signs to message m
Calculate e=HASH (m)
Choose the random number k ∈ [1, n-1] of safety
Calculate the point (x on elliptic curve1,y1)=k × G
Calculate r=(e+x1)modn
Calculate s=((1+dA)-1(k+r·dA))modn
Export final signature (r, s)
Signature verification:User B obtain user A to message m ' signature (r ', s ') and its legal public key QA, attempt Verify the correctness of signature.
Calculate e '=HASH (m ')
Calculate t=(r '+s ') modn
Calculate u1=e ' w mod n and u2=rw mod n
Calculate elliptic curve point (x1,y1)=s ' × G+t × QA
Calculate R=(e '+x1′)modn
If R=r ', which is legal;Otherwise, signature is illegal
Restore public key:Restore the operation of public key from signature in view of largely having been used in ether mill, if the algorithm replaced It does not support the operation that will certainly cause serious interface incompatibility, whole system is caused to be required for being modified.We have found that Signature (r, s) in SM2 algorithms has signs similar structure with ECDSA, and also can be from by certain derivation The public key of signer is recovered in SM2 signatures.
The digest calculations e=HASH (m) of calculate the signature message
Abscissa x=(r-e) the mod n of Point on Elliptic Curve R ' are calculated according to signature r (x- abscissas)
Calculate the inverse invrps=(r+s) of (r+s)-1
Calculate minuss=(r+s)-1·s
Calculate the signature person's public key QA=invrpsR-minussG
Algorithm replaces summary
ECDSA and SM2 algorithms are compared according to the description of 1,2 trifles.
Table 1ECDSA is compared with SM2-DSA algorithms
From in the description of table 1 and 1,2 brief summaries it can be seen that SM2 algorithms and ECDSA algorithms whether in data structure or All it is identical in the operations such as signature, verification, therefore only needs to modify to the realization inside signature function when being replaced (obviously, the computational methods of SM2 and ECDSA signatures are different), without being carried out to the relevant interface for being exposed to other modules Adjustment.Further, since public and private key, the signing structure of two kinds of algorithms are identical, therefore can be directly by the data of ether mill ECDSA Structure stores these data.
Algorithm, which is replaced, to be described in detail
The encapsulation of all cryptographic algorithm interfaces is contained in the crypto submodules in ether mill.In gb/crypto packets Realization containing domestic SM2/3/4 algorithms.There are secp256k1 attached bags, the packet to realize under crypto modules Basic operation on secp256k1 curves domain.All relevant interfaces of signature in crypto modules are listed below, and provide it Alternative.
2 interface of table replaces list
Public key encryption algorithm is replaced
ECIES algorithm brief introductions
The workflow of ECIES algorithms is briefly described below.In ether mill, ECIES algorithms are used between node P2P coded communications.One group of data that hereinafter systematic parameter is shared by system participant, it is all to any user Know.We indicate the sender of data with user B, he uses the public key encryption one piece of data of user A., user's A expression numbers According to decryption person, he is received encrypted message from user B and it is decrypted using the private key of oneself.dAIndicate user A Private key, QAIndicate its public key.
Systematic parameter:(CURVE,G,n,s1,s2), wherein CURVE is the elliptic curve that algorithm is based on, in ether mill The curve is the secp256k1 curves specified in SEC2-V2r standards;G is the basic point that a rank is prime number on elliptic curve domain, N is the rank of basic point G;S1,S2It is inputted for shared auxiliary
Key generates:
User A chooses the random number d of safetyA∈ [1, n-1] is used as its private key
User A calculates QA=dA× G is as its public key
Data encryption:User B uses the public key Q of user AATo encrypting message m
Choose the random number k ∈ [1, n-1] of safety
Calculate point R=k × G on elliptic curve
Calculate the point (x on elliptic curve1,y1)=k × QA
Calculate kE||kM=KDF (x1||S1)
Encrypt message c=E (kE;m)
Calculate d=MAC (kM;c||S2)
Export ciphertext R | | c | | d
Data deciphering:User A obtains encrypted ciphertext C '=R ' | | c ' | | d ' attempts to use its private key dADecryption
Calculate the point (x on elliptic curve1′,y1')=R ' × dA=k × dA× G=k × QA
Calculate kE′||kM'=KDF (x1′||S1)
Verify d '=MAC (kM′;c′||S2)
Decrypt message m '=D (kE′;c′)
SM2 Encryption Algorithm brief introductions
The workflow of SM Encryption Algorithm is simply introduced below.Hereinafter systematic parameter is shared by system participant One group of data, it is all known to any user.We indicate the sender of data with user B, he uses the public affairs of user A Key encrypts one piece of data., the decryption person of user's A expression data, he receives encrypted message from user B and uses oneself It is decrypted in private key.dAIndicate the private key of user A, QAIndicate its public key.
Systematic parameter:(CURVE,G,n,s1,s2), wherein CURVE is the elliptic curve that algorithm is based on, in ether mill The curve is the secp256k1 curves specified in SEC2-V2 standards;G is the basic point that a rank is prime number on elliptic curve domain, n For the rank of basic point G;S1,S2It is inputted for shared auxiliary
Key generates:
User A chooses the random number d of safetyA∈ [1, n-1] is used as its private key
User A calculates QA=dA× G is as its public key
Data encryption:User B uses the public key Q of user AATo encrypting message m
Choose the random number k ∈ [1, n-1] of safety
Calculate the point C on elliptic curve1=k × G, C1According to GB/T 32918.1-2016 part 1s 4.2.8 and 4.2.4 The method migration provided is Bit String
Calculate elliptic curve point (x1,y1)=k × QA
Calculate t=KDF (x1||y1||S1,klen)
Encrypt message
Calculate C3=Hash (x1||m||y1||S2)
Export ciphertext C=C1||C2||C3
Data deciphering:User A obtains encrypted ciphertext C '=C1′||C2′||C3', it attempts to use its private key dASolution It is close
Calculate the point (x on elliptic curve1′,y1')=C1′×dA=k × dA× G=k × QA
Calculate t '=KDF (x1′||y1′||S1,klen)
Verify C3'=Hash (x1′||m||y1′||S2)
Decrypt message
Algorithm replaces explanation
ECIES is compared with SM2 algorithms according to the description of 1,2 brief summaries
Table 3ECIES is compared with SM2-PKE algorithms
It can be seen that ECIES also remains consistency with SM2 algorithms in data structure, operating method.We The realization of SM2 public key encryption algorithms is given in crypto/sm2 submodules, realizes that interface is calculated with reference to the ECIES in ether mill Method.
Table 4ECIES (SM2) algorithm realizes interface
Other modules are by its packet name ecies call function when using ECIES algorithms in ether mill.With p2p/ The 318th behavior examples of rlpx.go:
H.randomPrivKey, err=ecies.GenerateKey (rand.Reader, crypto.S256 (), nil)
Since the SM2 Encryption Algorithm being newly added belongs to another attached bag sm2, we are by means of a small skill when replacement To solve the inconsistence problems of name space:The sm2 attached bags of importing are named as " ecies ", since the interface that the two provides is It is identical, therefore the original function of program is not interfered with, and when method of the new system under calling " ecies " title What is actually called is the method in sm2 attached bags.
Cryptographic Hash algorithm is replaced
Different from these public key algorithms of ECDSA, SM2, cryptographic Hash algorithm form usually all having the same. When replacing the SHA3 serial algorithms used in ether mill using SM3, we are primarily upon the problem of algorithm exports length. We mention in the third trifle of invention content, the use of the SM3 main problems replaced are that its output length only has 256 bits, And it is the SHA3 algorithms of 512 bits that ether mill, which has used output length,.
We use the KDF3 functions provided in SEC2-V2 standards and the output length of SM2 algorithms are extended to 512 Byte.
KDF3 functions
By KDF3 functions, the output length of hash algorithm Hash can be expanded to arbitrary l byte length by us.
Input:(x,l);Wherein x is the output of original hash function, and l is the hash function output after extension
Output: Hash.eval(I2OSP(0,pamt)||x)||...||Hash.eval(I2OSP(k- 1,pamt)|| x)
Wherein
In the realization of this paper, the Hash hash functions that we expand using SM3 as needs, x is the output of SM3 algorithms, L is that 512, pamt takes 4.
2 algorithms replace explanation
Crypto moulds SHA3 algorithm interfaces in the block are changed, algorithm is replaced with into SM3 under the premise of not changing interface name Algorithm after algorithm and use KDF3 expansions.
5 ether mill SHA3/Keccak256 algorithm interfaces of table
The method of ether mill provided in an embodiment of the present invention cryptographic algorithm production domesticization, using domestic cryptographic algorithm replace with External cryptographic algorithm too in mill, and carry out the adjustment of parameter, the extension of SM3 hashed value length, realized by restoring public key The verification etc. of SM2 signature algorithms may have implantation back door since external cryptographic algorithm is dangerous, using domestic close after replacement Code algorithm can realize truly autonomous controllable.
On the basis of the above embodiments, the domestic cryptographic algorithm includes SM2 Digital Signature Algorithms;The type packet Include signature character;Correspondingly, the type according to the confidential information to be added, obtains encryption corresponding with the type and calculates Method, including:
If the type of the confidential information to be added is signature character, it is SM2 to obtain Encryption Algorithm corresponding with the type Digital Signature Algorithm;Wherein, the SM2 Digital Signature Algorithms substitute the ellipse curve signature algorithm in the Open Source Code of ether mill ECDSA。
Specifically, if cipher processing apparatus judges to know the type of the confidential information to be added as signature character, acquisition and institute It is SM2 Digital Signature Algorithms to state the corresponding Encryption Algorithm of type;Wherein, the SM2 Digital Signature Algorithms substitute ether mill and open Ellipse curve signature algorithm ECDSA in source code.Above-described embodiment is can refer to, is repeated no more.
The method of ether mill provided in an embodiment of the present invention cryptographic algorithm production domesticization, by being replaced with SM2 Digital Signature Algorithms For ECDSA, and encryption information is generated, is conducive to management and control cryptographic algorithm.
On the basis of the above embodiments, the domestic cryptographic algorithm includes SM2 public key encryption algorithms;The type packet Include public key character;Correspondingly, the type according to the confidential information to be added, obtains encryption corresponding with the type and calculates Method, including:
If the type of the confidential information to be added is public key character, it is SM2 to obtain Encryption Algorithm corresponding with the type Public key encryption algorithm;Wherein, the SM2 public key encryption algorithms substitute the elliptic curve integration encryption in the Open Source Code of ether mill Algorithm ECIES.
Specifically, if cipher processing apparatus judges to know the type of the confidential information to be added as public key character, obtain and institute It is SM2 public key encryption algorithms to state the corresponding Encryption Algorithm of type;Wherein, the SM2 public key encryption algorithms substitute ether mill and open Elliptic curve integration encryption algorithm ECIES in source code.Above-described embodiment is can refer to, is repeated no more.
Encrypted information processing method provided in an embodiment of the present invention based on ether mill and domestic cryptographic algorithm, passes through use SM2 public key encryption algorithms substitute ECIES, and generate encryption information, are conducive to management and control cryptographic algorithm.
On the basis of the above embodiments, the domestic cryptographic algorithm includes SM3 cryptographic Hash algorithms;The type packet Include abstract character;Correspondingly, the type according to the confidential information to be added, obtains encryption corresponding with the type and calculates Method, including:
If the type of the confidential information to be added is abstract character, it is SM3 to obtain Encryption Algorithm corresponding with the type Cryptographic Hash algorithm;Wherein, the SM3 cryptographic Hash algorithm substitutes a series of hash algorithms in the Open Source Code of ether mill.
Specifically, if cipher processing apparatus judges to know the type of the confidential information to be added as abstract character, acquisition and institute It is SM3 cryptographic Hash algorithms to state the corresponding Encryption Algorithm of type;Wherein, the SM3 cryptographic Hash algorithm substitutes ether mill and opens A series of hash algorithms in source code.Above-described embodiment is can refer to, is repeated no more.
The method of ether mill provided in an embodiment of the present invention cryptographic algorithm production domesticization, by being replaced with SM3 cryptographic Hash algorithms For a series of hash algorithms, and encryption information is generated, is conducive to management and control cryptographic algorithm.
On the basis of the above embodiments, the method further includes:
The output length of the SM3 cryptographic Hash algorithm cryptographic Hash is expanded to by byte using cipher key derivation function KDF3 Length L.
Specifically, cipher processing apparatus uses cipher key derivation function KDF3 by the SM3 cryptographic Hash algorithm cryptographic Hash Output length expands to byte length L.
Different from these public key algorithms of ECDSA, SM2, cryptographic Hash algorithm form usually all having the same. When replacing the SHA3 serial algorithms used in ether mill using SM3, it is primarily upon the problem of algorithm exports length.Use SM3 The main problem of replacement is that its output length only has 256 bytes, and it is the SHA3 of 512 bytes that ether mill, which has used output length, Algorithm.The output length of SM3 algorithms is expanded for this purpose, the cipher key derivation function KDF3 provided in SEC2-V2 standards may be used To 512 bytes.Following method may be used to realize:
Input:(x,L);Wherein x is the output of original hash function, and L is that the hash function after extension exports (after extension Byte length)
Output:Hash.eval(I2OSP(0,pamt)||x)||...||Hash.eval(I2OSP(k- 1,pamt)||x)
WhereinWherein OutputLen indicates the output length of Hash functions;Expression rounds up to the result of calculation of L/Hash.OutputLen.
During the embodiment of the present invention is realized, the Hash hash functions expanded using SM3 as needs, x is SM3 algorithms Output, L 512, pamt takes 4.Since L is 512, byte length is extended to 512 bytes to realize.
The method of ether mill provided in an embodiment of the present invention cryptographic algorithm production domesticization, can breathe out SM3 cryptographic Hash algorithms The output length of uncommon value expands to byte length L.
On the basis of the above embodiments, before the step of acquisition confidential information to be added, the method further includes:
The Encryption Algorithm is configured according to the type of the Encryption Algorithm.
Specifically, cipher processing apparatus configures the Encryption Algorithm according to the type of the Encryption Algorithm.For Above-mentioned three kinds of situations, are described as follows:
One, SM2 ellipse curve signature algorithms replace ECDSA
Using the catalogue in ether mill as root, ECDSA is realized in crypto/secp256k1, SM2 elliptic curves Signature algorithm is realized in the gb/crypto/sm2 (store path), replacement when need by gb files copy to Too under mill in vendor files (specified file), and by all import " github.com/ethereum/ in ether mill Go-ethereum/crypto/secp256k1 " (lead-in path) replaces with import " gb/crypto/sm2 ", i.e., will be right The importing of ECDSA packets replaces with the importing to SM2 packets.
Two, SM2 elliptic curves integration encryption algorithm replaces ECIES
Using the catalogue in ether mill as root, ECIES is realized in crypto/ecies, SM2 elliptic curves synthesis Encryption Algorithm is realized in the gb/crypto/sm2 (store path), replacement when need by gb files copy to Too under mill in vendor files (specified file), and by all import " github.com/ethereum/ in ether mill Go-ethereum/crypto/ecies " (lead-in path) replaces with import " gb/crypto/sm2 ", i.e., will be to ecies packets Importing replace with the importing to SM2 packets.
Three, SM3 cryptographic Hash algorithm replaces SHA series cryptographic Hash algorithms
Using the catalogue in ether mill as root, what the cryptographic Hash algorithm of SHA3 series was realized in crypto/sha3, SHA256 (SHA2 series) algorithm is that go/src/crypto/sha256 in the libraries go is called to realize, SM3 algorithms and KDF3 algorithms It is to need to copy gb files under ether mill to when the middle realizations of gb/crypto/sm3 (store path), replacement In vendor files (specified file), and by all import " github.com/ethereum/go- in ether mill Ethereum/crypto/sha3 " (lead-in path) replaces with import " gb/crypto/sm3 ", that is, replace with to SM3 packets It imports.
The method of ether mill provided in an embodiment of the present invention cryptographic algorithm production domesticization is protected by being pre-configured with Encryption Algorithm Being smoothed out for algorithm replacement is demonstrate,proved.
On the basis of the above embodiments, the type according to the Encryption Algorithm matches the Encryption Algorithm It sets, including:
According to the type of the Encryption Algorithm, the Encryption Algorithm corresponding with the type of the Encryption Algorithm is obtained Store path.
Specifically, type of the cipher processing apparatus according to the Encryption Algorithm, obtains the type phase with the Encryption Algorithm The store path of the corresponding Encryption Algorithm.Above-described embodiment is can refer to, is repeated no more.
According to the store path, the Encryption Algorithm is obtained, and the Encryption Algorithm is copied in specified file.
Specifically, cipher processing apparatus obtains the Encryption Algorithm, and the encryption is calculated according to the store path Method copies in specified file.Above-described embodiment is can refer to, is repeated no more.
The lead-in path of the type of ether corresponding with the type of Encryption Algorithm mill Open Source Code is replaced by institute State the store path of Encryption Algorithm.
Specifically, cipher processing apparatus is by the class of ether corresponding with the type of Encryption Algorithm mill Open Source Code The lead-in path of type is replaced by the store path of the Encryption Algorithm.Above-described embodiment is can refer to, is repeated no more.
The method of ether mill provided in an embodiment of the present invention cryptographic algorithm production domesticization, by specifically configuring Encryption Algorithm, Further ensure being smoothed out for algorithm replacement.
One of ordinary skill in the art will appreciate that:Realize that all or part of step of above method embodiment can lead to The relevant hardware of program instruction is crossed to complete, program above-mentioned can be stored in a computer read/write memory medium, the journey Sequence when being executed, executes step including the steps of the foregoing method embodiments;And storage medium above-mentioned includes:ROM, RAM, magnetic disc or The various media that can store program code such as person's CD.
Embodiments described above is only schematical, wherein the unit illustrated as separating component can be with It is or may not be and be physically separated, the component shown as unit may or may not be physical unit, A place can be located at, or may be distributed over multiple network units.It can select according to the actual needs wherein Some or all of module achieve the purpose of the solution of this embodiment.Those of ordinary skill in the art are not paying creativeness Labour in the case of, you can to understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment The mode of required general hardware platform can be added to realize by software, naturally it is also possible to pass through hardware.Based on such reason Solution, substantially the part that contributes to existing technology can embody above-mentioned technical proposal in the form of software products in other words Out, which can store in a computer-readable storage medium, such as ROM/RAM, magnetic disc, CD, It is used including some instructions so that a computer equipment (can be personal computer, server or the network equipment etc.) is held Method described in certain parts of each embodiment of row or embodiment.
Finally it should be noted that:The above various embodiments is only to illustrate the technical solution of the embodiment of the present invention rather than right It is limited;Although the embodiment of the present invention is described in detail with reference to foregoing embodiments, the ordinary skill of this field Personnel should understand that:It still can be with technical scheme described in the above embodiments is modified, or to which part Or all technical features carries out equivalent replacement;And these modifications or replacements, do not make the essence of corresponding technical solution de- Range from each embodiment technical solution of the embodiment of the present invention.

Claims (7)

1. a kind of method of ether mill cryptographic algorithm production domesticization, the method are applied to block platform chain, which is characterized in that packet It includes:
Obtain confidential information to be added;
According to the type of the confidential information to be added, Encryption Algorithm corresponding with the type is obtained;Wherein, the Encryption Algorithm It is the domestic cryptographic algorithm for substituting ether mill Open Source Code foreign countries cryptographic algorithm;
The confidential information to be added is encrypted according to the Encryption Algorithm, to generate encryption information.
2. according to the method described in claim 1, it is characterized in that, the domestic cryptographic algorithm includes SM2 Digital Signature Algorithms; The type includes signature character;Correspondingly, the type according to the confidential information to be added, obtains corresponding with the type Encryption Algorithm, including:
If the type of the confidential information to be added is signature character, it is SM2 numbers to obtain Encryption Algorithm corresponding with the type Signature algorithm;Wherein, the SM2 Digital Signature Algorithms substitute the ellipse curve signature algorithm ECDSA in the Open Source Code of ether mill.
3. according to the method described in claim 1, it is characterized in that, the domestic cryptographic algorithm includes SM2 public key encryption algorithms; The type includes public key character;Correspondingly, the type according to the confidential information to be added, obtains corresponding with the type Encryption Algorithm, including:
If the type of the confidential information to be added is public key character, it is SM2 public keys to obtain Encryption Algorithm corresponding with the type Encryption Algorithm;Wherein, the SM2 public key encryption algorithms substitute the elliptic curve integration encryption algorithm in the Open Source Code of ether mill ECIES。
4. according to the method described in claim 1, it is characterized in that, the domestic cryptographic algorithm includes SM3 cryptographic Hash algorithms; The type includes abstract character;Correspondingly, the type according to the confidential information to be added, obtains corresponding with the type Encryption Algorithm, including:
If the type of the confidential information to be added is abstract character, it is SM3 passwords to obtain Encryption Algorithm corresponding with the type Hash algorithm;Wherein, the SM3 cryptographic Hash algorithm substitutes a series of hash algorithms in the Open Source Code of ether mill.
5. according to the method described in claim 4, it is characterized in that, the method further includes:
The output length of the SM3 cryptographic Hash algorithm cryptographic Hash is expanded to by byte length L using cipher key derivation function KDF3.
6. according to the method described in claim 1, it is characterized in that, before the step of acquisition confidential information to be added, the side Method further includes:
The Encryption Algorithm is configured according to the type of the Encryption Algorithm.
7. according to the method described in claim 6, it is characterized in that, the type according to the Encryption Algorithm is to the encryption Algorithm is configured, including:
According to the type of the Encryption Algorithm, the storage of the Encryption Algorithm corresponding with the type of the Encryption Algorithm is obtained Path;
According to the store path, the Encryption Algorithm is obtained, and the Encryption Algorithm is copied in specified file;
The lead-in path of the type of ether corresponding with the type of Encryption Algorithm mill Open Source Code is replaced by described add The store path of close algorithm.
CN201711395856.3A 2017-12-21 2017-12-21 A kind of method of ether mill cryptographic algorithm production domesticization Pending CN108306737A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711395856.3A CN108306737A (en) 2017-12-21 2017-12-21 A kind of method of ether mill cryptographic algorithm production domesticization

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711395856.3A CN108306737A (en) 2017-12-21 2017-12-21 A kind of method of ether mill cryptographic algorithm production domesticization

Publications (1)

Publication Number Publication Date
CN108306737A true CN108306737A (en) 2018-07-20

Family

ID=62870562

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711395856.3A Pending CN108306737A (en) 2017-12-21 2017-12-21 A kind of method of ether mill cryptographic algorithm production domesticization

Country Status (1)

Country Link
CN (1) CN108306737A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109104287A (en) * 2018-07-27 2018-12-28 众安信息技术服务有限公司 The method and apparatus communicated in block chain
CN109547195A (en) * 2018-11-13 2019-03-29 阳光保险集团股份有限公司 A kind of code data processing method and processing device
CN111654378A (en) * 2020-05-28 2020-09-11 广东纬德信息科技股份有限公司 Data security self-checking method based on electric power security gateway
CN112968778A (en) * 2021-02-04 2021-06-15 西安电子科技大学 Block chain state encryption algorithm conversion method and system, computer equipment and application

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104901810A (en) * 2015-06-02 2015-09-09 浪潮集团有限公司 Data encryption storage method based on domestic cryptographic algorithm
CN106130738A (en) * 2016-08-25 2016-11-16 杭州天谷信息科技有限公司 A kind of block catenary system supporting the close algorithm of state
CN107241196A (en) * 2017-06-30 2017-10-10 杰创智能科技股份有限公司 Digital signature method and system based on block chain technology

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104901810A (en) * 2015-06-02 2015-09-09 浪潮集团有限公司 Data encryption storage method based on domestic cryptographic algorithm
CN106130738A (en) * 2016-08-25 2016-11-16 杭州天谷信息科技有限公司 A kind of block catenary system supporting the close algorithm of state
CN107241196A (en) * 2017-06-30 2017-10-10 杰创智能科技股份有限公司 Digital signature method and system based on block chain technology

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
姚忠将等: ""基于区块链原理及应用的综述"", 《科研信息化技术与应用》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109104287A (en) * 2018-07-27 2018-12-28 众安信息技术服务有限公司 The method and apparatus communicated in block chain
CN109547195A (en) * 2018-11-13 2019-03-29 阳光保险集团股份有限公司 A kind of code data processing method and processing device
CN111654378A (en) * 2020-05-28 2020-09-11 广东纬德信息科技股份有限公司 Data security self-checking method based on electric power security gateway
CN111654378B (en) * 2020-05-28 2021-01-05 广东纬德信息科技股份有限公司 Data security self-checking method based on electric power security gateway
CN112968778A (en) * 2021-02-04 2021-06-15 西安电子科技大学 Block chain state encryption algorithm conversion method and system, computer equipment and application

Similar Documents

Publication Publication Date Title
US11818262B2 (en) Method and system for one-to-many symmetric cryptography and a network employing the same
US9537657B1 (en) Multipart authenticated encryption
CN110096901B (en) Electronic contract data encryption storage method and signing client
CN108306737A (en) A kind of method of ether mill cryptographic algorithm production domesticization
EP0916209A1 (en) Cryptographic key recovery system
KR20070022021A (en) Method and apparatus for cryptographically processing data
CN107135062A (en) A kind of encryption method of improved big file
CN111654511A (en) Chained data encryption method, chained data decryption method and corresponding systems
CN106685980A (en) Cryptographic method of large files
CN114008967A (en) Authenticated lattice-based key agreement or key encapsulation
CN111404953A (en) Message encryption method, message decryption method, related devices and related systems
CN109873699A (en) A kind of voidable identity public key encryption method
Mo et al. Two-party fine-grained assured deletion of outsourced data in cloud systems
WO2018152618A1 (en) Symmetric cryptographic method and system and applications thereof
CN111368333A (en) Universal block chain key encapsulation technology
Kannan et al. A comparative analysis of DES, AES and RSA crypt algorithms for network security in cloud computing
Pushpa Enhancing Data Security by Adapting Network Security and Cryptographic Paradigms
Yadav et al. Hybrid cryptography approach to secure the data in computing environment
kadhim Bermani et al. Efficient cryptography techniques for image encryption in cloud storage
CN115550058B (en) Shared file transparent encryption method and system
Averin et al. Mathematical Model of Symmetric Cryptoalgorithm Based on Representing Mumbers as Sums of Special Code Elements
CN118157930A (en) Method, device, equipment and medium for encrypting transmission data
CN114329627A (en) Signature method, signature device, computer equipment and storage medium
CN113282913A (en) Password replacement method and device
CN114039720A (en) Unconditional safety authentication encryption method based on LFSR hash

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180720

RJ01 Rejection of invention patent application after publication