CN108737103A - A kind of SM2 algorithm endorsement methods applied to CS frameworks - Google Patents
A kind of SM2 algorithm endorsement methods applied to CS frameworks Download PDFInfo
- Publication number
- CN108737103A CN108737103A CN201810257242.7A CN201810257242A CN108737103A CN 108737103 A CN108737103 A CN 108737103A CN 201810257242 A CN201810257242 A CN 201810257242A CN 108737103 A CN108737103 A CN 108737103A
- Authority
- CN
- China
- Prior art keywords
- server
- signature
- client
- generates
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 239000000284 extract Substances 0.000 claims abstract 3
- 238000004364 calculation method Methods 0.000 claims description 31
- 230000002159 abnormal effect Effects 0.000 claims description 8
- 238000012795 verification Methods 0.000 claims description 7
- 238000012790 confirmation Methods 0.000 claims description 2
- 230000002452 interceptive effect Effects 0.000 description 7
- 230000004044 response Effects 0.000 description 7
- 238000012360 testing method Methods 0.000 description 7
- 230000003993 interaction Effects 0.000 description 6
- 235000013399 edible fruits Nutrition 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000004071 biological effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 239000008280 blood Substances 0.000 description 1
- 210000004369 blood Anatomy 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 239000004744 fabric Substances 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 230000008092 positive effect Effects 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
- 238000003786 synthesis reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3215—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
Abstract
The invention discloses a kind of SM2 algorithm endorsement methods applied to CS frameworks.This method is:1) client generates sub- private key D1, and server generates sub- private key D2;2) client generates the eap-message digest e of message M to be signed, generates signature request e'=e | | e' is sent to server by b;B is the password being arranged when user end to server is registered;3) server extracts password b from e' and verifies whether it correct, terminates to sign if mistake;If correct, to client, client generates first part signature Q1 and sends it to server feedback acknowledgment information;4) server generates second part signature r according to Q1 and eap-message digest e, and generates Part III signature s2 and Part IV signature s3 according to D2, and r, s2 and s3 are sent to client;5) client generates the signature of message M according to D1, r, s2 and s3.The present invention improves the safety of signature algorithm.
Description
Technical field
The present invention relates to password field, more particularly to a kind of SM2 algorithm endorsement methods applied to CS frameworks.
Background technology
Currently, digital signature and encryption and decryption technology based on public key cryptography have been widely used in e-commerce, identity is recognized
In the applications such as card, become the important tool to ensure information security, and the safety of private key is the basis for ensureing that these applications are safe.
In order to improve private key safety, private key is split and is distributed in different physical equipments by Threshold cryptogrphy algorithm
In, directly storing and using to avoid whole private key informations.For example, in the Threshold Group Signature of one (c, n), private key can divide
In n member, wherein t or t or more members can cooperate to sign completely cloth, and while being less than t member can not then complete
Signature.But often interaction is complicated, number of communications is various for traditional threshold cryptography algorithm.
Signature algorithm based on SM2 algorithms can effectively solve the deficiency of above-mentioned Threshold Group Signature, and provide high safety
Private key is protected.The endorsement method is applied to use client end/server end (Client/Server, CS) framework, and CS frameworks are by task
It is reasonably allocated to client (Client) and server end (Server), reduces the communication-cost of system, but in CS frameworks
In, main resource is assembled to server end, and client usually exists with weak terminal form, such as smart mobile phone.Client is usual
It stores in the form of software and uses private key, therefore protective capacities is poor.
And there is no distinguish application scenarios and application model, the clothes of passive type for the above-mentioned endorsement method based on SM2 algorithms
Business end cooperation mode can not provide enough safeties, sign if server is completely passive, as long as client has private
Key asks for an autograph to server, and server can all respond, then safety realizes essentially the same, security protection of signing with unit/terminal
Ability is poor.On the one hand, attacker's remote control mobile phone obtains client child private key;On the other hand, mobile phone is lost, attacker
Login is cracked, client child private key is obtained.Above-mentioned two situations, attacker can obtain the label under complete private key from server end
Name.The reason of causing the risk is, when synthesis SM2 private keys every time, lacks server end Proactive authentication clients entities body
The mechanism of part, but believe that the holder of original client terminal private key is validated user simply.
Invention content
For the technical problems in the prior art, the present invention provides a kind of SM2 algorithm label applied to CS frameworks
Name method can improve the private key safety in CS frameworks, while no longer assert that the holder of original client terminal private key is certain
It is validated user.Change the completely passive signature scheme of server, be added authentication of the server to client, certification it
It signs again afterwards.
The present invention will respectively be provided based on single factor test and multifactor client identity authentication method, wherein the Dan Yin chosen
Element is divided into folk prescription upload and interactive authentication mode, multifactor, is to combine above-mentioned Multiple factors.It realizes and is applied to CS
The SM2 algorithmic systems of framework.
The authentication of the present invention can be realized by three kinds of basic modes or combinations thereof:
The first:Some secret information known to known (Knowledge) individual subscriber, such as password.
Second:The held anything of all (Possesscs) individual subscribers, such as identity card, passport, credit card, key
Deng.
The third:Personal biological property (Characteristics) such as fingerprint, person's handwriting, sound, DNA patterns, view
Feature etc. in terms of film scanning, hand-type, shape of face, blood group, iris and some personal actions.
In order to achieve the above object, technical scheme of the present invention is realized as follows:
1. single factor test certification SM2 signature algorithms
The single factor test authentication method that the present invention uses is divided into following two types:Folk prescription uploads and interaction is completed.
Wherein, folk prescription upload illustrates by taking password as an example;Interactive authentication common are short message verification code and dynamic password, this
Invention illustrates for using short message verification code mode.
A. folk prescription is used to upload as follows based on SM2 endorsement methods client and server interaction flow:
1.1 keys generate
Step 1.1.1 clients are generated from body private key D1, calculating section public key P1;P1 is sent to server;
Step 1.1.2 servers are generated from body private key D2, and complete public key P is calculated by D2 and P1.
1.2 signature algorithm
It is as follows based on SM2 endorsement methods client and server interaction flow:
1. client generates the eap-message digest e of message M to be signed, signature request e'=e is generated | | e' is sent to clothes by b
Business device;B is the password being arranged when user end to server is registered;
2. server receives e', check whether password b is correct, and mistake then reports an error and exits;
3. server is replied successfully;
4. client generates first part signature Q1, Q1 is sent to server;
5. server generates second part signature r according to Q1 and e, and generates Part III according to D2 and sign s2 and the 4th
It signs a s3 separately, r, s2 and s3 is sent to client;
6. client generates full signature according to D1, r, s2 and s3 and exports.
B. use interactive authentication, the signature algorithm flow interacted with server based on SM2 endorsement methods client as follows:
Signature algorithm
1. client generates the eap-message digest e of message M to be signed, e is sent to server;
2. server sends challenge c to client;
3. client generates first part signature Q1, Q1 ' is generated according to Q1, timestamp tn and answer code c ', client is rung
Answer Q1 ' to server;C ' is the answer code that client is generated according to challenge c;
4. whether server authentication response is correct, mistake then reports an error and exits.If correct, server is given birth to according to Q1 and e
Part III signature s2 and Part IV signature s3 are generated at second part signature r, and according to D2, r, s2 and s3 are sent to visitor
Family end;
5. client generates full signature and the output of message M to be signed according to D1, r, s2 and s3.
2. two-factor authentication SM2 signature algorithms
The safety of password authentication depends on password, but since user setting Cipher Strength is insufficient, password is easy to be hypothesized,
And static password such as is easy to be ravesdropping in transmission process at the reasons in calculator memory and in network, it cannot be guaranteed that system is safe
Property.The authentication of dual factors is added in the present invention, in conjunction with folk prescription upload and two factors of interactive authentication, recognizes client identity
Card.
It is illustrated so that password authentication and short message verification code combine as an example.The each signature request of client need to input static mouth
It enables, signs again after server authentication.Simultaneously for it is abnormal log in, the abnormal behaviours such as frequent requests, set using SIM card as credible
It is standby, phone number is verified, short message verification code is sent, to the identity of confirmation operation person.
2.1 keys generate
Step 2.1.1 clients are generated from body private key D1, calculating section public key P1;P1 is sent to server;
Step 2.1.2 servers are generated from body private key D2;Complete public key P is calculated by D2 and P1.
2.2. signature algorithm
It is as follows based on SM2 endorsement methods client and server interaction flow:
1. client generates the eap-message digest e of message M to be signed, the password b being arranged when inputting to server registration, generate
Signature request e'=e | | e' is sent to server by b;
2. server receives e', check whether password b is correct, and mistake then reports an error and exits;
3. checking the signature request number of client, signature request interval, whether login status etc. is abnormal, if existing abnormal
Situation then sends short message verification code c and gives the client, executes step 4;If abnormal conditions are not present, success message is sent
Success executes step 6 to client;
4. client generates first part signature Q1, by Q1, timestamp and challenge responses c' generate Q1', Q1'=Q1 | |
Tn | | Q1' is sent to server by c';C ' is the answer code that client is generated according to short message verification code c;
5. whether server authentication challenge responses c' is equal to c, does not wait then to report an error and exit;It is equal to then follow the steps 7;
6. client generates first part signature Q1', Q1' is sent to server;
7. server generates second part signature r according to Q1' and e, and generates Part III signature s2 and the 4th according to D2
Part signature s3, client is sent to by r, s2 and s3;
8. client generates full signature according to D1, r, s2 and s3 and exports.
Compared with prior art, the positive effect of the present invention is:
Relative to traditional CS framework signature algorithms, the present invention has higher private key safety, it is desirable that matches jointly at both ends
Lower private key of completing is closed to generate and sign.Specifically, private key is combined by both client and servers to realize the complete of cryptographic algorithm
Portion's process, and any information of private key and sub- private key is not revealed in algorithm calculating process, greatly reinforce the safety of private key
Property.During signature process and decryption, communicating pair only needs to carry out seldom interaction, so as to meet low latency, lack
Interactive demand.No longer assert that the holder of original client terminal private key must be validated user simultaneously.It is complete to change server
Complete passive signature scheme is added authentication of the server to client, signs again after certification, further improve signature
Safety.
When client asks for an autograph to server-side every time, it is both needed to input password b, and log in for abnormal, server carries out
Challenge-response mechanism, client respond Q1' in, including challenge responses and timestamp, prevent Replay Attack, to greatly improve
The safety of signature algorithm.
Description of the drawings
Fig. 1 is the flow chart that folk prescription of the present invention uploads single factor test certification SM2 endorsement method examples;
Fig. 2 is the flow chart of interactive authentication single factor test certification SM2 endorsement method examples of the present invention;
Fig. 3 is the flow chart of two-factor authentication SM2 endorsement method examples of the present invention.
Specific implementation mode
In order to make the purpose , technical scheme and advantage of the present invention be clearer, develop simultaneously embodiment referring to the drawings,
Invention is further described in detail.
Parameter declaration:
SM2 parameters of curve, elliptic curve E are defined in the elliptic curve on finite field Fq, and G is n ranks on elliptic curve E
Basic point.
[*] indicates point multiplication operation, that is, calculates the k times of point of the basic point G of n ranks on elliptic curve E;
Elliptic curve point (x1, y1)=k [*] G, [*] indicate point multiplication operation, that is, calculate the k times of point of Point on Elliptic Curve G;
Fig. 1 is the flow chart that folk prescription of the present invention uploads single factor test certification SM2 endorsement method examples.
Step 11:Z, M are spliced to form M' by client, and calculate Hash (M'), using result of calculation as e, by e, password
B is spliced to form e', wherein Z includes the identity of client identity mark and server, i.e., by the body of client and server
Part mark collectively constitutes, and Hash () indicates scheduled cryptographic Hash function.
Have:M'=Z | | M, | | indicate splicing;
E=Hash (M')
E'=e | | b.
Step 12:E' is sent to server by client.
Step 13:Server inquires customer data base, and whether comparison password b is correct, and mistake then reports an error and exits.
Step 14:Server sends success message success to client.
Step 15:Client generates a random number k 1 between [1, n-1], and calculates k1 [*] G, is tied calculating
Fruit is as Q1.
Have:K1 ∈ [1, n-1], and k1 is integer;
Q1=k1 [*] G, [*] indicate point multiplication operation, that is, calculate the k times of point of Point on Elliptic Curve G.
Step 16:Q1 is sent to server by client.
Step 17:Server generates a random number k 2 between [1, n-1], and calculates k2 [*] G, is calculated
As a result Q2.
Have:K2 ∈ [1, n-1], and k2 is integer;
Q2=k2 [*] G.
Step 18:Server generates a random number k 3 between [1, n-1], calculates k3 [*] Q1 [+] Q2, obtains
Result of calculation (x1, y1), and x1+e mod n are calculated, using result of calculation as r, wherein [+] indicates that elliptic curve point adds fortune
It calculates, mod indicates complementation operation.
Have:K3 ∈ [1, n-1], and k3 is integer;
(x1, y1)=k3 [*] Q1 [+] Q2;
R=x1+e mod n.
Wherein, if r is not equal to 0,19 are thened follow the steps, if r is equal to 0, server can regenerate k3, and recalculate
(x1, y1) and r are obtained, until r is not equal to 0.
Step 19:If r is not equal to 0, server calculates D2*k3mod n, using result of calculation as s2, and calculates D2* (r
+ k2) mod n, using result of calculation as s3.
Have:S2=D2*k3mod n;
S3=D2* (r+k2) mod n.
Step 110:R, s2 and s3 are sent to client by server.
Step 111:Client calculates (D1*k1) * s2+D1*s3-r mod n, obtains result of calculation s.
Have:S=(D1*k1) s2+D1*s3-r mod n.
Wherein, if s is equal to 0 or is equal to n-r, k1 can be regenerated, and step related to this is re-executed, if s
Not equal to 0 and it is not equal to n-r, thens follow the steps 110.
Step 112:If s is not equal to 0 and is not equal to n-r, client exports (r, s) as full signature.
Fig. 2 is the flow chart of interactive authentication single factor test certification SM2 endorsement method examples of the present invention.
Step 21:Z and M are spliced to form M' by client, and calculate Hash (M'), using result of calculation as e, wherein Z packets
Include the identity of client identity mark and server, i.e., it is common by the identity of client and the identity of server
Composition;Hash () indicates scheduled cryptographic Hash function.
Have:M'=Z | | M, | | indicate splicing;
E=Hash (M').
Step 22:E is sent to server by client.
Step 23:Server generates 4 random number c.
Step 24:Server random number c is sent to client.
Step 25:Client generates a random number k 1 between [1, n-1], and calculates k1 [*] G, is tied calculating
Fruit is as Q1.By Q1, timestamp tn and challenge responses code c' generate Q1';
Have:K1 ∈ [1, n-1], and k1 is integer;
Q1=k1 [*] G, Q1'=Q1 | | tn | | c'.
Step 26:Q1' is sent to server by client.
Step 27:Whether the c ' that server authentication client is sent is equal to c, if not receiving sound in unequal or 2min
It answers, then report an error and exits.
Step 28:Server generates a random number k 2 between [1, n-1], and calculates k2 [*] G, is calculated
As a result Q2.
Have:K2 ∈ [1, n-1], and k2 is integer;
Q2=k2 [*] G.
Step 29:Server generates a random number k 3 between [1, n-1], calculates k3 [*] Q1 [+] Q2, obtains
Result of calculation (x1, y1), and x1+e mod n are calculated, using result of calculation as r, wherein [+] indicates that elliptic curve point adds fortune
It calculates.
Have:K3 ∈ [1, n-1], and k3 is integer;
(x1, y1)=k3 [*] Q1 [+] Q2;
R=x1+e mod n.
Wherein, if r is not equal to 0,210 are thened follow the steps, if r is equal to 0, server can regenerate k3, and count again
(x1, y1) and r are obtained, until r is not equal to 0.
Step 210:If r is not equal to 0, server calculates D2*k3mod n, using result of calculation as s2, and calculates D2*
(r+k2) mod n, using result of calculation as s3.
Have:S2=D2*k3mod n;
S3=D2* (r+k2) mod n.
Step 211:R, s2 and s3 are sent to client by server.
Step 212:Client calculates (D1*k1) * s2+D1*s3-r mod n, obtains result of calculation s.
Have:Full signature s=(D1*k1) the s2+D1*s3-r mod n of message M.
Wherein, if s is equal to 0 or is equal to n-r, k1 can be regenerated, and step related to this is re-executed, if s
Not equal to 0 and it is not equal to n-r, thens follow the steps 213.
Step 213:If s is not equal to 0 and is not equal to n-r, client exports (r, s) as full signature.
Meanwhile also exportable message M to be signed.
Fig. 3 is the flow chart of two-factor authentication SM2 endorsement method examples of the present invention.
Step 31:Z, M are spliced to form M' by client, calculate Hash (M'), and using result of calculation as e, e, password b are spelled
It connects to form e', wherein Z includes the identity of client identity mark and server, i.e., by the identity kimonos of client
The identity of business device collectively constitutes, and Hash () indicates scheduled cryptographic Hash function.
Have:M'=Z | | M, | | indicate splicing;
E=Hash (M')
E'=e | | b.
Step 32:E' is sent to server by client.
Step 33:Server inquires customer data base, and whether comparison password b is correct, and mistake then reports an error and exits.
Step 34:Server checks the client signature number, if signature number is more than five times, server generates random number
c;If being less than five times, check that the interval that this request asked for an autograph with last time generates random number if signature interval is less than 5min
c.Execute step 35,36;If there is no abnormal, server sends success message success to client, and client generates one
A random number k 1 between [1, n-1], and k1 [*] G is calculated, using result of calculation as Q1', execute step 37.
Step 35:C is sent to client by server.
Step 36:Client generates a random number k 1 between [1, n-1], and calculates k1 [*] G, is tied calculating
Fruit is as Q1.By Q1, timestamp and challenge responses code c' generate Q1';
Have:K1 ∈ [1, n-1], and k1 is integer;
Q1=k1 [*] G, Q1'=Q1 | | tn | | c'.
Step 37:Q1' is sent to server by client.
Step 38:Whether the c ' that server authentication client is sent is equal to c, if not receiving sound in unequal or 2min
It answers, then report an error and exits.
Step 39:Server generates a random number k 2 between [1, n-1], and calculates k2 [*] G, is calculated
As a result Q2.
Have:K2 ∈ [1, n-1], and k2 is integer;
Q2=k2 [*] G.
Step 310:Server generates a random number k 3 between [1, n-1], calculates k3 [*] Q1 [+] Q2, obtains
Result of calculation (x1, y1), and x1+e mod n are calculated, using result of calculation as r, wherein [+] indicates that elliptic curve point adds fortune
It calculates.
Have:K3 ∈ [1, n-1], and k3 is integer;
(x1, y1)=k3 [*] Q1 [+] Q2;
R=x1+e mod n.
Wherein, if r is not equal to 0,311 are thened follow the steps, if r is equal to 0, server can regenerate k3, and count again
(x1, y1) and r are obtained, until r is not equal to 0.
Step 311:If r is not equal to 0, server calculates D2*k3mod n, using result of calculation as s2, and calculates D2*
(r+k2) mod n, using result of calculation as s3.
Have:S2=D2*k3mod n;
S3=D2* (r+k2) mod n.
Step 312:R, s2 and s3 are sent to client by server.
Step 313:Client calculates (D1*k1) * s2+D1*s3-r mod n, obtains result of calculation s.
Have:S=(D1*k1) s2+D1*s3-r mod n.
Wherein, if s is equal to 0 or is equal to n-r, k1 can be regenerated, and step related to this is re-executed, if s
Not equal to 0 and it is not equal to n-r, thens follow the steps 312.
Step 314:If s is not equal to 0 and is not equal to n-r, client exports (r, s) as full signature.
Meanwhile also exportable message M to be signed.
It is above to implement to be merely illustrative of the technical solution of the present invention rather than be limited, the ordinary skill people of this field
Member can be modified or replaced equivalently technical scheme of the present invention, without departing from the spirit and scope of the present invention, this hair
Bright protection domain should be subject to described in claims.
Claims (10)
1. a kind of SM2 algorithm endorsement methods applied to CS frameworks, step include:
1) client is generated from body private key D1, and server is generated from body private key D2;
2) client generates the eap-message digest e of message M to be signed, generates signature request e'=e | | e' is sent to server by b;
Wherein, b is the password being arranged when user end to server is registered;
3) server extracts password b from e' and verifies whether it correct, terminates to sign if mistake;If correct, feed back
For confirmation message to client, client generates first part signature Q1, and Q1 is sent to server;
4) server generates second part signature r according to signature Q1 and eap-message digest e, and generates Part III signature s2 according to D2
With Part IV signature s3, r, s2 and s3 are sent to client;
5) client generates the full signature of message M according to D1, r, s2 and s3.
2. the method as described in claim 1, which is characterized in that client generate first part signature Q1 method be:Client
End generates a random number k 1 between [1, n-1], and calculates k1 [*] G, using result of calculation as signature Q1;[*] is indicated
Point multiplication operation calculates the k times of point of the basic point G of n ranks on elliptic curve E.
3. method as claimed in claim 2, which is characterized in that server generates second according to signature Q1 and eap-message digest e
The method for signing a r separately is:Server generates a random number k 2 between [1, n-1], and calculates k2 [*] G, is calculated
As a result Q2;Then a random number k 3 between [1, n-1] is generated, k3 [*] Q1 [+] Q2 is calculated, obtains result of calculation
(x1, y1), and x1+e mod n are calculated, using result of calculation as r;If r is equal to 0, server can regenerate a k3, lay equal stress on
(x1, y1) and r is newly calculated, until r is not equal to 0;Wherein, [+] indicates the point add operation on elliptic curve E.
4. the method as described in claim 1, which is characterized in that server generates Part III according to D2 and signs s2 and the 4th
The method for signing a s3 separately is:Server calculates D2*k3mod n, using result of calculation as signature s2;Server calculates D2* (r+
K2) mod n, using result of calculation as signature s3;Full signature s=(D1*k1) the s2+D1*s3-r mod n of message M.
5. a kind of SM2 algorithm endorsement methods applied to CS frameworks, step include:
1) client is generated from body private key D1, and server is generated from body private key D2;
2) client generates the eap-message digest e of message M to be signed, and e is sent to server;
3) server sends challenge c to client;
4) client generates first part signature Q1, generates Q1 ' according to Q1, timestamp tn and answer code c ', client sends out Q1 '
Give server;C ' is the answer code that client is generated according to challenge c;
5) whether the answer code c ' in server authentication Q1 ' is correct, terminates to sign if mistake;If correct, server
Second part signature r is generated according to Q1 and e, and Part III signature s2 and Part IV signature s3 are generated according to D2, by r, s2
It is sent to client with s3;
6) client generates the full signature of message M according to D1, r, s2 and s3.
6. method as claimed in claim 5, which is characterized in that the method that server generates second part signature r according to Q1 and e
For:Server generates a random number k 2 between [1, n-1], and calculates k2 [*] G, obtains result of calculation Q2;Then it produces
A raw random number k 3 between [1, n-1] calculates k3 [*] Q1 [+] Q2, obtains result of calculation (x1, y1), and calculate x1
+ e mod n, using result of calculation as r;If r is equal to 0, server can regenerate a k3, and be calculated again (x1,
Y1) and r, until r is not equal to 0;Wherein, [*] indicates point multiplication operation, that is, calculates k times of the basic point G of n ranks on elliptic curve E
Point, [+] indicate the point add operation on elliptic curve E.
7. method as claimed in claim 5, which is characterized in that the Q1'=Q1 | | tn | | c';Server generates the according to D2
Three parts sign s2 and Part IV signature s3 method be:Server calculates D2*k3mod n, using result of calculation as signature
s2;Server calculates D2* (r+k2) mod n, using result of calculation as signature s3;Full signature s=(D1*k1) s2+ of message M
D1*s3-r mod n。
8. a kind of SM2 algorithm endorsement methods applied to CS frameworks, step include:
1) client is generated from body private key D1, and server is generated from body private key D2;
2) client generates the eap-message digest e of message M to be signed, generates signature request e'=e | | e' is sent to server by b;
Wherein, b is the password being arranged when user end to server is registered;
3) server extracts password b from e' and verifies whether it correct, terminates to sign if mistake;If correct, check
Whether signature request number, signature request interval and the login status of client are abnormal, and certification is sent if there are abnormal conditions
Information c gives the client;
4) client generates first part signature Q1, generates Q1 ' according to Q1, timestamp tn and answer code c ', client sends out Q1 '
Give server;C ' is the answer code that client is generated according to authentication information c;
5) whether the answer code c ' in server authentication Q1 ' is correct, terminates to sign if mistake;If correct, server
Second part signature r is generated according to Q1 and e, and Part III signature s2 and Part IV signature s3 are generated according to D2, by r, s2
It is sent to client with s3;
6) client generates the full signature of message M according to D1, r, s2 and s3.
9. method as claimed in claim 8, which is characterized in that the authentication information c is short message verification code or dynamic password.
10. method as claimed in claim 8, which is characterized in that the Q1'=Q1 | | tn | | c';Server is generated according to D2
Part III sign s2 and Part IV signature s3 method be:Server calculates D2*k3mod n, using result of calculation as label
Name s2;Server calculates D2* (r+k2) mod n, using result of calculation as signature s3;The full signature s=(D1*k1) of message M
s2+D1*s3-r mod n。
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810257242.7A CN108737103B (en) | 2018-03-27 | 2018-03-27 | SM2 algorithm signature method applied to CS framework |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810257242.7A CN108737103B (en) | 2018-03-27 | 2018-03-27 | SM2 algorithm signature method applied to CS framework |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108737103A true CN108737103A (en) | 2018-11-02 |
| CN108737103B CN108737103B (en) | 2021-06-29 |
Family
ID=63941021
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810257242.7A Expired - Fee Related CN108737103B (en) | 2018-03-27 | 2018-03-27 | SM2 algorithm signature method applied to CS framework |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108737103B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111582867A (en) * | 2020-05-11 | 2020-08-25 | 浙江同花顺智能科技有限公司 | Collaborative signature and decryption method and device, electronic equipment and storage medium |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102170357A (en) * | 2011-05-31 | 2011-08-31 | 北京虎符科技有限公司 | Combined secret key dynamic security management system |
| CN102710624A (en) * | 2012-05-24 | 2012-10-03 | 广东电网公司电力科学研究院 | Customizable network identity authentication method based on SM2 algorithm |
| CN103607282A (en) * | 2013-11-22 | 2014-02-26 | 成都卫士通信息产业股份有限公司 | Identity fusion authentication method based on biological characteristics |
| US20140211938A1 (en) * | 2013-01-29 | 2014-07-31 | Certicom Corp. | Modified elliptic curve signature algorithm for message recovery |
| CN104243456A (en) * | 2014-08-29 | 2014-12-24 | 中国科学院信息工程研究所 | Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm |
| CN104618110A (en) * | 2015-01-15 | 2015-05-13 | 中国科学院信息工程研究所 | VoIP safety meeting session key transmission method |
| CN106506168A (en) * | 2016-12-07 | 2017-03-15 | 北京信任度科技有限公司 | A kind of safe method based on biological characteristic long-distance identity-certifying |
| CN106612182A (en) * | 2016-12-22 | 2017-05-03 | 中国电子科技集团公司第三十研究所 | Method for implementing SM2 white-box digital signature based on residue number system |
| CN107370599A (en) * | 2017-08-07 | 2017-11-21 | 收付宝科技有限公司 | A kind of management method, the device and system of remote destroying private key |
| CN107623570A (en) * | 2017-11-03 | 2018-01-23 | 北京无字天书科技有限公司 | A kind of SM2 endorsement methods based on addition Secret splitting |
-
2018
- 2018-03-27 CN CN201810257242.7A patent/CN108737103B/en not_active Expired - Fee Related
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102170357A (en) * | 2011-05-31 | 2011-08-31 | 北京虎符科技有限公司 | Combined secret key dynamic security management system |
| CN102710624A (en) * | 2012-05-24 | 2012-10-03 | 广东电网公司电力科学研究院 | Customizable network identity authentication method based on SM2 algorithm |
| US20140211938A1 (en) * | 2013-01-29 | 2014-07-31 | Certicom Corp. | Modified elliptic curve signature algorithm for message recovery |
| CN103607282A (en) * | 2013-11-22 | 2014-02-26 | 成都卫士通信息产业股份有限公司 | Identity fusion authentication method based on biological characteristics |
| CN104243456A (en) * | 2014-08-29 | 2014-12-24 | 中国科学院信息工程研究所 | Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm |
| CN104618110A (en) * | 2015-01-15 | 2015-05-13 | 中国科学院信息工程研究所 | VoIP safety meeting session key transmission method |
| CN106506168A (en) * | 2016-12-07 | 2017-03-15 | 北京信任度科技有限公司 | A kind of safe method based on biological characteristic long-distance identity-certifying |
| CN106612182A (en) * | 2016-12-22 | 2017-05-03 | 中国电子科技集团公司第三十研究所 | Method for implementing SM2 white-box digital signature based on residue number system |
| CN107370599A (en) * | 2017-08-07 | 2017-11-21 | 收付宝科技有限公司 | A kind of management method, the device and system of remote destroying private key |
| CN107623570A (en) * | 2017-11-03 | 2018-01-23 | 北京无字天书科技有限公司 | A kind of SM2 endorsement methods based on addition Secret splitting |
Non-Patent Citations (4)
| Title |
|---|
| CHOWDHURY, S., MUKHERJEE,: ""Dynamic Authentication Protocol Using Multiple Signatures"", 《WIRELESS PERS COMMUN》 * |
| ZE XU,YUN PAN: ""A Threshold Signature Key Protection Scheme Based on Blind Technology"", 《ICIT 2017: PROCEEDINGS OF THE 2017 INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY》 * |
| 侯红霞: "" 基于数字签名的动态口令认证系统设计"", 《保密科学技术》 * |
| 王婷婷; 侯书会: ""门限签名方案的研究及其安全性分析"", 《计算机工程与应用》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111582867A (en) * | 2020-05-11 | 2020-08-25 | 浙江同花顺智能科技有限公司 | Collaborative signature and decryption method and device, electronic equipment and storage medium |
| CN111582867B (en) * | 2020-05-11 | 2023-09-22 | 浙江同花顺智能科技有限公司 | Collaborative signature and decryption method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108737103B (en) | 2021-06-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11356457B2 (en) | Parameter based key derivation | |
| US10003582B2 (en) | Technologies for synchronizing and restoring reference templates | |
| US20190305938A1 (en) | Threshold secret share authentication proof and secure blockchain voting with hardware security modules | |
| US9197409B2 (en) | Key derivation techniques | |
| CN110177124B (en) | Identity authentication method based on block chain and related equipment | |
| Jarecki et al. | Two-factor authentication with end-to-end password security | |
| CN105553654B (en) | Key information processing method and device, key information management system | |
| CN1921395B (en) | Method for improving security of network software | |
| CN103051453A (en) | Digital certificate-based mobile terminal network security trading system and digital certificate-based mobile terminal network security trading method | |
| EP2761487A1 (en) | Parameter based key derivation | |
| CN109361508A (en) | Data transmission method, electronic equipment and computer readable storage medium | |
| CN109936552A (en) | A kind of cipher key authentication method, server and system | |
| US9917694B1 (en) | Key provisioning method and apparatus for authentication tokens | |
| Jarecki et al. | Two-factor password-authenticated key exchange with end-to-end security | |
| CN106533677A (en) | User login method, user terminal and server | |
| CN110266653A (en) | A kind of method for authenticating, system and terminal device | |
| Baldimtsi et al. | zkLogin: Privacy-Preserving Blockchain Authentication with Existing Credentials | |
| US11082236B2 (en) | Method for providing secure digital signatures | |
| CN108737103A (en) | A kind of SM2 algorithm endorsement methods applied to CS frameworks | |
| CN113545004A (en) | Authentication system with reduced attack surface | |
| CN108512832A (en) | A kind of safe Enhancement Method for OpenStack authentications | |
| US20240121078A1 (en) | Method for controlling validity of an attribute | |
| Jubur | On the Security and Usability of New Paradigms of Web Authentication | |
| Kaur et al. | Review on various authentication scheme over cloud computing | |
| Jarecki et al. | Two-Factor Password-Authenticated Key Exchange with End-to-End Password Security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20210629 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |