CN109246129B - SM2 collaborative signature method and system capable of verifying client identity - Google Patents

SM2 collaborative signature method and system capable of verifying client identity Download PDF

Info

Publication number
CN109246129B
CN109246129B CN201811190701.0A CN201811190701A CN109246129B CN 109246129 B CN109246129 B CN 109246129B CN 201811190701 A CN201811190701 A CN 201811190701A CN 109246129 B CN109246129 B CN 109246129B
Authority
CN
China
Prior art keywords
client
key component
server
public key
integer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811190701.0A
Other languages
Chinese (zh)
Other versions
CN109246129A (en
Inventor
张秋璞
彭竹
曹伟
程学彬
杨涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin Yingdaxin Technology Co ltd
Original Assignee
Tianjin Yingdaxin Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin Yingdaxin Technology Co ltd filed Critical Tianjin Yingdaxin Technology Co ltd
Priority to CN201811190701.0A priority Critical patent/CN109246129B/en
Publication of CN109246129A publication Critical patent/CN109246129A/en
Application granted granted Critical
Publication of CN109246129B publication Critical patent/CN109246129B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Algebra (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention provides an SM2 collaborative signature method and system capable of verifying client identity, wherein the method comprises the following steps: the client randomly generates a plurality of client private key components and corresponding public key components; the server receives a client public key component sent by the client and randomly generates a server private key component and a public key representing the identity of the client; the client generates verification information of a preset message based on the client private key component and the preset message, and sends the verification information to the server; the server verifies the identity of the client, ensures that an illegal client cannot forge verification information, generates response information based on the verification information and the server private key component, and feeds back the response information to the client; and the client generates signature information of the preset message based on the client private key component and the response information. According to the technical scheme, the security of using the SM2 private key at the mobile terminal can be improved.

Description

SM2 collaborative signature method and system capable of verifying client identity
Technical Field
The invention relates to the technical field of information processing, in particular to an SM2 collaborative signature method and system capable of verifying client identity.
Background
The SM2 algorithm refers to the public key cryptographic algorithm specified in GB/T32918 (.1-.5) -2016 (5 sub-standards) information security technology SM2 elliptic curve public key cryptographic algorithm, and can be applied to digital signature verification.
In order to safely use the private key of the user, a special hardware cryptographic module, such as a security chip, a usb key, and an SD encryption card, is generally required to store the private key of the user. In a mobile terminal, the use of a hardware cryptographic module is often inconvenient. Therefore, the SM2 private key is divided into two parts which are respectively stored in the client and the server, signature operation can be realized on the message through cooperative computing of the two parts, both the two parts of the operation can not acquire any information of the private key of the other part and the SM2 private key corresponding to GB/T32918 (.1-5) -2016 < information security technology SM2 elliptic curve public key cryptographic algorithm (with 5 sub-standards), and even if any one part of the operation is mastered by an attacker, the signature can not be forged.
However, in the current implementation, there are at least the following problems: when a first communication party submits a signature request, a second communication party cannot confirm that the signature request submitted by the first communication party is a legal request and cannot confirm the identity of the first communication party, the first communication party falsifies the identities of other people, and the second communication party is required to attempt signature by continuously forging data, so that certain security risk exists. At the same time, there is a possibility that an attacker tampers or forges the Hash value of the message sent by the first communication party.
Disclosure of Invention
The application aims to provide an SM2 collaborative signature method and system capable of verifying client identity, which can improve the security of an SM2 private key.
To achieve the above object, the present application provides an SM2 co-signing method capable of verifying the identity of a client, the method comprising: the client randomly generates a first integer and a second integer as client private key components, and calculates a client first public key component value and a client second public key component value based on the first integer and the second integer respectively; the client side forms a client side public key component by the client side first public key component value and the client side second public key component value, and sends the client side public key component to the server; the server receives a client public key component sent by the client, randomly generates a third integer serving as a server private key component, and generates a public key representing the identity of the client based on the client public key component value and a preset base value; the client generates verification information of a preset message based on the client private key component and the preset message, and sends the verification information to the server; the server receives verification information sent by the client, verifies the identity of the client by using a client public key component, generates response information based on the verification information and the server private key component, and feeds back the response information to the client; and the client generates signature information of the preset message based on the client private key component and the response information.
To achieve the above object, the present application further provides an SM2 collaborative signing system capable of verifying client identity, the system comprising a client and a server, wherein: the client randomly generates a first integer and a second integer as client private key components, and calculates a client first public key component value and a client second public key component value based on the first integer and the second integer respectively; the client side forms a client side public key component by the client side first public key component value and the client side second public key component value, and sends the client side public key component to the server; the server receives a client public key component sent by the client, randomly generates a third integer serving as a server private key component, and generates a public key representing the identity of the client based on the client public key component value and a preset base value; the client generates verification information of a preset message based on the client private key component and the preset message, and sends the verification information to the server; the server receives verification information sent by the client, verifies the identity of the client by using a client public key component, generates response information based on the verification information and the server private key component, and feeds back the response information to the client; and the client generates signature information of the preset message based on the client private key component and the response information.
As can be seen from the above, according to the technical scheme provided by the application, the SM2 private key is divided into a plurality of private key components, wherein the server has one private key component, and the client has the rest private key components. And the client submits a signature request to the server based on the system parameters and part of private key components owned by the system parameters. The server verifies that the identity of the client is the client with the appointed legal private key component, receives the signature request, generates a related partial signature and replies to the client, and the client generates a final SM2 signature by using the private key component according to the previous signature request and the reply of the server. In this way, the security of the SM2 private key can be improved by the way that the server and the client operate cooperatively.
Additional features and advantages of the invention will be set forth in the description which follows. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
The technical solution of the present invention is further described in detail by the accompanying drawings and embodiments.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
fig. 1 is a flowchart of an SM2 co-signing method in an embodiment of the present invention;
fig. 2 is an interaction diagram of the SM2 collaborative signing system in the embodiment of the present invention.
Detailed Description
The preferred embodiments of the present invention will be described in conjunction with the accompanying drawings, and it will be understood that they are described herein for the purpose of illustration and explanation and not limitation.
Referring to fig. 1, the present application provides a SM2 collaborative signing method, including:
s1: the client randomly generates a first integer and a second integer as client private key components, and calculates a client first public key component value and a client second public key component value based on the first integer and the second integer respectively;
s2: the client side sends the client side public key component to a server;
s3: the server receives a client public key component sent by the client, randomly generates a third integer serving as a server private key component, and generates a public key representing the identity of the client based on the client public key component value and a preset base value;
s4: the client generates verification information of a preset message based on the client private key component and the preset message, and sends the verification information to the server;
s5: the server receives verification information sent by the client, verifies the identity of the client by using a client public key component, generates response information based on the verification information and the server private key component, and feeds back the response information to the client;
s6: and the client generates signature information of the preset message based on a client private key and the response information.
In particular, in practical application, the SM2 collaborative signing method capable of verifying the identity of the client is realized by dividing the SM2 private key into a plurality of (more than or equal to 3) private key components, wherein when the client submits a signing request, the server side can verify the identity of the client.
The system uses the elliptic curve parameters E (F) of the SM2 algorithmq) G and n, wherein E (F)q) To be defined in a finite field FqThe elliptic curve E of (A) is defined at Fp(p is a prime number greater than 3) is y2=x3+ ax + b, where a, b ∈ FpAnd (4 a)3+27b2)modp≠0。#E(Fq) Indicating the number of points on the elliptic curve. G is a base point of the elliptic curve, (x)G,yG) Is the coordinate of G point, xG、yGIs FqN is the order of the base point G (n is # E (F)q) H is # E (F)q) Cofactor of (h ═ E (F))q)/n),[k]G denotes the multiplication of a large number k with a point G.
User A has a length of entlenABit distinguishable identification IDANote ENTLAIs composed of an integer entlenATwo bytes converted using a cryptographic hash function H256(SM3) obtaining a hash value Z of user AA=H256(ENTLA||IDA||a||b||xG||yG||xA||yA) Wherein (x)A,yA) Public key P for user AAThe coordinates of the points.
1. Public and private key generation algorithm
C1: the client generates the first integer and the second integer according to the following formula: random generation of d1∈[1,n-2],d2∈[1,n-2];d1Represents said first integer, d2Represents the second integer, (d)1,d2) Is the client private key component;
c2: the client generates the client first public key component value and the client second public key component value according to the following formulas: p1=[d1]G,P2=[d2]P1
Figure GDA0002757027350000051
P1Representing a value of a first public key component, P, of said client2Representing a value of a second public key component of the client;
c3: the client will (P)1,P2) Sending the public key component as a client public key component to a server;
d1: the server side generates the third integer according to the following formula: random generation of d3∈[1,n-2];d3Representing the third integer as a server private key component;
d2: the server side calculates according to the following formula: pA=[d3]P2-G,
Figure GDA0002757027350000052
Wherein P isARepresenting said public key representing the identity of said representative client, P2Representing a client second public key component value sent by the client;
d3: verification [ h]PAIf it is an infinite point, if [ h ]]PAIf the value is the infinity point, returning to D1, regenerating a third integer, and regenerating a public key representing the identity of the client according to the regenerated third integer; if [ h ]]PANot at the point of infinity, PAAs the public key representing the client identity.
2. Collaborative signature algorithm
A1: client setting M ═ ZAI | M, calculate e ═ H256(M') converting the data type of e into an integer according to a method in the standard (GB/T32918.1-2016 general rule of section 1 of the SM2 elliptic curve public key cryptography algorithm);
a2: client randomly generating integer k1∈[1,n-1];
A3: client computing Q1=[k1]P1(x ', y'), and k 'x' mod n is calculated.
A4: client-side computing
Figure GDA0002757027350000053
A5: the client side will (e, Q)1K') as verification information is sent to the server;
b1: server side resolution Q1(x ', y'), calculating k '═ x' mod n;
b2: server side calculation [ (k')-1e]G+[(k″)-1k′]P1And verifying whether the (x ", y") is true, if not, rejecting to execute downwards, and if so, executing downwards.
B3: server side randomly generates integer k2∈[1,n-1],k3∈[1,n-1];
B4: server side computation Q2=[k2]G,Q3=[k3]G,Q′4=[k′]P1+[k2]Q1+Q3=(x′1,y′1);
B5: server-side calculates r '═ e + x'1) mod n, if r 'is 0, return to B3, if r' is not 0, go to B6;
b6: server-side computing
Figure GDA0002757027350000061
B7: server side will (Q)2,Q3,s1,s2) Sending the response information to the user client A;
a6: client computing Q4=[k′]P1+[k1d1]Q2+Q3=(x1,y1) Calculating r ═ e + x1)mod n;
A7: client-side computing
Figure GDA0002757027350000062
If s is 0 or s + r mod n is 0, returning to B1, and if the two are not satisfied, executing A8;
a8: the client converts r and s into byte strings according to a method in a standard (GB/T32918.1-2016 (general rule of information security technology SM2 elliptic curve public key cryptography) part 1), and the signature information of the message M is preset to be (r, s).
A9: the client calls a signature verification algorithm (Verify) in a standard (GB/T32918.2-2016 (information security technology SM2 elliptic curve public key cryptographic algorithm part 2: digital signature algorithm)) to Verify the correctness of the signature.
Any third party can verify the co-signature (r, s) of the user a and the server to the preset message M.
When a signature component r is generated, according to the GB/T32918.2-2016 (information security technology SM 2) elliptic curve public key cryptographic algorithm part 2: definition in digital signature Algorithm, r ═ e + x1) mod n. In the collaborative signature algorithm of the scheme, e is embedded in a signature request submitted by a client, and only x 'needs to be calculated at a server'1mod n, where x'1I.e. x actually used1And use k ' and x ' respectively '1Generating a server-side partial signature s1、s2Finally, the client end calculates the corresponding x1mod n and r, and use s1、s2The final signature (r, s) is synthesized.
Referring to fig. 2, the present application further provides an SM2 collaborative signing system capable of verifying client identity, the system includes a client and a server, wherein:
the client randomly generates a first integer and a second integer as private key components of the client, and calculates a corresponding client first public key component value and a client second public key component value based on the first integer and the second integer respectively;
the client side sends the client side public key component to a server;
the server receives a client public key component sent by the client, randomly generates a third integer serving as a server private key component, and generates a public key which finally represents the identity of the client based on the client public key component value and a preset base point value;
the client generates verification information of a preset message based on the client private key component and the preset message, and sends the verification information to the server;
the server receives verification information sent by the client, verifies the identity of the client by using a client public key component, generates response information based on the verification information and the server private key component, and feeds back the response information to the client;
and the client generates signature information of the preset message based on the client private key component and the response information.
In one embodiment, the client randomly generates the first integer and the second integer according to the following formula:
d1∈[1,n-2],d2∈[1,n-2]
(d1,d2) Is the client private key component. Wherein d is1Represents said first integer, d2Represents the second integer, n represents the order of a preset radix value;
and the client generates the client first public key component value and the client second public key component value according to the following formulas:
P1=[d1]G,P2=[d2]P1
Figure GDA0002757027350000081
wherein, P1Representing a value of a first public key component, P, of said client2Representing the client second public key component value, G representing the preset radix value;
accordingly, the client public key component is denoted as (P)1,P2)。
In one embodiment, the server randomly generates the third integer according to the following formula:
d3∈[1,n-2]
wherein d is3Representing the third integer as a server private key component;
accordingly, the server calculates according to the following formula:
PA=[d3]P2-G,
Figure GDA0002757027350000082
wherein, PARepresenting said public key representing the identity of said representative client, P2Representing a client second public key component value sent by the client.
According to the SM2 collaborative signing method, a threshold scheme is not adopted, a private key can be divided into a plurality of (n is larger than or equal to 3) private key components, wherein a server side has one private key component, and a client side has a plurality of private key components. When the client side submits the signature request, the client side uses the private key component or part of the private key component owned by the client side to carry out identity verification on the server.
When the client side submits the signature request, the online verification of the client side identity is included, and therefore the client side is prevented from using the server side private key component in an unauthorized mode. Any third party can not be disguised as a legal client, and the identity of other users is pretended to require the server to realize partial signature operation so as to attack and analyze the private key component of the client or forge the signature.
After the server side verifies that the signature request comes from a legal client side, partial signature is calculated by using the private key component of the server side, and the partial signature is sent back to the client side. The client uses the private key component of the client and the partial signature replied by the server to generate a part 2 of an elliptic curve public key cryptographic algorithm which finally conforms to GB/T32918.2-2016 (information security technology SM 2): SM2 private key signature in digital signature algorithm format.
When the signature component r is generated, according to GB/T32918.2-2016 (information Security technology SM 2) part 2 of elliptic curve public key cryptography algorithm: definition in digital signature Algorithm, r ═ e + x1) mod n. In the collaborative signature algorithm of the scheme, e is embedded in a signature request submitted by a client, and only x 'needs to be calculated at a server'1mod n, where x'1I.e. x actually used1And use k ' and x ' respectively '1Generating a server-side partial signature s1、s2Finally, the client end calculates the corresponding x1mod n and r, and use s1、s2The final signature (r, s) is synthesized.
As can be seen from the above, according to the technical scheme provided by the application, the SM2 private key is divided into a plurality of private key components, wherein the server has one private key component, and the client has the rest private key components. And the client submits a signature request to the server based on the system parameters and part of private key components owned by the system parameters. The server verifies that the identity of the client is the client with the appointed legal private key component, receives the signature request, generates a related partial signature and replies to the client, and the client generates a final SM2 signature by using the private key component according to the previous signature request and the reply of the server. In this way, the security of the SM2 private key can be improved by the way that the server and the client operate cooperatively.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (9)

1. An SM2 co-signing method capable of verifying client identity, the method comprising:
the client randomly generates a first integer and a second integer as private key components of the client, and calculates a corresponding client first public key component value and a client second public key component value based on the first integer and the second integer respectively;
the client side sends the client side public key component to the server;
the server receives a client public key component sent by the client, randomly generates a third integer serving as a server private key component, and generates a public key which finally represents the identity of the client based on a client public key component value and a preset base value;
the client generates verification information of a preset message based on the client private key component and the preset message, and sends the verification information to the server;
the server receives verification information sent by the client, verifies the identity of the client by using a client public key component, generates response information based on the verification information and the server private key component, and feeds back the response information to the client;
the client generates signature information of the preset message based on the client private key component and the response information;
the client generates verification information of a preset message based on the client private key component and the preset message, and sends the verification information to the server, and the method comprises the following steps:
a1: client setting M ═ ZAI | M, calculate e ═ H256(M') and converting the data type of e into an integer; wherein Z isAA hash value representing user a, M representing said preset message;
a2: client randomly generating integer k1∈[1,n-1]N represents the order of the preset radix value;
a3: client computing Q1=[k1]P1X ' mod n, P, and k ' x ' mod n are calculated1Representing a value of a first public key component of the client;
a4: client-side computing
Figure FDA0002768557090000011
d1Represents the first integer;
a5: the client side will (e, Q)1And k ") is sent to the server as authentication information.
2. The method of claim 1, wherein the first integer and the second integer are randomly generated according to the following formula:
d1∈[1,n-2],d2∈[1,n-2]
(d1,d2) Is the client private key component, wherein d2Represents the second integer.
3. The method according to claim 2, wherein the client first public key component value and the client second public key component value are generated according to the following formulas:
P1=[d1]G,P2=[d2]P1
Figure FDA0002768557090000021
wherein, P2Representing the client second public key component value, G representing the preset radix value;
accordingly, the client public key component is denoted as (P)1,P2)。
4. The method of claim 3, wherein the third integer is randomly generated according to the following formula:
d3∈[1,n-2]
wherein d is3Representing the third integer as a server private key component;
accordingly, it is calculated according to the following formula:
Figure FDA0002768557090000022
wherein, PARepresenting a public key representing the identity of a client, P2Representing the client's second public key component value sent by the client.
5. The method of claim 4, wherein the server receives authentication information sent by the client, verifies the client identity using a client public key component, generates response information based on the authentication information and the server private key component, and feeds back the response information to the client, and comprises:
b1: server resolution Q1(x ', y'), calculating k '═ x' mod n;
b2: server computing [ (k')-1e]G+[(k″)-1k′]P1Verifying whether the (x ", y") is true, if not, rejecting to execute downwards, and if true, executing downwards;
b3: server randomly generates integer k2∈[1,n-1],k3∈[1,n-1];
B4: server compute Q2=[k2]G,Q3=[k3]G,Q′4=[k′]P1+[k2]Q1+Q3=(x′1,y′1);
B5: server calculates r '═ e + x'1) mod n, if r 'is 0, return to B3, if r' is not 0, go to B6;
b6: server computing
Figure FDA0002768557090000031
B7: the server will (Q)2,Q3,s1,s2) And sending the response information to the client.
6. The method of claim 5, wherein the generating, by the client, the signature information of the preset message based on a client private key component and the response information comprises:
a6: client computing Q4=[k′]P1+[k1d1]Q2+Q3=(x1,y1) Calculating r ═ e + x1)mod n;
A7: client-side computing
Figure FDA0002768557090000032
If s is 0 or s + r mod n is 0, returning to B1, and if the two are not satisfied, executing A8;
a8: and the client converts r and s into byte strings and sets the signature information of the preset message M as (r and s).
7. The method according to claim 5 or 6, characterized in that: e is embedded in the signature request submitted by the client side, and only x 'needs to be calculated at the server side'1mod n, and use k ' and x ', respectively '1Generating a server-side partial signature s1、s2Finally, the client end calculates the corresponding x1mod n and r, where x1And x'1Equal, r ═ e + x1) mod n, and use s1、s2The final signature (r, s) is synthesized.
8. An SM2 collaborative signing system, the system comprising a client and a server, wherein:
the client randomly generates a first integer and a second integer as private key components of the client, and calculates a corresponding client first public key component value and a client second public key component value based on the first integer and the second integer respectively;
the client side sends the client side public key component to a server;
the server receives a client public key component sent by the client, randomly generates a third integer serving as a server private key component, and generates a public key which finally represents the identity of the client based on a client public key component value and a preset base value;
the client generates verification information of a preset message based on the client private key component and the preset message, and sends the verification information to the server;
the server receives verification information sent by the client, verifies the identity of the client by using a client public key component, generates response information based on the verification information and the server private key component, and feeds back the response information to the client;
the client generates signature information of the preset message based on a client private key and the response information;
the client generates verification information of a preset message based on the client private key component and the preset message, and sends the verification information to the server, and the method comprises the following steps:
a1: client setting M ═ ZAI | M, calculate e ═ H256(M') and converting the data type of e into an integer; wherein Z isAA hash value representing user a, M representing said preset message;
a2: client randomly generating integer k1∈[1,n-1](ii) a n represents the order of the preset radix value;
a3: client computing Q1=[k1]P1X ' mod n, P, and k ' x ' mod n are calculated1Representing a value of a first public key component of the client;
a4: client-side computing
Figure FDA0002768557090000041
d1Represents the first integer;
a5: the client side will (e, Q)1And k ") is sent to the server as authentication information.
9. The system of claim 8, wherein the client randomly generates the first integer and the second integer according to the following formula:
d1∈[1,n-2],d2∈[1,n-2]
(d1,d2) Is a client private key component, whichIn d2Represents the second integer;
and the client generates the client first public key component value and the client second public key component value according to the following formulas:
P1=[d1]G,P2=[d2]P1
Figure FDA0002768557090000051
wherein, P2Representing the client second public key component value, G representing the preset radix value;
accordingly, the client public key component is denoted as (P)1,P2);
And the server randomly generates the third integer according to the following formula:
d3∈[1,n-2]
wherein d is3Representing the third integer as a server private key component;
accordingly, the server calculates according to the following formula:
Figure FDA0002768557090000052
wherein, PARepresenting a public key representing the identity of a client, P2Representing the client's second public key component value sent by the client.
CN201811190701.0A 2018-10-12 2018-10-12 SM2 collaborative signature method and system capable of verifying client identity Active CN109246129B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811190701.0A CN109246129B (en) 2018-10-12 2018-10-12 SM2 collaborative signature method and system capable of verifying client identity

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811190701.0A CN109246129B (en) 2018-10-12 2018-10-12 SM2 collaborative signature method and system capable of verifying client identity

Publications (2)

Publication Number Publication Date
CN109246129A CN109246129A (en) 2019-01-18
CN109246129B true CN109246129B (en) 2020-12-25

Family

ID=65052182

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811190701.0A Active CN109246129B (en) 2018-10-12 2018-10-12 SM2 collaborative signature method and system capable of verifying client identity

Country Status (1)

Country Link
CN (1) CN109246129B (en)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020168543A1 (en) * 2019-02-22 2020-08-27 云图有限公司 Data processing method and device
WO2020168544A1 (en) * 2019-02-22 2020-08-27 云图有限公司 Data processing method and device
CN109787762B (en) * 2019-02-28 2021-09-21 矩阵元技术(深圳)有限公司 Key management method for server to generate key components respectively and electronic equipment
CN110035065A (en) * 2019-03-12 2019-07-19 华为技术有限公司 Data processing method, relevant apparatus and computer storage medium
CN110224812B (en) * 2019-06-12 2023-03-14 江苏慧世联网络科技有限公司 Method and equipment for communication between electronic signature mobile client and collaboration server based on multi-party security calculation
CN111245594B (en) * 2019-12-31 2023-01-10 航天信息股份有限公司 Homomorphic operation-based collaborative signature method and system
CN111490878B (en) * 2020-04-09 2021-07-27 腾讯科技(深圳)有限公司 Key generation method, device, equipment and medium
CN111600704B (en) * 2020-05-12 2023-08-08 京东科技信息技术有限公司 SM 2-based key exchange method, system, electronic equipment and storage medium
CN113765670B (en) * 2020-06-03 2024-01-26 成都天瑞芯安科技有限公司 Trusted key generation method and system without certificate
CN111817848B (en) * 2020-06-19 2023-01-17 天津赢达信科技有限公司 ECDSA signature method and system for ECC private key segmented storage
CN111934877B (en) * 2020-06-23 2023-07-18 中国科学院信息工程研究所 SM2 collaborative threshold signature method, storage medium and electronic device
CN111756537B (en) * 2020-07-13 2022-11-29 广州安研信息科技有限公司 Two-party cooperative decryption method, system and storage medium based on SM2 standard
CN112187469B (en) * 2020-09-21 2023-09-19 浙江省数字安全证书管理有限公司 SM2 multiparty collaborative digital signature method and system based on key factors
CN114039722A (en) * 2021-01-26 2022-02-11 中安网脉(北京)技术股份有限公司 Secret sharing hidden identity SM2 signature private key generation device and method thereof
CN112968773B (en) * 2021-01-29 2023-11-07 北京无字天书科技有限公司 Key authorization entrusting system and method of SM2 collaborative signature system
CN113595985A (en) * 2021-06-30 2021-11-02 江西海盾信联科技有限责任公司 Internet of things security cloud platform implementation method based on state cryptographic algorithm security chip

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101753311A (en) * 2010-01-14 2010-06-23 杨筑平 Information privacy and identity authentication method and digital signature program
WO2014120121A1 (en) * 2013-01-29 2014-08-07 Certicom Corp. Modified sm2 elliptic curve signature algorithm supporting message recovery
CN104243456A (en) * 2014-08-29 2014-12-24 中国科学院信息工程研究所 Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm
CN107634836A (en) * 2017-09-05 2018-01-26 何德彪 A kind of SM2 digital signature generation method and system
CN107948189A (en) * 2017-12-19 2018-04-20 数安时代科技股份有限公司 Asymmetric cryptography authentication identifying method, device, computer equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101753311A (en) * 2010-01-14 2010-06-23 杨筑平 Information privacy and identity authentication method and digital signature program
WO2014120121A1 (en) * 2013-01-29 2014-08-07 Certicom Corp. Modified sm2 elliptic curve signature algorithm supporting message recovery
CN104243456A (en) * 2014-08-29 2014-12-24 中国科学院信息工程研究所 Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm
CN107634836A (en) * 2017-09-05 2018-01-26 何德彪 A kind of SM2 digital signature generation method and system
CN107948189A (en) * 2017-12-19 2018-04-20 数安时代科技股份有限公司 Asymmetric cryptography authentication identifying method, device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN109246129A (en) 2019-01-18

Similar Documents

Publication Publication Date Title
CN109246129B (en) SM2 collaborative signature method and system capable of verifying client identity
CN107248909B (en) Certificateless secure signature method based on SM2 algorithm
US9853816B2 (en) Credential validation
US7694141B2 (en) Extended authenticated key exchange with key confirmation
US7908482B2 (en) Key confirmed authenticated key exchange with derived ephemeral keys
US7533270B2 (en) Signature schemes using bilinear mappings
US8190895B2 (en) Authenticated key exchange with derived ephemeral keys
CN107623570B (en) SM2 signature method based on addition key segmentation
US7627760B2 (en) Extended authenticated key exchange
CN107395368B (en) Digital signature method, decapsulation method and decryption method in media-free environment
US8422670B2 (en) Password authentication method
CN111200502A (en) Collaborative digital signature method and device
CN107911217B (en) Method and device for cooperatively generating signature based on ECDSA algorithm and data processing system
CN110380846B (en) Electronic medical record patient signature method and system
KR102284396B1 (en) Method for generating pki keys based on bioinformation on blockchain network and device for using them
CN110336664B (en) SM2 cryptographic algorithm-based cross-domain authentication method for information service entity
CN111147245A (en) Algorithm for encrypting by using national password in block chain
CN112118113A (en) Multi-party cooperative group signature method, device, system and medium based on SM2 algorithm
KR101253683B1 (en) Digital Signing System and Method Using Chained Hash
CN111130758B (en) Lightweight anonymous authentication method suitable for resource-constrained equipment
CN114095181A (en) Threshold ring signature method and system based on state cryptographic algorithm
CN110086630B (en) Method for generating digital signature based on Edwards curve
Yoon et al. Cryptanalysis of DS-SIP authentication scheme using ECDH
WO2022116176A1 (en) Method and device for generating digital signature, and server
Tan An efficient pairing‐free identity‐based authenticated group key agreement protocol

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP02 Change in the address of a patent holder
CP02 Change in the address of a patent holder

Address after: 301700 room 519, building C11, venture headquarters base, North Fuyuan Road, development zone, Wuqing District, Tianjin

Patentee after: TIANJIN YINGDAXIN TECHNOLOGY CO.,LTD.

Address before: 301700 building 202, C07, north side of Fuyuan Road, Wuqing District, Tianjin

Patentee before: TIANJIN YINGDAXIN TECHNOLOGY CO.,LTD.

CP02 Change in the address of a patent holder
CP02 Change in the address of a patent holder

Address after: Room 903 and 904, East Tower, Building 5, No. 22, Kaihua Road, Huayuan Industrial Zone, Binhai New Area, Tianjin 300000

Patentee after: TIANJIN YINGDAXIN TECHNOLOGY CO.,LTD.

Address before: 301700 room 519, building C11, venture headquarters base, North Fuyuan Road, development zone, Wuqing District, Tianjin

Patentee before: TIANJIN YINGDAXIN TECHNOLOGY CO.,LTD.