CN108306737A - A kind of method of ether mill cryptographic algorithm production domesticization - Google Patents
A kind of method of ether mill cryptographic algorithm production domesticization Download PDFInfo
- Publication number
- CN108306737A CN108306737A CN201711395856.3A CN201711395856A CN108306737A CN 108306737 A CN108306737 A CN 108306737A CN 201711395856 A CN201711395856 A CN 201711395856A CN 108306737 A CN108306737 A CN 108306737A
- Authority
- CN
- China
- Prior art keywords
- algorithm
- type
- encryption algorithm
- encryption
- added
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3252—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The method of ether mill provided in an embodiment of the present invention cryptographic algorithm production domesticization, the method are applied to the block platform chain, including:Obtain confidential information to be added;According to the type of the confidential information to be added, Encryption Algorithm corresponding with the type is obtained;Wherein, the Encryption Algorithm is to substitute the domestic cryptographic algorithm of ether mill Open Source Code foreign countries cryptographic algorithm;The confidential information to be added is encrypted according to the Encryption Algorithm, to generate encryption information.The method of ether mill provided in an embodiment of the present invention cryptographic algorithm production domesticization, the external cryptographic algorithm in ether mill is replaced using domestic cryptographic algorithm, and carry out the adjustment of parameter, the extension of SM3 hashed value length, the verification etc. by restoring public key realization SM2 signature algorithms, since external cryptographic algorithm is dangerous, there may be implantation back door, truly autonomous controllable can be realized using the domestic cryptographic algorithm after replacement.
Description
Technical field
The present embodiments relate to block chain technical fields, and in particular to a kind of side of ether mill cryptographic algorithm production domesticization
Method.
Background technology
Block chain technique functions are derived from bit coin, are a kind of distributed storages for protecting data safety using cryptography method
Technology, having the significant properties such as can not distort, can not forge, and be widely used in digital economy, internet improvement and big data
Multiple technical fields such as development.The essence of block chain is that safe and reliable data store and process, and then cryptographic algorithm just becomes
The part of the most critical of block platform chain.
However, the block platform chain of mainstream generally uses external cryptographic algorithm at present, such as ECDSA elliptic curve label
Name algorithm, SHA3 cryptographic Hash algorithm, RIPEMD160 cryptographic Hash algorithm, AES block ciphers etc..These algorithms are most
It is the algorithm of Unite States Standard.
Information security has risen to today of national strategy, and core algorithm-cryptographic algorithm of block chain ought to be autonomous
Controllably.
Invention content
In view of the problems of the existing technology, the embodiment of the present invention provides a kind of side of ether mill cryptographic algorithm production domesticization
Method.
The method that the embodiment of the present invention provides a kind of cryptographic algorithm production domesticization of ether mill, the method includes:
Obtain confidential information to be added;
According to the type of the confidential information to be added, Encryption Algorithm corresponding with the type is obtained;Wherein, described to add
Close algorithm is the domestic cryptographic algorithm for substituting ether mill Open Source Code foreign countries cryptographic algorithm;
The confidential information to be added is encrypted according to the Encryption Algorithm, to generate encryption information.
The method of ether mill provided in an embodiment of the present invention cryptographic algorithm production domesticization, using domestic cryptographic algorithm replace with
External cryptographic algorithm too in mill, and carry out the adjustment of parameter, the extension of SM3 hashed value length, realized by restoring public key
The verification etc. of SM2 signature algorithms may have implantation back door since external cryptographic algorithm is dangerous, using domestic close after replacement
Code algorithm can realize truly autonomous controllable.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, below will to embodiment or
Attached drawing needed to be used in the description of the prior art is briefly described, it should be apparent that, the accompanying drawings in the following description is this
Some embodiments of invention without creative efforts, may be used also for those of ordinary skill in the art
With obtain other attached drawings according to these attached drawings.
Fig. 1 is the method flow schematic diagram of ether of embodiment of the present invention mill cryptographic algorithm production domesticization.
Specific implementation mode
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people
The every other embodiment that member is obtained without creative efforts, shall fall within the protection scope of the present invention.
Fig. 1 is the method flow schematic diagram of ether of embodiment of the present invention mill cryptographic algorithm production domesticization, as shown in Figure 1, this hair
A kind of method for ether mill cryptographic algorithm production domesticization that bright embodiment provides, includes the following steps:
S1:Obtain confidential information to be added.
Specifically, the cipher processing apparatus in block platform chain obtains confidential information to be added.Confidential information to be added may include not
Same type.
S2:According to the type of the confidential information to be added, Encryption Algorithm corresponding with the type is obtained;Wherein, described
Encryption Algorithm is to substitute the domestic cryptographic algorithm of ether mill Open Source Code foreign countries cryptographic algorithm.
Specifically, type of the cipher processing apparatus according to the confidential information to be added, obtains add corresponding with the type
Close algorithm;Wherein, the Encryption Algorithm is to substitute the domestic cryptographic algorithm of ether mill Open Source Code foreign countries cryptographic algorithm.It is to be added
The type of confidential information may include signature character, public key character and abstract character etc., Encryption Algorithm corresponding with signature character
Can be SM2 Digital Signature Algorithms;Encryption Algorithm corresponding with public key character can be SM2 public key encryption algorithms;With pluck
It can be SM3 cryptographic Hash algorithms to want the corresponding Encryption Algorithm of character.It should be noted that:Above-mentioned SM2 digital signature is calculated
Method, SM2 public key encryption algorithms and SM3 cryptographic Hash algorithm are all domestic cryptographic algorithms;It can be replaced with SM2 Digital Signature Algorithms
For the ellipse curve signature algorithm ECDSA of ether mill Open Source Code;Ether mill can be substituted with SM2 public key encryption algorithms to increase income
The elliptic curve integration encryption algorithm ECIES of code;SM3 cryptographic Hash algorithms can be used to substitute the one of ether mill Open Source Code
Serial hash algorithm can be SHA3 algorithms.
S3:The confidential information to be added is encrypted according to the Encryption Algorithm, to generate encryption information.
Specifically, cipher processing apparatus is encrypted the confidential information to be added according to the Encryption Algorithm, with life
At encryption information.It is illustrated below:
One, Digital Signature Algorithm sample data
Ellipse curve signature algorithm ECDSA examples:
The encapsulation that all cryptographic algorithm interfaces are contained in the crypto submodules in ether mill, under crypto modules
Also secp256k1 attached bags, the packet realize the basic operation on secp256k1 curves domain, use secp256k1 curves y^2
It is illustrated for=x^3+ax+b:
Parameter of curve:
P=FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE
FFFFFC2F
A=00000000 00,000,000 00,000,000 00,000,000 00,000,000 00,000,000 00000000
00000000
B=00000000 00,000,000 00,000,000 00,000,000 00,000,000 00,000,000 00000000
00000007
Basic point G:
Gx=79BE667E F9DCBBAC 55A06295CE870B07 029BFCDB 2DCE28D9 59F2815B
16F81798
Gy=483ADA77 26A3C465 5DA4FBFC 0E1108A8FD17B448 A6855419 9C47D08F
FB10D4B8
Rank n:
N=FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C
D0364141
Generate public private key pair:
Prv=4d17899cbd204fdef0ddcac345dd8ae826de063d39d30a5b270d
fb58cf32bdd0
Pub=(744444566f38297da677000ba1f09d897180c53d22fb8abc108
b7f88c6121f0c,
886ef5e9d6ce015dd9cdd0c7927ff13b649510a959d212f1446577f4 8895983d)
Character string of signing (signature character):
“may4thbwizu”
Signature output:
R=caa814bf03e32cc2c5f2b72151af83172d3e2902389186e43788b0
a2d1352ae4e3
S=a1fab94862e83b50e929630fbd44d62cf7399e9ca2faab1bc8bb24 a 22d9ad200
SM2 Digital Signature Algorithm examples:
Parameter uses the curve provided in SM2 standards.
Generate public private key pair:
Prv=9655826314c9cfddb1e17341ad52afe009c625b159c9cc7d5cde
41733d3b9cf3
Pub=(2bdcd5db5042bbc0d1fcee1aeef964fc22a8254354ad8be30d1
3052ddddf61cd,
144ad97e61ce26d200d3b7688581b508072b96b1aa7a923e6539a7e e8233b816)
Character string of signing (signature character):
“may4thbwizu”
Signature output:
R=b1578406895b69bb3bc6bec3874bd0fc7e00c6caae3b8a401ddd2a 20603c9412
S=9b802e5eb1115193e26388421c643f9cc998f3006f66f64f5a298b a a578e98e.
Two, public key encryption algorithm sample data:
Elliptic curve integration encryption algorithm ECIES examples:
Generate public private key pair:
Prv=13d08f4a34a9c87db08c102485c017f62c97988e33621b099c7b
17a55d47c95f
Pub=(76b7de101c63816487232bd25539fd4c07090012b643856a17
82b65351d5992e,
de3aae59b3b988c69b92eecf0b67ce4291e9ae08b82420aaabbbb72a eb9c258f)
Encrypted characters string (public key character):
“Hello,world.”
Ciphertext after encryption:
04ec30defd14b52d1bf427f21e072f5e15a11591a6258a652729ea0
c5b9baea3e015f4147ee6163ea1a4106b0683087220ccae44bbc2caafad29
ddac73e905b08bab17afd574ec08ded8fec7c6127afd197218ff8644ad48d
143508a143f890274d99da70497235b0cbc1317a5cc05b507b82865553e 0810167de5b74a4c
Message after decryption:
48656c6c6f2c20776f726c642e, i.e., " ASCII of Hello, world. " are encoded.
SM2 public key encryption algorithm examples:
Generate public private key pair:
Prv=ded17a6bf28bf5c469a882ccc37bf618d1cda2e543767dbd7d36 de6cd8cafe4
Pub=(2d282e530b9a377de1a0dbc2a6059084be5d6220cbea083909
b31a9b9dd360ac,
180991a4f674eb43f906acdfa0fad9205652caa3d0a74b55bdf6ad839 609ae5b)
Encrypted characters string (public key character):
“Hello,world.”
Ciphertext after encryption:
04435dd04fafcbd7eb9bac470ae973f3bd4560a0398373e20d4926
789130882afb208551e8bd21b8ef3cfdf31dccc93eb76859a66a2c8cc1539
c5f4a8db18219feabb9768cfad8a2f3af2c02cd6377d268ee9b3be3ea9f4a3
3c95443beaf80db16ec48cf92a52dfe9b0fe19889b4
Message after decryption:
48656c6c6f2c20776f726c642e, i.e., " ASCII of Hello, world. " are encoded.
Three, cryptographic Hash algorithm sample data:
Secure Hash Algorithm 3SHA3 abstract examples:
Input data (abstract character):
“abc”
Abstract result:
4e03657aea45a94fc7d47ba826c8d667c0d1e6e33a64a036ec44f58fa 12d6c45
SM3 cryptographic Hash algorithm examples:
Input data (abstract character):
“abc”
Abstract result:
66c7f0f462eeedd9d1f2d46bdc10e4e24167c4875cf2f7a2297da02b8 f4ba8e0。
Below to SM2 elliptic curves cryptosystem algorithms, how compatible with ether mill the specific implementation of SM3 cryptographic Hash algorithms is is done into one
Step detailed description.
Digital Signature Algorithm is replaced
ECDSA algorithm brief introductions
The workflow of ECDSA algorithms is introduced first.One group of number that hereinafter systematic parameter is shared by system participant
According to it is all known to any user.We indicate that the signer of message, user B indicate the authentication of message with user A,
dAIndicate the private key of user A, QAIndicate its public key.
Systematic parameter:(CURVE, G, n), wherein CURVE are the elliptic curve that algorithm is based on, the song in ether mill
Line is the secp256k1 curves specified in SEC2-V2 standards;G is the basic point that a rank is prime number on elliptic curve domain, and n is base
The rank of point G.
Key generates:
User A chooses the random number d of safetyA∈ [1, n-1] is used as its private key
User A calculates QA=dA× G is as its public key
Digital signature:User A uses its private key dAIt signs to message m
Calculate e=HASH (m)
Choose the random number k ∈ [1, n-1] of safety
Calculate the point (x on elliptic curve1,y1)=k × G
Calculate r=x1modn
Calculate s=k-1(z+r·dA)modn
Export final signature (r, s)
Signature verification:User B obtain user A to message m ' signature (r ', s ') and its legal public key QA, attempt
Verify the correctness of signature.
Calculate e '=HASH (m ')
Calculate w=s-1modn
Calculate u1=e ' w mod n and u2=rw mod n
Calculate elliptic curve point (x1,y1)=u1×G+u2×QA
If u1=r ', then the signature is legal;Otherwise, signature is illegal
Restore public key:A special operation is that the public key of signer is recovered from signature in ECDSA algorithms.Logical
The limited occasion of letter, storage resource, necessity which can remove transmission from, store signer public key.Ether largely makes in mill
With the operation for restoring public key.The flow for restoring public key from signature is as follows.
According to signature r two point R on elliptic curve are calculated (using r as the abscissa put)1,R2
The inverse r of calculate the signature r-1
The abstract Z=H (M) of calculate the signature message
Calculate the signature person's public key QA
If v=0, public key Q is exportedA=r-1(sR1-zG)
If v=1, public key Q is exportedA=r-1(sR2-zG)
SM2 signature algorithm brief introductions
The workflow of SM2 algorithms is briefly described below.Identical as ECDSA algorithms, hereinafter systematic parameter is to be
One group of data that system participant is shared, it is all known to any user.We indicate the signer of message with user A,
User B indicates the authentication of message, dAIndicate the private key of user A, QAIndicate its public key.
Systematic parameter:(CURVE, G, n), wherein CURVE are the elliptic curve that is based on of algorithm, we used with
The too identical secp256k1 curves in mill;G is the basic point that a rank is prime number on elliptic curve domain, and n is the rank of basic point G.
Key generates:
User A chooses the random number d of safetyA∈ [1, n-1] is used as its private key
User A calculates QA=dA× G is as its public key
Digital signature:User A uses its private key dAIt signs to message m
Calculate e=HASH (m)
Choose the random number k ∈ [1, n-1] of safety
Calculate the point (x on elliptic curve1,y1)=k × G
Calculate r=(e+x1)modn
Calculate s=((1+dA)-1(k+r·dA))modn
Export final signature (r, s)
Signature verification:User B obtain user A to message m ' signature (r ', s ') and its legal public key QA, attempt
Verify the correctness of signature.
Calculate e '=HASH (m ')
Calculate t=(r '+s ') modn
Calculate u1=e ' w mod n and u2=rw mod n
Calculate elliptic curve point (x1,y1)=s ' × G+t × QA
Calculate R=(e '+x1′)modn
If R=r ', which is legal;Otherwise, signature is illegal
Restore public key:Restore the operation of public key from signature in view of largely having been used in ether mill, if the algorithm replaced
It does not support the operation that will certainly cause serious interface incompatibility, whole system is caused to be required for being modified.We have found that
Signature (r, s) in SM2 algorithms has signs similar structure with ECDSA, and also can be from by certain derivation
The public key of signer is recovered in SM2 signatures.
The digest calculations e=HASH (m) of calculate the signature message
Abscissa x=(r-e) the mod n of Point on Elliptic Curve R ' are calculated according to signature r (x- abscissas)
Calculate the inverse invrps=(r+s) of (r+s)-1
Calculate minuss=(r+s)-1·s
Calculate the signature person's public key QA=invrpsR-minussG
Algorithm replaces summary
ECDSA and SM2 algorithms are compared according to the description of 1,2 trifles.
Table 1ECDSA is compared with SM2-DSA algorithms
From in the description of table 1 and 1,2 brief summaries it can be seen that SM2 algorithms and ECDSA algorithms whether in data structure or
All it is identical in the operations such as signature, verification, therefore only needs to modify to the realization inside signature function when being replaced
(obviously, the computational methods of SM2 and ECDSA signatures are different), without being carried out to the relevant interface for being exposed to other modules
Adjustment.Further, since public and private key, the signing structure of two kinds of algorithms are identical, therefore can be directly by the data of ether mill ECDSA
Structure stores these data.
Algorithm, which is replaced, to be described in detail
The encapsulation of all cryptographic algorithm interfaces is contained in the crypto submodules in ether mill.In gb/crypto packets
Realization containing domestic SM2/3/4 algorithms.There are secp256k1 attached bags, the packet to realize under crypto modules
Basic operation on secp256k1 curves domain.All relevant interfaces of signature in crypto modules are listed below, and provide it
Alternative.
2 interface of table replaces list
Public key encryption algorithm is replaced
ECIES algorithm brief introductions
The workflow of ECIES algorithms is briefly described below.In ether mill, ECIES algorithms are used between node
P2P coded communications.One group of data that hereinafter systematic parameter is shared by system participant, it is all to any user
Know.We indicate the sender of data with user B, he uses the public key encryption one piece of data of user A., user's A expression numbers
According to decryption person, he is received encrypted message from user B and it is decrypted using the private key of oneself.dAIndicate user A
Private key, QAIndicate its public key.
Systematic parameter:(CURVE,G,n,s1,s2), wherein CURVE is the elliptic curve that algorithm is based on, in ether mill
The curve is the secp256k1 curves specified in SEC2-V2r standards;G is the basic point that a rank is prime number on elliptic curve domain,
N is the rank of basic point G;S1,S2It is inputted for shared auxiliary
Key generates:
User A chooses the random number d of safetyA∈ [1, n-1] is used as its private key
User A calculates QA=dA× G is as its public key
Data encryption:User B uses the public key Q of user AATo encrypting message m
Choose the random number k ∈ [1, n-1] of safety
Calculate point R=k × G on elliptic curve
Calculate the point (x on elliptic curve1,y1)=k × QA
Calculate kE||kM=KDF (x1||S1)
Encrypt message c=E (kE;m)
Calculate d=MAC (kM;c||S2)
Export ciphertext R | | c | | d
Data deciphering:User A obtains encrypted ciphertext C '=R ' | | c ' | | d ' attempts to use its private key dADecryption
Calculate the point (x on elliptic curve1′,y1')=R ' × dA=k × dA× G=k × QA
Calculate kE′||kM'=KDF (x1′||S1)
Verify d '=MAC (kM′;c′||S2)
Decrypt message m '=D (kE′;c′)
SM2 Encryption Algorithm brief introductions
The workflow of SM Encryption Algorithm is simply introduced below.Hereinafter systematic parameter is shared by system participant
One group of data, it is all known to any user.We indicate the sender of data with user B, he uses the public affairs of user A
Key encrypts one piece of data., the decryption person of user's A expression data, he receives encrypted message from user B and uses oneself
It is decrypted in private key.dAIndicate the private key of user A, QAIndicate its public key.
Systematic parameter:(CURVE,G,n,s1,s2), wherein CURVE is the elliptic curve that algorithm is based on, in ether mill
The curve is the secp256k1 curves specified in SEC2-V2 standards;G is the basic point that a rank is prime number on elliptic curve domain, n
For the rank of basic point G;S1,S2It is inputted for shared auxiliary
Key generates:
User A chooses the random number d of safetyA∈ [1, n-1] is used as its private key
User A calculates QA=dA× G is as its public key
Data encryption:User B uses the public key Q of user AATo encrypting message m
Choose the random number k ∈ [1, n-1] of safety
Calculate the point C on elliptic curve1=k × G, C1According to GB/T 32918.1-2016 part 1s 4.2.8 and 4.2.4
The method migration provided is Bit String
Calculate elliptic curve point (x1,y1)=k × QA
Calculate t=KDF (x1||y1||S1,klen)
Encrypt message
Calculate C3=Hash (x1||m||y1||S2)
Export ciphertext C=C1||C2||C3
Data deciphering:User A obtains encrypted ciphertext C '=C1′||C2′||C3', it attempts to use its private key dASolution
It is close
Calculate the point (x on elliptic curve1′,y1')=C1′×dA=k × dA× G=k × QA
Calculate t '=KDF (x1′||y1′||S1,klen)
Verify C3'=Hash (x1′||m||y1′||S2)
Decrypt message
Algorithm replaces explanation
ECIES is compared with SM2 algorithms according to the description of 1,2 brief summaries
Table 3ECIES is compared with SM2-PKE algorithms
It can be seen that ECIES also remains consistency with SM2 algorithms in data structure, operating method.We
The realization of SM2 public key encryption algorithms is given in crypto/sm2 submodules, realizes that interface is calculated with reference to the ECIES in ether mill
Method.
Table 4ECIES (SM2) algorithm realizes interface
Other modules are by its packet name ecies call function when using ECIES algorithms in ether mill.With p2p/
The 318th behavior examples of rlpx.go:
H.randomPrivKey, err=ecies.GenerateKey (rand.Reader, crypto.S256 (),
nil)
Since the SM2 Encryption Algorithm being newly added belongs to another attached bag sm2, we are by means of a small skill when replacement
To solve the inconsistence problems of name space:The sm2 attached bags of importing are named as " ecies ", since the interface that the two provides is
It is identical, therefore the original function of program is not interfered with, and when method of the new system under calling " ecies " title
What is actually called is the method in sm2 attached bags.
Cryptographic Hash algorithm is replaced
Different from these public key algorithms of ECDSA, SM2, cryptographic Hash algorithm form usually all having the same.
When replacing the SHA3 serial algorithms used in ether mill using SM3, we are primarily upon the problem of algorithm exports length.
We mention in the third trifle of invention content, the use of the SM3 main problems replaced are that its output length only has 256 bits,
And it is the SHA3 algorithms of 512 bits that ether mill, which has used output length,.
We use the KDF3 functions provided in SEC2-V2 standards and the output length of SM2 algorithms are extended to 512
Byte.
KDF3 functions
By KDF3 functions, the output length of hash algorithm Hash can be expanded to arbitrary l byte length by us.
Input:(x,l);Wherein x is the output of original hash function, and l is the hash function output after extension
Output: Hash.eval(I2OSP(0,pamt)||x)||...||Hash.eval(I2OSP(k- 1,pamt)||
x)
Wherein
In the realization of this paper, the Hash hash functions that we expand using SM3 as needs, x is the output of SM3 algorithms,
L is that 512, pamt takes 4.
2 algorithms replace explanation
Crypto moulds SHA3 algorithm interfaces in the block are changed, algorithm is replaced with into SM3 under the premise of not changing interface name
Algorithm after algorithm and use KDF3 expansions.
5 ether mill SHA3/Keccak256 algorithm interfaces of table
The method of ether mill provided in an embodiment of the present invention cryptographic algorithm production domesticization, using domestic cryptographic algorithm replace with
External cryptographic algorithm too in mill, and carry out the adjustment of parameter, the extension of SM3 hashed value length, realized by restoring public key
The verification etc. of SM2 signature algorithms may have implantation back door since external cryptographic algorithm is dangerous, using domestic close after replacement
Code algorithm can realize truly autonomous controllable.
On the basis of the above embodiments, the domestic cryptographic algorithm includes SM2 Digital Signature Algorithms;The type packet
Include signature character;Correspondingly, the type according to the confidential information to be added, obtains encryption corresponding with the type and calculates
Method, including:
If the type of the confidential information to be added is signature character, it is SM2 to obtain Encryption Algorithm corresponding with the type
Digital Signature Algorithm;Wherein, the SM2 Digital Signature Algorithms substitute the ellipse curve signature algorithm in the Open Source Code of ether mill
ECDSA。
Specifically, if cipher processing apparatus judges to know the type of the confidential information to be added as signature character, acquisition and institute
It is SM2 Digital Signature Algorithms to state the corresponding Encryption Algorithm of type;Wherein, the SM2 Digital Signature Algorithms substitute ether mill and open
Ellipse curve signature algorithm ECDSA in source code.Above-described embodiment is can refer to, is repeated no more.
The method of ether mill provided in an embodiment of the present invention cryptographic algorithm production domesticization, by being replaced with SM2 Digital Signature Algorithms
For ECDSA, and encryption information is generated, is conducive to management and control cryptographic algorithm.
On the basis of the above embodiments, the domestic cryptographic algorithm includes SM2 public key encryption algorithms;The type packet
Include public key character;Correspondingly, the type according to the confidential information to be added, obtains encryption corresponding with the type and calculates
Method, including:
If the type of the confidential information to be added is public key character, it is SM2 to obtain Encryption Algorithm corresponding with the type
Public key encryption algorithm;Wherein, the SM2 public key encryption algorithms substitute the elliptic curve integration encryption in the Open Source Code of ether mill
Algorithm ECIES.
Specifically, if cipher processing apparatus judges to know the type of the confidential information to be added as public key character, obtain and institute
It is SM2 public key encryption algorithms to state the corresponding Encryption Algorithm of type;Wherein, the SM2 public key encryption algorithms substitute ether mill and open
Elliptic curve integration encryption algorithm ECIES in source code.Above-described embodiment is can refer to, is repeated no more.
Encrypted information processing method provided in an embodiment of the present invention based on ether mill and domestic cryptographic algorithm, passes through use
SM2 public key encryption algorithms substitute ECIES, and generate encryption information, are conducive to management and control cryptographic algorithm.
On the basis of the above embodiments, the domestic cryptographic algorithm includes SM3 cryptographic Hash algorithms;The type packet
Include abstract character;Correspondingly, the type according to the confidential information to be added, obtains encryption corresponding with the type and calculates
Method, including:
If the type of the confidential information to be added is abstract character, it is SM3 to obtain Encryption Algorithm corresponding with the type
Cryptographic Hash algorithm;Wherein, the SM3 cryptographic Hash algorithm substitutes a series of hash algorithms in the Open Source Code of ether mill.
Specifically, if cipher processing apparatus judges to know the type of the confidential information to be added as abstract character, acquisition and institute
It is SM3 cryptographic Hash algorithms to state the corresponding Encryption Algorithm of type;Wherein, the SM3 cryptographic Hash algorithm substitutes ether mill and opens
A series of hash algorithms in source code.Above-described embodiment is can refer to, is repeated no more.
The method of ether mill provided in an embodiment of the present invention cryptographic algorithm production domesticization, by being replaced with SM3 cryptographic Hash algorithms
For a series of hash algorithms, and encryption information is generated, is conducive to management and control cryptographic algorithm.
On the basis of the above embodiments, the method further includes:
The output length of the SM3 cryptographic Hash algorithm cryptographic Hash is expanded to by byte using cipher key derivation function KDF3
Length L.
Specifically, cipher processing apparatus uses cipher key derivation function KDF3 by the SM3 cryptographic Hash algorithm cryptographic Hash
Output length expands to byte length L.
Different from these public key algorithms of ECDSA, SM2, cryptographic Hash algorithm form usually all having the same.
When replacing the SHA3 serial algorithms used in ether mill using SM3, it is primarily upon the problem of algorithm exports length.Use SM3
The main problem of replacement is that its output length only has 256 bytes, and it is the SHA3 of 512 bytes that ether mill, which has used output length,
Algorithm.The output length of SM3 algorithms is expanded for this purpose, the cipher key derivation function KDF3 provided in SEC2-V2 standards may be used
To 512 bytes.Following method may be used to realize:
Input:(x,L);Wherein x is the output of original hash function, and L is that the hash function after extension exports (after extension
Byte length)
Output:Hash.eval(I2OSP(0,pamt)||x)||...||Hash.eval(I2OSP(k- 1,pamt)||x)
WhereinWherein OutputLen indicates the output length of Hash functions;Expression rounds up to the result of calculation of L/Hash.OutputLen.
During the embodiment of the present invention is realized, the Hash hash functions expanded using SM3 as needs, x is SM3 algorithms
Output, L 512, pamt takes 4.Since L is 512, byte length is extended to 512 bytes to realize.
The method of ether mill provided in an embodiment of the present invention cryptographic algorithm production domesticization, can breathe out SM3 cryptographic Hash algorithms
The output length of uncommon value expands to byte length L.
On the basis of the above embodiments, before the step of acquisition confidential information to be added, the method further includes:
The Encryption Algorithm is configured according to the type of the Encryption Algorithm.
Specifically, cipher processing apparatus configures the Encryption Algorithm according to the type of the Encryption Algorithm.For
Above-mentioned three kinds of situations, are described as follows:
One, SM2 ellipse curve signature algorithms replace ECDSA
Using the catalogue in ether mill as root, ECDSA is realized in crypto/secp256k1, SM2 elliptic curves
Signature algorithm is realized in the gb/crypto/sm2 (store path), replacement when need by gb files copy to
Too under mill in vendor files (specified file), and by all import " github.com/ethereum/ in ether mill
Go-ethereum/crypto/secp256k1 " (lead-in path) replaces with import " gb/crypto/sm2 ", i.e., will be right
The importing of ECDSA packets replaces with the importing to SM2 packets.
Two, SM2 elliptic curves integration encryption algorithm replaces ECIES
Using the catalogue in ether mill as root, ECIES is realized in crypto/ecies, SM2 elliptic curves synthesis
Encryption Algorithm is realized in the gb/crypto/sm2 (store path), replacement when need by gb files copy to
Too under mill in vendor files (specified file), and by all import " github.com/ethereum/ in ether mill
Go-ethereum/crypto/ecies " (lead-in path) replaces with import " gb/crypto/sm2 ", i.e., will be to ecies packets
Importing replace with the importing to SM2 packets.
Three, SM3 cryptographic Hash algorithm replaces SHA series cryptographic Hash algorithms
Using the catalogue in ether mill as root, what the cryptographic Hash algorithm of SHA3 series was realized in crypto/sha3,
SHA256 (SHA2 series) algorithm is that go/src/crypto/sha256 in the libraries go is called to realize, SM3 algorithms and KDF3 algorithms
It is to need to copy gb files under ether mill to when the middle realizations of gb/crypto/sm3 (store path), replacement
In vendor files (specified file), and by all import " github.com/ethereum/go- in ether mill
Ethereum/crypto/sha3 " (lead-in path) replaces with import " gb/crypto/sm3 ", that is, replace with to SM3 packets
It imports.
The method of ether mill provided in an embodiment of the present invention cryptographic algorithm production domesticization is protected by being pre-configured with Encryption Algorithm
Being smoothed out for algorithm replacement is demonstrate,proved.
On the basis of the above embodiments, the type according to the Encryption Algorithm matches the Encryption Algorithm
It sets, including:
According to the type of the Encryption Algorithm, the Encryption Algorithm corresponding with the type of the Encryption Algorithm is obtained
Store path.
Specifically, type of the cipher processing apparatus according to the Encryption Algorithm, obtains the type phase with the Encryption Algorithm
The store path of the corresponding Encryption Algorithm.Above-described embodiment is can refer to, is repeated no more.
According to the store path, the Encryption Algorithm is obtained, and the Encryption Algorithm is copied in specified file.
Specifically, cipher processing apparatus obtains the Encryption Algorithm, and the encryption is calculated according to the store path
Method copies in specified file.Above-described embodiment is can refer to, is repeated no more.
The lead-in path of the type of ether corresponding with the type of Encryption Algorithm mill Open Source Code is replaced by institute
State the store path of Encryption Algorithm.
Specifically, cipher processing apparatus is by the class of ether corresponding with the type of Encryption Algorithm mill Open Source Code
The lead-in path of type is replaced by the store path of the Encryption Algorithm.Above-described embodiment is can refer to, is repeated no more.
The method of ether mill provided in an embodiment of the present invention cryptographic algorithm production domesticization, by specifically configuring Encryption Algorithm,
Further ensure being smoothed out for algorithm replacement.
One of ordinary skill in the art will appreciate that:Realize that all or part of step of above method embodiment can lead to
The relevant hardware of program instruction is crossed to complete, program above-mentioned can be stored in a computer read/write memory medium, the journey
Sequence when being executed, executes step including the steps of the foregoing method embodiments;And storage medium above-mentioned includes:ROM, RAM, magnetic disc or
The various media that can store program code such as person's CD.
Embodiments described above is only schematical, wherein the unit illustrated as separating component can be with
It is or may not be and be physically separated, the component shown as unit may or may not be physical unit,
A place can be located at, or may be distributed over multiple network units.It can select according to the actual needs wherein
Some or all of module achieve the purpose of the solution of this embodiment.Those of ordinary skill in the art are not paying creativeness
Labour in the case of, you can to understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment
The mode of required general hardware platform can be added to realize by software, naturally it is also possible to pass through hardware.Based on such reason
Solution, substantially the part that contributes to existing technology can embody above-mentioned technical proposal in the form of software products in other words
Out, which can store in a computer-readable storage medium, such as ROM/RAM, magnetic disc, CD,
It is used including some instructions so that a computer equipment (can be personal computer, server or the network equipment etc.) is held
Method described in certain parts of each embodiment of row or embodiment.
Finally it should be noted that:The above various embodiments is only to illustrate the technical solution of the embodiment of the present invention rather than right
It is limited;Although the embodiment of the present invention is described in detail with reference to foregoing embodiments, the ordinary skill of this field
Personnel should understand that:It still can be with technical scheme described in the above embodiments is modified, or to which part
Or all technical features carries out equivalent replacement;And these modifications or replacements, do not make the essence of corresponding technical solution de-
Range from each embodiment technical solution of the embodiment of the present invention.
Claims (7)
1. a kind of method of ether mill cryptographic algorithm production domesticization, the method are applied to block platform chain, which is characterized in that packet
It includes:
Obtain confidential information to be added;
According to the type of the confidential information to be added, Encryption Algorithm corresponding with the type is obtained;Wherein, the Encryption Algorithm
It is the domestic cryptographic algorithm for substituting ether mill Open Source Code foreign countries cryptographic algorithm;
The confidential information to be added is encrypted according to the Encryption Algorithm, to generate encryption information.
2. according to the method described in claim 1, it is characterized in that, the domestic cryptographic algorithm includes SM2 Digital Signature Algorithms;
The type includes signature character;Correspondingly, the type according to the confidential information to be added, obtains corresponding with the type
Encryption Algorithm, including:
If the type of the confidential information to be added is signature character, it is SM2 numbers to obtain Encryption Algorithm corresponding with the type
Signature algorithm;Wherein, the SM2 Digital Signature Algorithms substitute the ellipse curve signature algorithm ECDSA in the Open Source Code of ether mill.
3. according to the method described in claim 1, it is characterized in that, the domestic cryptographic algorithm includes SM2 public key encryption algorithms;
The type includes public key character;Correspondingly, the type according to the confidential information to be added, obtains corresponding with the type
Encryption Algorithm, including:
If the type of the confidential information to be added is public key character, it is SM2 public keys to obtain Encryption Algorithm corresponding with the type
Encryption Algorithm;Wherein, the SM2 public key encryption algorithms substitute the elliptic curve integration encryption algorithm in the Open Source Code of ether mill
ECIES。
4. according to the method described in claim 1, it is characterized in that, the domestic cryptographic algorithm includes SM3 cryptographic Hash algorithms;
The type includes abstract character;Correspondingly, the type according to the confidential information to be added, obtains corresponding with the type
Encryption Algorithm, including:
If the type of the confidential information to be added is abstract character, it is SM3 passwords to obtain Encryption Algorithm corresponding with the type
Hash algorithm;Wherein, the SM3 cryptographic Hash algorithm substitutes a series of hash algorithms in the Open Source Code of ether mill.
5. according to the method described in claim 4, it is characterized in that, the method further includes:
The output length of the SM3 cryptographic Hash algorithm cryptographic Hash is expanded to by byte length L using cipher key derivation function KDF3.
6. according to the method described in claim 1, it is characterized in that, before the step of acquisition confidential information to be added, the side
Method further includes:
The Encryption Algorithm is configured according to the type of the Encryption Algorithm.
7. according to the method described in claim 6, it is characterized in that, the type according to the Encryption Algorithm is to the encryption
Algorithm is configured, including:
According to the type of the Encryption Algorithm, the storage of the Encryption Algorithm corresponding with the type of the Encryption Algorithm is obtained
Path;
According to the store path, the Encryption Algorithm is obtained, and the Encryption Algorithm is copied in specified file;
The lead-in path of the type of ether corresponding with the type of Encryption Algorithm mill Open Source Code is replaced by described add
The store path of close algorithm.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711395856.3A CN108306737A (en) | 2017-12-21 | 2017-12-21 | A kind of method of ether mill cryptographic algorithm production domesticization |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711395856.3A CN108306737A (en) | 2017-12-21 | 2017-12-21 | A kind of method of ether mill cryptographic algorithm production domesticization |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108306737A true CN108306737A (en) | 2018-07-20 |
Family
ID=62870562
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711395856.3A Pending CN108306737A (en) | 2017-12-21 | 2017-12-21 | A kind of method of ether mill cryptographic algorithm production domesticization |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108306737A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109104287A (en) * | 2018-07-27 | 2018-12-28 | 众安信息技术服务有限公司 | The method and apparatus communicated in block chain |
CN109547195A (en) * | 2018-11-13 | 2019-03-29 | 阳光保险集团股份有限公司 | A kind of code data processing method and processing device |
CN111654378A (en) * | 2020-05-28 | 2020-09-11 | 广东纬德信息科技股份有限公司 | Data security self-checking method based on electric power security gateway |
CN112968778A (en) * | 2021-02-04 | 2021-06-15 | 西安电子科技大学 | Block chain state encryption algorithm conversion method and system, computer equipment and application |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104901810A (en) * | 2015-06-02 | 2015-09-09 | 浪潮集团有限公司 | Data encryption storage method based on domestic cryptographic algorithm |
CN106130738A (en) * | 2016-08-25 | 2016-11-16 | 杭州天谷信息科技有限公司 | A kind of block catenary system supporting the close algorithm of state |
CN107241196A (en) * | 2017-06-30 | 2017-10-10 | 杰创智能科技股份有限公司 | Digital signature method and system based on block chain technology |
-
2017
- 2017-12-21 CN CN201711395856.3A patent/CN108306737A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104901810A (en) * | 2015-06-02 | 2015-09-09 | 浪潮集团有限公司 | Data encryption storage method based on domestic cryptographic algorithm |
CN106130738A (en) * | 2016-08-25 | 2016-11-16 | 杭州天谷信息科技有限公司 | A kind of block catenary system supporting the close algorithm of state |
CN107241196A (en) * | 2017-06-30 | 2017-10-10 | 杰创智能科技股份有限公司 | Digital signature method and system based on block chain technology |
Non-Patent Citations (1)
Title |
---|
姚忠将等: ""基于区块链原理及应用的综述"", 《科研信息化技术与应用》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109104287A (en) * | 2018-07-27 | 2018-12-28 | 众安信息技术服务有限公司 | The method and apparatus communicated in block chain |
CN109547195A (en) * | 2018-11-13 | 2019-03-29 | 阳光保险集团股份有限公司 | A kind of code data processing method and processing device |
CN111654378A (en) * | 2020-05-28 | 2020-09-11 | 广东纬德信息科技股份有限公司 | Data security self-checking method based on electric power security gateway |
CN111654378B (en) * | 2020-05-28 | 2021-01-05 | 广东纬德信息科技股份有限公司 | Data security self-checking method based on electric power security gateway |
CN112968778A (en) * | 2021-02-04 | 2021-06-15 | 西安电子科技大学 | Block chain state encryption algorithm conversion method and system, computer equipment and application |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11818262B2 (en) | Method and system for one-to-many symmetric cryptography and a network employing the same | |
US9537657B1 (en) | Multipart authenticated encryption | |
CN110096901B (en) | Electronic contract data encryption storage method and signing client | |
CN108306737A (en) | A kind of method of ether mill cryptographic algorithm production domesticization | |
EP0916209A1 (en) | Cryptographic key recovery system | |
KR20070022021A (en) | Method and apparatus for cryptographically processing data | |
CN107135062A (en) | A kind of encryption method of improved big file | |
CN111654511A (en) | Chained data encryption method, chained data decryption method and corresponding systems | |
CN106685980A (en) | Cryptographic method of large files | |
CN114008967A (en) | Authenticated lattice-based key agreement or key encapsulation | |
CN111404953A (en) | Message encryption method, message decryption method, related devices and related systems | |
CN109873699A (en) | A kind of voidable identity public key encryption method | |
Mo et al. | Two-party fine-grained assured deletion of outsourced data in cloud systems | |
WO2018152618A1 (en) | Symmetric cryptographic method and system and applications thereof | |
CN111368333A (en) | Universal block chain key encapsulation technology | |
Kannan et al. | A comparative analysis of DES, AES and RSA crypt algorithms for network security in cloud computing | |
Pushpa | Enhancing Data Security by Adapting Network Security and Cryptographic Paradigms | |
Yadav et al. | Hybrid cryptography approach to secure the data in computing environment | |
kadhim Bermani et al. | Efficient cryptography techniques for image encryption in cloud storage | |
CN115550058B (en) | Shared file transparent encryption method and system | |
Averin et al. | Mathematical Model of Symmetric Cryptoalgorithm Based on Representing Mumbers as Sums of Special Code Elements | |
CN118157930A (en) | Method, device, equipment and medium for encrypting transmission data | |
CN114329627A (en) | Signature method, signature device, computer equipment and storage medium | |
CN113282913A (en) | Password replacement method and device | |
CN114039720A (en) | Unconditional safety authentication encryption method based on LFSR hash |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180720 |
|
RJ01 | Rejection of invention patent application after publication |