CN109274503A - Distributed collaboration endorsement method and distributed collaboration signature apparatus, soft shield system - Google Patents

Distributed collaboration endorsement method and distributed collaboration signature apparatus, soft shield system Download PDF

Info

Publication number
CN109274503A
CN109274503A CN201811308545.3A CN201811308545A CN109274503A CN 109274503 A CN109274503 A CN 109274503A CN 201811308545 A CN201811308545 A CN 201811308545A CN 109274503 A CN109274503 A CN 109274503A
Authority
CN
China
Prior art keywords
signature
elliptic curve
random number
key
point
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811308545.3A
Other languages
Chinese (zh)
Other versions
CN109274503B (en
Inventor
罗燕京
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xinchangcheng Technology Development Co ltd
Original Assignee
Beijing Ren Letter Card Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Ren Letter Card Technology Co Ltd filed Critical Beijing Ren Letter Card Technology Co Ltd
Priority to CN201811308545.3A priority Critical patent/CN109274503B/en
Publication of CN109274503A publication Critical patent/CN109274503A/en
Application granted granted Critical
Publication of CN109274503B publication Critical patent/CN109274503B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Abstract

The present invention relates to a kind of distributed collaboration endorsement method and distributed collaboration signature apparatus, soft shield system, the distributed collaboration endorsement method, include: that the first random number and the second random number are generated according to the elliptic curve parameter of storage, calculates multiple Split Keys, and calculate public key;Distribution storage is carried out to multiple Split Keys, the first Split Key and the second Split Key are divided into according to storage region;Abstract Hash is generated according to message is sent, the first elliptical point is generated according to elliptic curve parameter, and the first signature is calculated according to abstract Hash, the first elliptical point;The first signature is encrypted according to the first Split Key and the second Split Key respectively, calculates the second signature;The first signature of combination and the second signature, obtain full signature.Endorsement method and signature apparatus of the invention, soft shield system generate Split Key and carry out distribution storage in communicating pair, realize that collaboration signature, communicating pair can not get any information of other side's private key, improve the safety of key.

Description

Distributed collaboration endorsement method and distributed collaboration signature apparatus, soft shield system
Technical field
The present invention relates to field of digital signature more particularly to a kind of distributed collaboration endorsement method and distributed collaboration to sign Device, soft shield system.
Background technique
The safety of traditional financial service generallys use USB Key digital certificate to solve safety problem, and USB Key is A kind of hardware device of USB interface, built-in single-chip microcontroller or intelligent card chip, have certain memory space, can store user's Private key and digital certificate are realized the certification of user identity using the public key algorithm built in USB Key, are that one kind generally acknowledges safer Identity identifying technology.
It relies on USB Key hardware device and carrys out digital certificate, in the usage scenarios such as mobile interchange, terminal environments are multiple Miscellaneous, resource is limited, and the certificate and algorithm provided by hardware device can not be used or be restricted.Therefore, virtual key Equipment is industrial trend.
Currently, key is issued on the net, is stored in memory in CPK system, this is both unsafe.
Therefore it provides a kind of distributed collaboration endorsement method and distributed collaboration signature apparatus, soft shield system.
Summary of the invention
In view of the above problems, it proposes on the present invention overcomes the above problem or at least be partially solved in order to provide one kind The distributed collaboration endorsement method and distributed collaboration signature apparatus, soft shield system of problem are stated, Split Key is generated and is being communicated Both sides carry out distribution storage, and two sides, which combine, carries out signature operation to message, realize that collaboration signature, communicating pair can not be got Any information of other side's private key, therefore, attacker cannot all forge a signature in the case where invading one side of any of them, thus Improve the safety of key.
According to an aspect of the present invention, a kind of distributed collaboration endorsement method is provided, comprising the following steps:
The first random number and the second random number are generated according to the elliptic curve parameter of storage, according to the first random number and second Random number calculates multiple Split Keys, and calculates public key according to the first random number and elliptic curve parameter;
Distribution storage is carried out to multiple Split Keys, the first Split Key is divided into according to storage region and the second segmentation is close Key;
Abstract Hash is generated according to message is sent, the first elliptical point is generated according to elliptic curve parameter, and breathe out according to abstract Uncommon, the first elliptical point calculates the first signature;
The first signature is encrypted according to the first Split Key, the first median is calculated, according to the second Split Key pair First median is encrypted, and the second signature is calculated;
The first signature of combination and the second signature, obtain full signature, so that public key carries out sign test to full signature.
Further, elliptic curve parameter includes elliptic curve in finite field, basic point and elliptic curve on elliptic curve The order of upper basic point.
Further, the first random number and the second random number are generated according to the elliptic curve parameter of storage, specific as follows:
D ∈ [1, n-1]
K ∈ [1, n-1]
Wherein, D is the first random number, and K is the second random number, and n is the order of basic point on elliptic curve;
Public key is calculated according to the first random number and elliptic curve parameter, is specifically included:
P=D [*] G
Wherein, D is the first random number, and G is basic point on elliptic curve, and P is public key, and [*] indicates elliptic curve point multiplication operation.
Further, abstract Hash is generated according to transmission message, specific as follows:
E=HASH (M ')
Wherein, e be abstract Hash, M '=Z | | M, Z are identity, and M is message content, | | indicate splicing.
Further, the first elliptical point is generated according to elliptic curve parameter, specific as follows:
k1∈ [1, n-1]
Q1=k1[*]G
Wherein, Q1For the first elliptical point, k1For third random number, n is the order of basic point on elliptic curve, and G is elliptic curve Upper basic point, [*] indicate elliptic curve point multiplication operation.
Further, the first signature is calculated according to abstract Hash, the first elliptical point, specific as follows:
Q1=(x1, y1)
R=(e+x1)mod n
Wherein, r is the first signature, Q1For the first elliptical point, x1For the abscissa of the first elliptical point, y1For the first elliptical point Ordinate, e be abstract Hash.
According to another aspect of the present invention, a kind of distributed collaboration signature apparatus for realizing the above method is provided, comprising:
Public and private key generation module, for generating the first random number and the second random number according to the elliptic curve parameter of storage, Multiple Split Keys are calculated according to the first random number and the second random number, and are calculated according to the first random number and elliptic curve parameter Public key;
Split Key distribution memory module is divided into for carrying out distribution storage to multiple Split Keys according to storage region First Split Key and the second Split Key;
First signature calculation module generates the according to elliptic curve parameter for generating abstract Hash according to sending message One elliptical point, and the first signature is calculated according to abstract Hash, the first elliptical point;
Second signature calculation module calculates among first for being encrypted according to the first Split Key to the first signature Value, encrypts the first median according to the second Split Key, calculates the second signature;
Full signature generation module obtains full signature, for combining the first signature and the second signature so that public key is to complete Whole signature carries out sign test.
Further, the elliptic curve parameter in public and private key generation module and the first signature calculation module includes in finite field Elliptic curve, on elliptic curve on basic point and elliptic curve basic point order.
Further, public and private key generation module includes:
Split Key computing unit, for generating the first random number and second at random according to the elliptic curve parameter of storage Number calculates multiple Split Keys according to the first random number and the second random number;
Public key computing unit, for calculating public key according to the first random number and elliptic curve parameter.
According to another aspect of the invention, a kind of soft shield system, including above-mentioned distributed collaboration signature apparatus are provided.
The present invention has the advantage that compared with prior art
Distributed collaboration endorsement method and distributed collaboration signature apparatus of the invention, soft shield system generate Split Key And distribution storage is carried out in communicating pair, two sides, which combine, carries out signature operation to message, realizes collaboration signature, the equal nothing of communicating pair Method gets any information of other side's private key, and therefore, attacker cannot forge label in the case where invading one side of any of them Name, to improve the safety of key.
Detailed description of the invention
Below in conjunction with drawings and examples, the invention will be further described.
Fig. 1 is distributed collaboration endorsement method block diagram of the invention;
Fig. 2 is Secret splitting example flow chart of the invention;
Fig. 3 is distribution collaboration signature example flow chart of the invention;
Fig. 4 is distributed collaboration signature apparatus block diagram of the invention.
Specific embodiment
Exemplary embodiments of the present disclosure are described in more detail below with reference to accompanying drawings.Although showing the disclosure in attached drawing Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure It is fully disclosed to those skilled in the art.
Those skilled in the art of the present technique are appreciated that unless expressly stated, singular " one " used herein, " one It is a ", " described " and "the" may also comprise plural form.It is to be further understood that being arranged used in specification of the invention Diction " comprising " refer to that there are the feature, integer, step, operation, element and/or component, but it is not excluded that in the presence of or addition Other one or more features, integer, step, operation, element, component and/or their group.
Those skilled in the art of the present technique are appreciated that unless otherwise defined, all terms used herein (including technology art Language and scientific term), there is meaning identical with the general understanding of those of ordinary skill in fields of the present invention.Should also Understand, those terms such as defined in the general dictionary, it should be understood that have in the context of the prior art The consistent meaning of meaning, and unless otherwise will not be explained in an idealized or overly formal meaning by specific definitions.
Fig. 1 is distributed collaboration endorsement method block diagram of the invention, as shown in Figure 1, distributed association provided by the invention Same endorsement method, comprising the following steps:
The first random number and the second random number are generated according to the elliptic curve parameter of storage, according to the first random number and second Random number calculates multiple Split Keys, and calculates public key according to the first random number and elliptic curve parameter;
Distribution storage is carried out to multiple Split Keys, the first Split Key is divided into according to storage region and the second segmentation is close Key;
Abstract Hash is generated according to message is sent, the first elliptical point is generated according to elliptic curve parameter, and breathe out according to abstract Uncommon, the first elliptical point calculates the first signature;
The first signature is encrypted according to the first Split Key, the first median is calculated, according to the second Split Key pair First median is encrypted, and the second signature is calculated;
The first signature of combination and the second signature, obtain full signature, so that public key carries out sign test to full signature.
Wherein, elliptic curve parameter includes elliptic curve in finite field, base on basic point and elliptic curve on elliptic curve The order of point.
Further, the first random number and the second random number are generated according to the elliptic curve parameter of storage, specific as follows:
D ∈ [1, n-1]
K ∈ [1, n-1]
Wherein, D is the first random number, and K is the second random number, and n is the order of basic point on elliptic curve;
Public key is calculated according to the first random number and elliptic curve parameter, is specifically included:
P=D [*] G
Wherein, D is the first random number, and G is basic point on elliptic curve, and P is public key, and [*] indicates elliptic curve point multiplication operation.
Further, abstract Hash is generated according to transmission message, specific as follows:
E=HASH (M ')
Wherein, e be abstract Hash, M '=Z | | M, Z are identity, and M is message content, | | indicate splicing.
Further, the first elliptical point is generated according to elliptic curve parameter, specific as follows:
k1∈ [1, n-1]
Q1=k1[*]G
Wherein, Q1For the first elliptical point, k1For third random number, n is the order of basic point on elliptic curve, and G is elliptic curve Upper basic point, [*] indicate elliptic curve point multiplication operation.
Further, the first signature is calculated according to abstract Hash, the first elliptical point, specific as follows:
Q1=(x1, y1)
R=(e+x1)mod n
Wherein, r is the first signature, Q1For the first elliptical point, x1For the abscissa of the first elliptical point, y1For the first elliptical point Ordinate, e be abstract Hash.
Distributed collaboration endorsement method of the invention generates Split Key and carries out distribution storage, two sides in communicating pair Combine and signature operation is carried out to message, realizes that collaboration signature, communicating pair can not get any information of other side's private key, because This, attacker cannot forge a signature in the case where invading one side of any of them, to improve the safety of key.
For embodiment of the method, for simple description, therefore, it is stated as a series of action combinations, but this field Technical staff should be aware of, and embodiment of that present invention are not limited by the describe sequence of actions, because implementing according to the present invention Example, some steps may be performed in other sequences or simultaneously.Secondly, those skilled in the art should also know that, specification Described in embodiment belong to preferred embodiment, the actions involved are not necessarily necessary for embodiments of the present invention.
Distributed collaboration endorsement method of the invention can be using in soft shield system, and soft shield of the invention includes soft shield client End and soft shield backstage, wherein soft shield backstage hierarchical design specifically includes that
Interface layer: providing interface, for being compatible with each type operating system, for data encryption, digital signature, signature verification, Key management, authentication etc.;
Safe practice: being that soft shield mentions by cryptographic key protection such as key encryption and key dispersion, device-fingerprint, security hardening For security service;
File system: the storage of all kinds of sensitive datas such as key and digital certificate etc. is mainly carried out.
Fig. 2 is Secret splitting example flow chart of the invention, as shown in Fig. 2, Fig. 2 shows generate segmentation for communicating pair Private key, and calculate the flow diagram of public key.
Herein, sender and recipient share elliptic curve parameter E (Fq), G and the n of SM2 algorithm, and elliptic curve E is The elliptic curve being defined on finite field Fq, G indicate elliptic curve E on n rank basic point, specific value of each parameter etc. all in accordance with The close SM2 algorithm of state is preset.
Specific step is as follows for Secret splitting:
First, sender generates the first random number as D.That is:
D ∈ [1, n-1]
Second, sender generates two the second random numbers as K, C.That is:
K ∈ [1, n-1]
C ∈ [1, n-1]
Third calculates Split Key, and is stored in different safety zones respectively, and private key D is no longer kept separately i.e.:
D1=[K* (1+D)]-1*C
D2=K*C
D3=G-1
D4=K*D
Wherein, * is modular multiplication.
4th, calculate public key
P=D [*] G
Wherein, [*] indicates elliptic curve point multiplication operation.
Particularly, ECC algorithm, the close SM3 algorithm of state, the close SM4 algorithm of state be can use and replace the close SM2 algorithm of state.
Fig. 3 is distribution collaboration signature flow chart of the invention, as shown in figure 3, distribution collaboration signature is specific as follows:
First, Z and M are spliced to form M ' by soft shield client, and calculate HASH (M '), using calculated result as e, wherein Z Indicate soft shield client and the common identity in backstage of soft shield, M indicates that message content, HASH () indicate that scheduled password is miscellaneous Gather function.Have:
M '=Z | | M
Wherein, | | indicate splicing;E=HASH (M ').
Second, soft shield client generates third random number k1, and calculate k1[*] G, using calculated result as Q1, and Q1With E sends backstage.Have:
k1∈ [1, n-1]
Q1=k1[*]G
Third, soft shield client is according to e and Q1Signature first part r is calculated.
Q1=(x1, y1)
R=(e+x1)mod n
4th, Split Key is distributed and is stored, soft shield client stores D1、D2, soft shield backstage storage D3、D4, then make first Use D1、D2It carries out that S is calculated1、S2:
S1=D1*D2*k1
S2=D1*r
5th, soft shield backstage reuses D3、D4Continue that s is calculated:
S=S1*D3+S2*D4
6th, finally obtain signature value sign=r | | s.
7th, verifying signer, that is, recipient carries out sign test using public key P, and specific algorithm is referring to " GM/T003.2- 2012SM2 ellipse permission public key algorithm part 2: Digital Signature Algorithm " in the 7th chapter " verification algorithm of digital signature and Process ".
For example, sign test is carried out using public key P, it is specific as follows:
(1) whether verification r ∈ [1, n-1] is true, verifies if setting up and does not pass through;
(2) whether verification s ∈ [1, n-1] is true, verifies if setting up and does not pass through;
(3) it sets
(4) it calculates
(5) t=(r+s) is calculated;If t=0 is verified and is not passed through;
(6) elliptic curve point (x is calculated1, y1)=[s] G+ [t] PA
(7) R=(e+x is calculated1) whether mod n checking R=r true, it is verified if setting up;Otherwise it verifies obstructed It crosses.
Fig. 4 is distributed collaboration signature apparatus block diagram of the invention, as shown in figure 4, distributed collaboration provided by the invention Signature apparatus, comprising:
Public and private key generation module, for generating the first random number and the second random number according to the elliptic curve parameter of storage, Multiple Split Keys are calculated according to the first random number and the second random number, and are calculated according to the first random number and elliptic curve parameter Public key;
Split Key distribution memory module is divided into for carrying out distribution storage to multiple Split Keys according to storage region First Split Key and the second Split Key;
First signature calculation module generates the according to elliptic curve parameter for generating abstract Hash according to sending message One elliptical point, and the first signature is calculated according to abstract Hash, the first elliptical point;
Second signature calculation module calculates among first for being encrypted according to the first Split Key to the first signature Value, encrypts the first median according to the second Split Key, calculates the second signature;
Full signature generation module obtains full signature, for combining the first signature and the second signature so that public key is to complete Whole signature carries out sign test.
Further, the elliptic curve parameter in public and private key generation module and the first signature calculation module includes in finite field Elliptic curve, on elliptic curve on basic point and elliptic curve basic point order.
As shown in figure 4, public and private key generation module includes:
Split Key computing unit, for generating the first random number and second at random according to the elliptic curve parameter of storage Number calculates multiple Split Keys according to the first random number and the second random number;
Public key computing unit, for calculating public key according to the first random number and elliptic curve parameter.
As shown in figure 4, the first signature calculation module includes:
Abstract Hash generation unit, for generating abstract Hash according to transmission message;
First elliptical point generation unit, for generating the first elliptical point according to elliptic curve parameter;
First signature calculation unit, for calculating the first signature according to abstract Hash, the first elliptical point.
Distributed collaboration signature apparatus of the invention generates Split Key and carries out distribution storage, two sides in communicating pair Combine and signature operation is carried out to message, realizes that collaboration signature, communicating pair can not get any information of other side's private key, because This, attacker cannot forge a signature in the case where invading one side of any of them, to improve the safety of key.
For device embodiment, since it is basically similar to the method embodiment, related so being described relatively simple Place illustrates referring to the part of embodiment of the method.
Soft shield system provided by the invention includes above-mentioned distributed collaboration signature apparatus, specifically, soft shield packet of the invention Soft shield client and soft shield backstage are included, distributed collaboration signature apparatus a part is mounted on soft shield client, another part installation On soft shield backstage, wherein soft shield backstage hierarchical design specifically includes that
Interface layer: providing interface, for being compatible with each type operating system, for data encryption, digital signature, signature verification, Key management, authentication etc.;
Safe practice: being that soft shield mentions by cryptographic key protection such as key encryption and key dispersion, device-fingerprint, security hardening For security service;
File system: the storage of all kinds of sensitive datas such as key and digital certificate etc. is mainly carried out.
Soft shield through the invention provides trustable digital signature, authentication, encrypting and decrypting etc. of the terminal without hardware medium Security service provides cross-platform, reliable, unified security service to be directed to mobile Internet, Internet of Things and conventional internet.
Soft shield system of the invention generates Split Key and carries out distribution storage in communicating pair, and two sides combine to message Signature operation is carried out, realizes that collaboration signature, communicating pair can not get any information of other side's private key, therefore, attacker It in the case where invading one side of any of them, cannot all forge a signature, to improve the safety of key.
The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although with reference to the foregoing embodiments Invention is explained in detail, those skilled in the art should understand that: it still can be to aforementioned each implementation Technical solution documented by example is modified or equivalent replacement of some of the technical features;And these modification or Replacement, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution.

Claims (10)

1. a kind of distributed collaboration endorsement method, which comprises the following steps:
The first random number and the second random number are generated according to the elliptic curve parameter of storage, it is random according to the first random number and second Number calculates multiple Split Keys, and calculates public key according to the first random number and elliptic curve parameter;
Distribution storage is carried out to multiple Split Keys, the first Split Key and the second Split Key are divided into according to storage region;
Abstract Hash is generated according to message is sent, the first elliptical point is generated according to elliptic curve parameter, and according to abstract Hash, the One elliptical point calculates the first signature;
The first signature is encrypted according to the first Split Key, the first median is calculated, according to the second Split Key to first Median is encrypted, and the second signature is calculated;
The first signature of combination and the second signature, obtain full signature, so that public key carries out sign test to full signature.
2. distributed collaboration endorsement method according to claim 1, which is characterized in that elliptic curve parameter includes finite field On elliptic curve, on elliptic curve on basic point and elliptic curve basic point order.
3. distributed collaboration endorsement method according to claim 2, which is characterized in that according to the elliptic curve parameter of storage The first random number and the second random number are generated, specific as follows:
D ∈ [1, n-1]
K ∈ [1, n-1]
Wherein, D is the first random number, and K is the second random number, and n is the order of basic point on elliptic curve;
Public key is calculated according to the first random number and elliptic curve parameter, is specifically included:
P=D [*] G
Wherein, D is the first random number, and G is basic point on elliptic curve, and P is public key, and [*] indicates elliptic curve point multiplication operation.
4. distributed collaboration endorsement method according to claim 1, which is characterized in that generate abstract Kazakhstan according to message is sent It is uncommon, specific as follows:
E=HASH (M ')
Wherein, e be abstract Hash, M '=Z | | M, Z are identity, and M is message content, | | indicate splicing.
5. distributed collaboration endorsement method according to claim 4, which is characterized in that generate the according to elliptic curve parameter One elliptical point, specific as follows:
k1∈ [1, n-1]
Q1=k1[*]G
Wherein, Q1For the first elliptical point, k1For third random number, n is the order of basic point on elliptic curve, and G is base on elliptic curve Point, [*] indicate elliptic curve point multiplication operation.
6. distributed collaboration endorsement method according to claim 5, which is characterized in that according to abstract Hash, the first ellipse Point calculates the first signature, specific as follows:
Q1=(x1, y1)
R=(e+x1)mod n
Wherein, r is the first signature, Q1For the first elliptical point, x1For the abscissa of the first elliptical point, y1For the vertical of the first elliptical point Coordinate, e are abstract Hash.
7. a kind of distributed collaboration signature apparatus for realizing claim 1 the method characterized by comprising
Public and private key generation module, for generating the first random number and the second random number according to the elliptic curve parameter of storage, according to First random number and the second random number calculate multiple Split Keys, and calculate public affairs according to the first random number and elliptic curve parameter Key;
Split Key is distributed memory module and is divided into first according to storage region for carrying out distribution storage to multiple Split Keys Split Key and the second Split Key;
First signature calculation module, for it is ellipse to generate first according to elliptic curve parameter according to message generation abstract Hash is sent Dot, and the first signature is calculated according to abstract Hash, the first elliptical point;
Second signature calculation module calculates the first median, root for encrypting according to the first Split Key to the first signature The first median is encrypted according to the second Split Key, calculates the second signature;
Full signature generation module obtains full signature, for combining the first signature and the second signature so that public key is to complete label Name carries out sign test.
8. distributed collaboration signature apparatus according to claim 7, which is characterized in that public and private key generation module and the first label Elliptic curve parameter in name computing module includes elliptic curve in finite field, base on basic point and elliptic curve on elliptic curve The order of point.
9. distributed collaboration signature apparatus according to claim 8, which is characterized in that public and private key generation module includes:
Split Key computing unit, for generating the first random number and the second random number, root according to the elliptic curve parameter of storage Multiple Split Keys are calculated according to the first random number and the second random number;
Public key computing unit, for calculating public key according to the first random number and elliptic curve parameter.
10. a kind of soft shield system, including distributed collaboration signature apparatus described in claim 7.
CN201811308545.3A 2018-11-05 2018-11-05 Distributed collaborative signature method, distributed collaborative signature device and soft shield system Active CN109274503B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811308545.3A CN109274503B (en) 2018-11-05 2018-11-05 Distributed collaborative signature method, distributed collaborative signature device and soft shield system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811308545.3A CN109274503B (en) 2018-11-05 2018-11-05 Distributed collaborative signature method, distributed collaborative signature device and soft shield system

Publications (2)

Publication Number Publication Date
CN109274503A true CN109274503A (en) 2019-01-25
CN109274503B CN109274503B (en) 2022-01-04

Family

ID=65192774

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811308545.3A Active CN109274503B (en) 2018-11-05 2018-11-05 Distributed collaborative signature method, distributed collaborative signature device and soft shield system

Country Status (1)

Country Link
CN (1) CN109274503B (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109818730A (en) * 2019-03-06 2019-05-28 矩阵元技术(深圳)有限公司 Acquisition methods, device and the server of Proxy Signature
CN109981592A (en) * 2019-02-28 2019-07-05 矩阵元技术(深圳)有限公司 Multi-client multiserver joint generates the method and electronic equipment of key
CN110048839A (en) * 2019-04-26 2019-07-23 山东渔翁信息技术股份有限公司 A kind of digital signature method, device and storage medium
CN110224811A (en) * 2019-05-13 2019-09-10 中国联合网络通信集团有限公司 Internet of Things cipher processing method, apparatus and system
CN110457006A (en) * 2019-07-22 2019-11-15 上海朝夕网络技术有限公司 The hardware based distributed multi-party random digit generation method of one kind and system
CN111010276A (en) * 2019-10-25 2020-04-14 武汉大学 Multi-party combined SM9 key generation and ciphertext decryption method and medium
CN111191263A (en) * 2019-12-30 2020-05-22 北京天威诚信电子商务服务有限公司 Pdf electronic signature method and system
CN111510299A (en) * 2020-04-10 2020-08-07 宁波富万信息科技有限公司 Joint digital signature generation method, electronic device, and computer-readable medium
WO2020181822A1 (en) * 2019-03-12 2020-09-17 平安科技(深圳)有限公司 Method and apparatus for checking consistency of encrypted data, and computer device and storage medium
CN112653554A (en) * 2020-12-30 2021-04-13 成都卫士通信息产业股份有限公司 Signature method, system, equipment and readable storage medium
CN112737783A (en) * 2019-10-28 2021-04-30 航天信息股份有限公司 Decryption method and device based on SM2 elliptic curve
WO2021127951A1 (en) * 2019-12-24 2021-07-01 云图技术有限公司 Method and device for generating two-party collaborative eddsa digital signature
CN114567448A (en) * 2022-04-29 2022-05-31 华南师范大学 Collaborative signature method and collaborative signature system
CN114567448B (en) * 2022-04-29 2022-08-02 华南师范大学 Collaborative signature method and collaborative signature system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104243456A (en) * 2014-08-29 2014-12-24 中国科学院信息工程研究所 Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm
CN106685648A (en) * 2016-12-15 2017-05-17 北京三未信安科技发展有限公司 Distributed signature method and system based on elliptical curve
CN107196763A (en) * 2017-07-06 2017-09-22 数安时代科技股份有限公司 SM2 algorithms collaboration signature and decryption method, device and system
CN107370599A (en) * 2017-08-07 2017-11-21 收付宝科技有限公司 A kind of management method, the device and system of remote destroying private key
CN107623570A (en) * 2017-11-03 2018-01-23 北京无字天书科技有限公司 A kind of SM2 endorsement methods based on addition Secret splitting
EP2947812B1 (en) * 2013-01-17 2018-03-14 Nippon Telegraph and Telephone Corporation Segmented secret-key storage system, segment storage apparatus segmented secret-key storage method
CN108494551A (en) * 2018-03-16 2018-09-04 数安时代科技股份有限公司 Processing method, system, computer equipment and storage medium based on collaboration key

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2947812B1 (en) * 2013-01-17 2018-03-14 Nippon Telegraph and Telephone Corporation Segmented secret-key storage system, segment storage apparatus segmented secret-key storage method
CN104243456A (en) * 2014-08-29 2014-12-24 中国科学院信息工程研究所 Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm
CN106685648A (en) * 2016-12-15 2017-05-17 北京三未信安科技发展有限公司 Distributed signature method and system based on elliptical curve
CN107196763A (en) * 2017-07-06 2017-09-22 数安时代科技股份有限公司 SM2 algorithms collaboration signature and decryption method, device and system
CN107370599A (en) * 2017-08-07 2017-11-21 收付宝科技有限公司 A kind of management method, the device and system of remote destroying private key
CN107623570A (en) * 2017-11-03 2018-01-23 北京无字天书科技有限公司 A kind of SM2 endorsement methods based on addition Secret splitting
CN108494551A (en) * 2018-03-16 2018-09-04 数安时代科技股份有限公司 Processing method, system, computer equipment and storage medium based on collaboration key

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
丽萍等: "基于椭圆曲线的盲签名在电子现金中的方案设计", 《河南理工大学学报(自然科学版)》 *
景旭等: "无完全可信PKG身份签名的分层CES方案", 《山东大学学报(理学版)》 *
王晓峰等: "分布式协同设计内容摘录签名方案", 《计算机集成制造系统》 *

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109981592A (en) * 2019-02-28 2019-07-05 矩阵元技术(深圳)有限公司 Multi-client multiserver joint generates the method and electronic equipment of key
CN109818730A (en) * 2019-03-06 2019-05-28 矩阵元技术(深圳)有限公司 Acquisition methods, device and the server of Proxy Signature
WO2020181822A1 (en) * 2019-03-12 2020-09-17 平安科技(深圳)有限公司 Method and apparatus for checking consistency of encrypted data, and computer device and storage medium
CN110048839A (en) * 2019-04-26 2019-07-23 山东渔翁信息技术股份有限公司 A kind of digital signature method, device and storage medium
CN110224811A (en) * 2019-05-13 2019-09-10 中国联合网络通信集团有限公司 Internet of Things cipher processing method, apparatus and system
CN110224811B (en) * 2019-05-13 2022-05-06 中国联合网络通信集团有限公司 Internet of things encryption processing method, device and system
CN110457006A (en) * 2019-07-22 2019-11-15 上海朝夕网络技术有限公司 The hardware based distributed multi-party random digit generation method of one kind and system
CN110457006B (en) * 2019-07-22 2021-08-06 上海朝夕网络技术有限公司 Distributed multi-party random number generation method and system based on hardware
CN111010276A (en) * 2019-10-25 2020-04-14 武汉大学 Multi-party combined SM9 key generation and ciphertext decryption method and medium
CN112737783A (en) * 2019-10-28 2021-04-30 航天信息股份有限公司 Decryption method and device based on SM2 elliptic curve
WO2021127951A1 (en) * 2019-12-24 2021-07-01 云图技术有限公司 Method and device for generating two-party collaborative eddsa digital signature
CN111191263A (en) * 2019-12-30 2020-05-22 北京天威诚信电子商务服务有限公司 Pdf electronic signature method and system
CN111510299A (en) * 2020-04-10 2020-08-07 宁波富万信息科技有限公司 Joint digital signature generation method, electronic device, and computer-readable medium
CN111510299B (en) * 2020-04-10 2021-03-19 宁波富万信息科技有限公司 Joint digital signature generation method, electronic device, and computer-readable medium
CN112653554A (en) * 2020-12-30 2021-04-13 成都卫士通信息产业股份有限公司 Signature method, system, equipment and readable storage medium
CN114567448A (en) * 2022-04-29 2022-05-31 华南师范大学 Collaborative signature method and collaborative signature system
CN114567448B (en) * 2022-04-29 2022-08-02 华南师范大学 Collaborative signature method and collaborative signature system

Also Published As

Publication number Publication date
CN109274503B (en) 2022-01-04

Similar Documents

Publication Publication Date Title
CN109274503A (en) Distributed collaboration endorsement method and distributed collaboration signature apparatus, soft shield system
CN106961336B (en) A kind of key components trustship method and system based on SM2 algorithm
CN107579819B (en) A kind of SM9 digital signature generation method and system
CN107483212B (en) Method for generating digital signature by cooperation of two parties
CN109003083A (en) A kind of ca authentication method, apparatus and electronic equipment based on block chain
CN107483191B (en) SM2 algorithm key segmentation signature system and method
CN104967693B (en) Towards the Documents Similarity computational methods based on full homomorphism cryptographic technique of cloud storage
CN108650080B (en) A kind of tagged keys management method and system
CN109672530A (en) Anti- quantum calculation digital signature method and anti-quantum calculation digital signature system based on unsymmetrical key pond
CN108347404A (en) A kind of identity identifying method and device
CN109936456B (en) Anti-quantum computation digital signature method and system based on private key pool
CN109800588B (en) Dynamic bar code encryption method and device and dynamic bar code decryption method and device
CN106713349A (en) Inter-group proxy re-encryption method capable of resisting selected ciphertext attack
CN109889344A (en) The transmission method and computer readable storage medium of terminal, data
Hahn et al. Trustworthy delegation toward securing mobile healthcare cyber-physical systems
CN105763322B (en) A kind of encryption key isolation digital signature method and system obscured
TW202029693A (en) Computer implemented system and method for distributing shares of digitally signed data
Latif et al. A Review on Key Management and Lightweight Cryptography for IoT
CN109687977A (en) Anti- quantum calculation digital signature method and anti-quantum calculation digital signature system based on multiple pool of keys
Anand et al. EECDH to prevent MITM attack in cloud computing
Kasodhan et al. A new approach of digital signature verification based on BioGamal algorithm
WO2020212796A1 (en) Computer implemented method and system for encrypting data
CN110266483A (en) Based on unsymmetrical key pond to and the quantum communications service station cryptographic key negotiation method of QKD, system, equipment
CN105187213B (en) A kind of method of computer information safe
Surya et al. Single sign on mechanism using attribute based encryption in distributed computer networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB03 Change of inventor or designer information

Inventor after: Luo Yanjing

Inventor after: Liu Peng

Inventor before: Luo Yanjing

CB03 Change of inventor or designer information
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: A1501, 15 / F, No. 22, Zhongguancun Street, Haidian District, Beijing 100089

Patentee after: Beijing xinchangcheng Technology Development Co.,Ltd.

Address before: 100080 room 1505, 15 / F, block B, 3 Haidian Street, Haidian District, Beijing

Patentee before: BEIJING RENXINZHENG TECHNOLOGY CO.,LTD.