CN109412813B - The endorsement method of elliptic curve, sign test method and apparatus - Google Patents

The endorsement method of elliptic curve, sign test method and apparatus Download PDF

Info

Publication number
CN109412813B
CN109412813B CN201811076382.0A CN201811076382A CN109412813B CN 109412813 B CN109412813 B CN 109412813B CN 201811076382 A CN201811076382 A CN 201811076382A CN 109412813 B CN109412813 B CN 109412813B
Authority
CN
China
Prior art keywords
signature
parameter
target value
signature result
elliptic curve
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811076382.0A
Other languages
Chinese (zh)
Other versions
CN109412813A (en
Inventor
李鹏坤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Haitai Fangyuan High Technology Co Ltd
Original Assignee
Beijing Haitai Fangyuan High Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Haitai Fangyuan High Technology Co Ltd filed Critical Beijing Haitai Fangyuan High Technology Co Ltd
Priority to CN201811076382.0A priority Critical patent/CN109412813B/en
Publication of CN109412813A publication Critical patent/CN109412813A/en
Application granted granted Critical
Publication of CN109412813B publication Critical patent/CN109412813B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Mathematical Physics (AREA)
  • Physics & Mathematics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Computing Systems (AREA)
  • Mathematical Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The invention discloses a kind of endorsement methods of elliptic curve, sign test method and apparatus.Wherein, this method comprises: obtaining elliptic curve domain parameter, default private key integer corresponding with signature message;Mould based on elliptic curve is long to be converted to corresponding signature parameter set for integer, wherein includes one or more signature parameters in signature parameter set, the length of signature parameter is less than default bit wide;It is signed according to the random number of generation, elliptic curve domain parameter and default private key to signature parameter, obtains the signature result of message to be signed.The present invention solves and message is grouped processing in the longer situation of message in the prior art, so that the technical issues of signature result of message is short of integrality.

Description

The endorsement method of elliptic curve, sign test method and apparatus
Technical field
The present invention relates to data processing field, in particular to a kind of endorsement method of elliptic curve, sign test method and Device.
Background technique
Currently, in prime field provided by embedded chip cipher code arithmetic assisting processor elliptic curve cryptography bit wide L is usually 256.Signature algorithm such as SM2 algorithm, the bit wide of acceptable input data D are 256, the result one of signature As be expressed as (R, S), wherein R be the hashed value e of random number k, basic point G, plaintext is calculated as a result, S be using R, random number k and private key d be calculated as a result, the bit wide of R and S is respectively 256.
Hash algorithm such as SM3 algorithm will can be transformed in plain text 256 Hash values, in order to the bright of random length Text is digitally signed, and common mode is to carry out hash operation to plaintext in advance, is then counted to the result of hash operation Word signs to obtain signature result (R, S).
The defect of the introducing of hash algorithm is that digital signature procedure generates dependence to the safety of hash algorithm.Once miscellaneous The algorithm that gathers is found effective collision, then the credibility of digital signature will be queried.For improve digital signature confidence level, It needs directly to sign to message in special scenes.The special scenes include the transferred account service in Web bank, at this time Message D includes target account information and the amount information etc. transferred accounts.
If the length of message D is greater than algorithm bit wide L, need to convert message and be grouped, obtains grouping D1、 D2..., Dn, etc. n grouping, then call existing signature process to sign each grouping, obtain (R1, S1)、(R2, S2)、……、(RN, SN) it is signature result.The defect of this mode is to sacrifice the integrality of message D, makes attacker can be with Using the partial data of existing signed data replacement current signature, and server-side can not identify this replacement, so as to cause report Text may be distorted by attacker.
Message is grouped processing in the longer situation of message in the prior art, so that the signature result of message is owed The problem of lacking integrality, currently no effective solution has been proposed.
Summary of the invention
The embodiment of the invention provides a kind of endorsement methods of elliptic curve, sign test method and apparatus, existing at least to solve Have in technology and message is grouped processing in the longer situation of message, so that the technology of the signature result shortcoming integrality of message Problem.
According to an aspect of an embodiment of the present invention, a kind of endorsement method of elliptic curve is provided, comprising: obtain oval Curve field parameter, default private key and the corresponding integer of message to be signed;Mould based on elliptic curve is long to be converted to correspondence for integer Signature parameter set, wherein include one or more signature parameters in signature parameter set, the length of signature parameter is less than pre- If bit wide;Signed according to the random number of generation, elliptic curve domain parameter and the default private key to signature parameter, obtain to The signature result of signature message.
Further, the first quotient and the first remainder are obtained with target value by integer division, wherein target value is for indicating It is the truth of a matter with 2, with the value of a length of index of mould;It determines that the first remainder is the first signature parameter, and judges whether the first quotient is greater than mesh Scale value;If the first quotient is less than target value, it is determined that the first quotient is the second signature parameter;If the first quotient is greater than or equal to target Value then obtains the second quotient and the second remainder divided by target value by the first quotient;Determine that the second remainder is the second signature parameter, and Judge whether the second quotient is greater than target value;It is long divided by mould by the second quotient if the second quotient is greater than or equal to target value, until N-th obtained of quotient is less than target value.
Further, elliptic curve domain parameter includes: preset order, equation coefficient, mould length and basic point coordinate.
Further, random number is generated;According to random number and basic point coordinate, elliptic curve point coordinate is generated;It will be oval bent The target value of default dimension in line point coordinate is added with signature parameter, and will add up and match exponents modulus, signed The corresponding first signature result parameter of name parameter;Operation is carried out to the first signature result parameter according to default private key and order, is obtained To the second signature result parameter;According to the first signature result parameter and the second signature result parameter, signature result is obtained.
Further, after obtaining the corresponding first signature result parameter of signature parameter, if the first signature result is joined The sum of several and random number is equal to order, then the step of generating random number is reentered, to generate new random number.
Further, the second signature result parameter: s is calculated by following formulai=((1+dA)-1(k-ri*dA)) mod n, Wherein, siFor indicating i-th of second signature result parameters, dAFor indicating default private key, riFor indicating i-th first label Name result parameter, n is for indicating order.
According to another aspect of an embodiment of the present invention, a kind of sign test method of elliptic curve is additionally provided, is applied to above-mentioned Elliptic curve endorsement method, comprising: obtain the signature result of message to be signed, wherein signature result include multiple groups signature Result parameter, every group includes a first signature result parameter and a second signature result parameter;To every group of signature result In the case that Verification passes through, according to the first signature result parameter in every group of signature result parameter, every group of signature is restored The corresponding target value of result parameter, wherein target value is that the target value of dimension is preset in elliptic curve point coordinate;According to every group of label The corresponding target value of name result, whether sign test passes through the determining signature result to message to be signed.
Further, if the corresponding target value of every group of signature result is identical, it is determined that the signature knot of message to be signed Fruit sign test passes through.
According to another aspect of an embodiment of the present invention, a kind of signature apparatus of elliptic curve is additionally provided, comprising: obtain mould Block, for obtaining elliptic curve domain parameter, default private key and the corresponding integer of message to be signed;Conversion module, for based on ellipse The mould of circular curve is long to be converted to corresponding signature parameter set for integer, wherein includes one or more in signature parameter set Signature parameter, the length of signature parameter are less than default bit wide;Signature blocks, for the random number according to generation, elliptic curve domain Parameter and the default private key sign to signature parameter, obtain the signature result of message to be signed.
According to another aspect of an embodiment of the present invention, a kind of sign test device of elliptic curve is additionally provided, is applied to above-mentioned Elliptic curve signature apparatus, including obtain module, for obtaining the signature result of message to be signed, wherein signature result Including multiple groups signature result parameter, every group includes a first signature result parameter and a second signature result parameter;Reduction Module, for being signed according to first in every group of signature result parameter in the case where passing through to every group of signature result Verification Name result parameter, restores the corresponding target value of every group of signature result parameter, wherein target value is pre- in elliptic curve point coordinate If the target value of dimension;Determining module, for determining the label to message to be signed according to the corresponding target value of every group of signature result Whether sign test passes through name result.
According to another aspect of an embodiment of the present invention, a kind of storage medium is additionally provided, storage medium includes the journey of storage Sequence, wherein equipment where control storage medium executes the endorsement method or above-mentioned ellipse of above-mentioned elliptic curve in program operation The sign test method of circular curve.
According to another aspect of an embodiment of the present invention, a kind of processor is additionally provided, processor is used to run program, In, program executes the endorsement method of above-mentioned elliptic curve or the sign test method of above-mentioned elliptic curve when running.
In embodiments of the present invention, elliptic curve domain parameter, default private key and the corresponding integer of message to be signed, base are obtained Integer is converted into corresponding signature parameter set in the mould length of elliptic curve, is joined according to the random number of generation and elliptic curve domain The several and default private key signs to signature parameter, obtains the signature result of message to be signed.Above scheme by using The mould of elliptic curve is long, and the corresponding integer of message to be signed is converted to multiple signature parameters, reuses identical random number pair Multiple signature parameters carry out signature calculation, multiple groups signature result are obtained, since the operation of each signature parameter requires random number It participates in, therefore every group of obtained signature result is also all related to random number, to ensure that the integrality of message to be signed, in turn It solves and message is grouped processing in the longer situation of message in the prior art, so that the signature result shortcoming of message is complete The technical issues of property.
Further, the application above scheme only needs to generate in minimum situation a random number, therefore relative to existing Have at least need to generate in technology N (N is quantity to the signature parameter obtained after the corresponding Integer Decomposition of message to be signed, and Signature parameter in the prior art is different from the signature parameter in the application) calculating of a random number, additionally it is possible to reach raising meter Calculate the purpose of efficiency.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present invention, constitutes part of this application, this hair Bright illustrative embodiments and their description are used to explain the present invention, and are not constituted improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart of the endorsement method of elliptic curve according to an embodiment of the present invention;
Fig. 2 is the flow chart of the sign test method of elliptic curve according to an embodiment of the present invention;
Fig. 3 is the schematic diagram of the sign test device of elliptic curve according to an embodiment of the present invention;And
Fig. 4 is the schematic diagram of the sign test device of elliptic curve according to an embodiment of the present invention.
Specific embodiment
In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only The embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people The model that the present invention protects all should belong in member's every other embodiment obtained without making creative work It encloses.
It should be noted that description and claims of this specification and term " first " in above-mentioned attached drawing, " Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should be understood that using in this way Data be interchangeable under appropriate circumstances, so as to the embodiment of the present invention described herein can in addition to illustrating herein or Sequence other than those of description is implemented.In addition, term " includes " and " having " and their any deformation, it is intended that cover Cover it is non-exclusive include, for example, the process, method, system, product or equipment for containing a series of steps or units are not necessarily limited to Step or unit those of is clearly listed, but may include be not clearly listed or for these process, methods, product Or other step or units that equipment is intrinsic.
Embodiment 1
According to embodiments of the present invention, a kind of embodiment of the endorsement method of elliptic curve is provided, it should be noted that The step of process of attached drawing illustrates can execute in a computer system such as a set of computer executable instructions, also, It, in some cases, can be to be different from shown in sequence execution herein although logical order is shown in flow charts The step of out or describing.
Fig. 1 is the flow chart of the endorsement method of elliptic curve according to an embodiment of the present invention, as shown in Figure 1, this method packet Include following steps:
Step S102 obtains elliptic curve domain parameter, the default corresponding integer of private key message to be signed.
Specifically, above-mentioned elliptic curve domain parameter can be preset, it may include ellipse in an alternative embodiment The order etc. in circular curve domain.
Message to be signed can be used to indicate that different contents in different application scenarios, for example, in the field of banking Under scape, message to be signed can be the content sent between the intelligent terminal of user and bank server.Message to be signed is corresponding Integer refer to integer corresponding to the character string of message to be signed, can be obtained by a variety of preset functions, such as Parselnt () function.
In an alternative embodiment, by taking banking as an example, user by the bank application software on intelligent terminal, It transfers accounts to other accounts, after user issues transfer instructions, intelligent terminal issues message, the message to the server of bank The transfer instructions issued for informing the server user of bank, the letter for being included to the message in the message transmissions Breath carries out carrying out source acknowledgement, needs to carry out ellipse curve signature, which is message to be signed.
Step S104, the mould based on elliptic curve is long to be converted to corresponding signature parameter set for integer, wherein signature ginseng Manifold includes one or more signature parameters in closing, and the length of signature parameter is less than default bit wide.
Specifically, above-mentioned signature parameter indicates the parameter of the signature operation for directly participating in elliptic curve.Elliptic curve Mould it is long be fixed for special algorithm, for example, for SM2 ellipse curve public key cipher algorithm, the long len (p) of mould =256.
Integer biggish for bit wide, after the long conversion of the mould of elliptic curve, the quantity of corresponding signature parameter is more, Integer lesser for bit wide, after the long conversion of the mould of elliptic curve, the negligible amounts of corresponding signature parameter, that is, whole The quantity of the corresponding signature parameter of number and the length proportional of integer.
In the case where a kind of special, integer is after the long conversion of mould, a corresponding signature parameter, in this case, Illustrate that the length of integer is less than scheduled bit wide, can directly carry out signature operation without the long conversion of mould.
Above-mentioned signature parameter set is for indicating integer itself, since the length of integer is greater than preset bit wide, it is difficult into Row signature algorithm, therefore above scheme is long according to the mould of elliptic curve, and integer is converted to multiple length and is not more than default bit wide Signature parameter, since the length of each signature parameter is not more than default bit wide, can for each signature parameter into Row ellipse curve signature operation.
Step S106 signs to signature parameter according to the random number of generation, elliptic curve domain parameter and default private key, Obtain the signature result of message to be signed.
Above-mentioned random number is that algorithm generates, and in the case where signature parameter is multiple, signature result also includes multiple groups, by In the operation of each signature parameter require the random number participate in, therefore every group of obtained signature result also all with the random number phase It closes, to ensure that the integrality of message to be signed.
It in an alternative embodiment, is a with signature parameteriFor, i is the quantity of signature parameter, generates random number k Afterwards, using random number k to each signature parameter aiIt is calculated, obtains the first signature result parameter ri, then to riOperation is carried out to obtain To the second signature result parameter si.Obtaining riAnd siIt later, can be by riAnd siIt is combined, obtains signature result (ri, si), Wherein, due to each riIt is all calculated by random number k, therefore each riRandom number k all having the same, so that often Group (ri, si) between all have certain incidence relation.
It is corresponded to from the foregoing, it will be observed that the above embodiments of the present application obtain elliptic curve domain parameter, default private key and message to be signed Integer, mould based on elliptic curve is long to be converted to corresponding signature parameter set for integer, according to the random number of generation, ellipse Curve field parameter and default private key sign to signature parameter, obtain the signature result of message to be signed.Above scheme passes through It is long using the mould of elliptic curve, the corresponding integer of message to be signed is converted into multiple signature parameters, is reused identical random It is several to multiple signature parameters carry out signature calculation, obtain multiple groups signature result, due to the operation of each signature parameter require with Machine number participates in, therefore every group of obtained signature result is also all related to random number, thus ensure that the integrality of message to be signed, And then solve and message is grouped processing in the longer situation of message in the prior art, so that the signature result of message is short of The technical issues of integrality.
Further, the application above scheme only needs to generate in minimum situation a random number, therefore relative to existing Have at least need to generate in technology N (N is quantity to the signature parameter obtained after the corresponding Integer Decomposition of message to be signed, and Signature parameter in the prior art is different from the signature parameter in the application) calculating of a random number, additionally it is possible to reach raising meter Calculate the purpose of efficiency.
As a kind of optional embodiment, the mould based on elliptic curve is long to be converted to corresponding signature parameter collection for integer It closes, comprising:
Step S1021 obtains the first quotient and the first remainder by integer division with target value, wherein target value is for indicating It is the truth of a matter with 2, with the value of a length of index of mould.
Specifically, above-mentioned target value is 2len(p), in the case where len (p)=256, target value 2256
Step S1023 determines that the first remainder is the first signature parameter, and judges whether the first quotient is greater than target value.
By taking ai is signature parameter as an example, if the first remainder is t1, the first quotient is q1, then a1=t1, and is judged whether full Sufficient q1 > 2256
Step S1025, if the first quotient is less than target value, it is determined that the first quotient is the second signature parameter.
In q1 < 2256In the case where, determine a2=q1, at this point, the decomposition for corresponding to integer to message to be signed terminates, this is whole The corresponding signature parameter of number includes a1 and a2.
Step S1027, by the first quotient divided by target value, obtains second if the first quotient is greater than or equal to target value Quotient and the second remainder.
In q1 > 2256In the case where, it needs to continue to decompose the corresponding integer of message to be signed, continues the side decomposed Formula is the quotient obtained using last computation, i.e. the first quotient obtains the second quotient q2 and the second remainder t2 divided by target value.
Step S1029 determines that the second remainder is the second signature parameter, and judges whether the second quotient is greater than target value.
In q1 > 2256In the case where, determine a2=t1, and whether 2 are greater than to q2256Judged, to determine whether to continue It is decomposed.
Step S10210, it is long divided by mould by the second quotient if the second quotient is greater than target value, until n-th obtained Quotient is less than target value.
If q2 > 2256, then using q2 divided by 2256, and obtained third quotient is made whether to be greater than 2256Judgement, thus It is recycled using the above method always, until certain quotient is divided by 2256Quotient later is less than 2256, that is, stop continuing to decompose, and Obtain the corresponding all signature parameters of integer.
In the following, with a complete above-mentioned conversion to integer of process description:
S00: it is loaded into elliptic curve domain parameter, including rank n, private key dA
S01: it is loaded into the character string M of message to be signed, completes the format checking of M;
S02:M is converted to integer e;
S03: i=0 is enabled;
S04: e is calculated divided by 2len(p), quotient q and remainder r are obtained, wherein len (p) is that mould is long;
S05: a is enabledi=r;
S06: if q is less than 2len(p), S08 is thened follow the steps, it is no to then follow the steps S07;
S07: e=q, i=i+1 are enabled, and is back to S04;
S08: a is enabledi+1=q;
S09: n=i+1 is enabled.
As a kind of optional embodiment, elliptic curve domain parameter includes: preset order, equation coefficient, mould length and base Point coordinate.
As a kind of optional embodiment, signature parameter is signed according to the random number of generation and elliptic curve domain parameter Name, obtains the signature result of message to be signed, comprising:
Step S1061 generates random number.
Step S1063 generates elliptic curve point coordinate according to random number and basic point coordinate.
Specifically, above-mentioned elliptic curve point is used to indicate point on elliptic curve, basic point coordinate can be from obtaining in advance It is obtained in elliptic curve parameter.
In an alternative embodiment, still by taking random number is k as an example, elliptic curve point coordinate is (x.y), then (x, y) =[k] G, wherein [k] G is for indicating that k and G carries out point multiplication operation.
The target value of default dimension in elliptic curve point coordinate is added with signature parameter, and will add up by step S1065 Obtain and match exponents modulus, obtains the corresponding first signature result parameter of signature parameter.
Specifically, above-mentioned operation can be indicated with following formula: ri=(ai+ x) mod n, wherein riFor the first signature knot Fruit parameter, aiFor signature parameter, x is the x value in elliptic curve point coordinate, and n is the order in elliptic curve domain parameter.
Step S1067 carries out operation to the first signature result parameter according to default private key and order, obtains the second signature knot Fruit parameter.
Step S1069 obtains signature result according to the first signature result parameter and the second signature result parameter.
In an alternative embodiment, the first signature result parameter is ri, and the second signature result parameter is si, then obtains Signature result be (ri, si)。
As a kind of optional embodiment, after obtaining the corresponding first signature result parameter of signature parameter, method is also If including: that the sum of the first signature result parameter and random number are equal to order, the step of generating random number is reentered, with life The random number of Cheng Xin.
Herein it should be noted that if ri+ k is equal to n, i.e., if the sum of the first signature result parameter and random number are equal to Order, then the signature is easier to be tampered there are security breaches, it is therefore desirable to regenerate new random number, generate newly After random number, old random number is abandoned, and recalculates each r using new random numberi
As a kind of optional embodiment, operation is carried out to the first signature result parameter according to default private key and order, is obtained To the second signature result parameter, comprising:
The second signature result parameter is calculated by following formula:
si=((1+dA)-1(k-ri*dA)) mod n,
Wherein, siFor indicating i-th of second signature result parameters, dAFor indicating default private key, ri is for indicating i-th A first signature result parameter, n is for indicating order.
In the following, continuing to be illustrated the endorsement method of the elliptic curve in the application after above-mentioned steps S09.
S10: random number k is generated;
S11: elliptic curve point (x, y)=[k] G is calculated;
S12: i=0 is enabled;
S13: r is calculatedi=(ai+x)mod n;
S14: if riEqual to 0 or ri+ k is equal to n, then is back to S10;
S15: i=i+1 is enabled;
S16: if i is less than n, it is back to S13;
S17: i=0 is enabled;
S18: s is calculatedi=((1+dA)-1(k-ri*dA))mod n;
S19: if siEqual to 0, then to S10;
S20: i=i+1 is enabled;
S21: if i is less than n, it is back to S18;
S22: setting output is null character string;
S23:i=0;
S24: by (ri,si) it is converted into character string Ti
S25: output=output is enabled | | Ti
S26: i=i+1 is enabled;
S27: if i is less than n, until S24;
S28: the output output digital signature as M.
Embodiment 2
According to embodiments of the present invention, a kind of ellipse of endorsement method applied to the elliptic curve in embodiment 1 is provided The embodiment of the sign test method of curve, Fig. 2 are the flow charts of the sign test method of elliptic curve according to an embodiment of the present invention, are such as schemed Shown in 2, this method comprises the following steps:
Step S202 obtains the signature result of message to be signed, wherein and signature result includes multiple groups signature result parameter, Every group includes a first signature result parameter and a second signature result parameter.
The endorsement method of 1 elliptic curve is it is found that the signature result in message to be signed is (r in conjunction with the embodimentsi, si) In the case of, the first signature result parameter is ri, the second signature result parameter is si
Step S204, in the case where passing through to every group of signature result Verification, according in every group of signature result parameter The first signature result parameter, restore the corresponding target value of every group of signature result parameter, wherein target value is elliptic curve point The target value of dimension is preset in coordinate.
Specifically, being r calculating the first signature result parameteriWhen, it has used and has preset dimension in elliptic curve point coordinate Coordinate value, therefore when determining the first signature result parameter, the mesh of the default dimension in elliptic curve point coordinate can be restored Scale value.
Since elliptic curve point coordinate is determined based on random number and preset basic point, in the feelings that preset basic point is constant Under condition, if it is equal to generate random number used in every group of signature result parameter, in every group of signature result parameter, elliptic curve The target value of default dimension in point coordinate is also equal, therefore, can be corresponding by the every group of signature result parameter restored Target value verifies signature result.
Step S206, according to the corresponding target value of every group of signature result, whether the determining signature result to message to be signed Sign test passes through.
From the foregoing, it will be observed that the above embodiments of the present application obtain the signature result of message to be signed, join to every group of signature result In the case that number is verified, according to the first signature result parameter in every group of signature result parameter, every group of signature knot is restored The corresponding target value of fruit parameter, according to the corresponding target value of every group of signature result, determination is to the signature result of message to be signed No sign test passes through.Above scheme is according to dimension default from the elliptic curve point coordinate restored in the first signature result parameter Target value verifies signature result so that the signature result being tampered can not sign test pass through, and then ensure that signature As a result integrality solves and message is grouped processing in the longer situation of message in the prior art, so that the label of message The technical issues of name result shortcoming integrality.
It is determined according to the corresponding target value of every group of signature result to message to be signed as a kind of optional embodiment Whether sign test passes through signature result, comprising: if the corresponding target value of every group of signature result is identical, it is determined that message to be signed Signature result sign test pass through.
If any one group of signature result parameter in signature result is tampered, since attacker can not know to generate signature As a result random number, therefore the corresponding random number of signature result parameter being tampered is corresponding with other signature result parameters random Number is different, so that the corresponding target value of signature result parameter being tampered target value corresponding with other signature result parameters It is different.
Based on this, when detecting that the corresponding target value of every group of signature result parameter is not exactly the same in signature result, really Recognize and fails to the signature result sign test.
In the above scheme, if the corresponding target value of every group of signature result is identical, it is determined that for generating every group of signature As a result random number is identical, and then can determine that every group of signature result parameter in signature result is all not tampered with, and can be true It is fixed that the signature result sign test of message to be signed is passed through.
Embodiment 3
According to embodiments of the present invention, the ellipse for providing a kind of endorsement method applied to the elliptic curve in embodiment is bent The embodiment of the signature apparatus of line, Fig. 3 are the schematic diagram of the sign test device of elliptic curve according to an embodiment of the present invention, such as Fig. 3 Shown, which includes:
Module 30 is obtained, for obtaining elliptic curve domain parameter, the default corresponding integer of private key message to be signed.
Integer is converted to corresponding signature parameter set for the mould length based on elliptic curve by conversion module 32, wherein It include one or more signature parameters in signature parameter set, the length of signature parameter is less than default bit wide.
Signature blocks 34, for according to the random number of generation, elliptic curve domain parameter and default private key to signature parameter into Row signature, obtains the signature result of message to be signed.
As a kind of optional embodiment, obtaining module includes: the first division submodule, for passing through integer division with target Value, obtains the first quotient and the first remainder, wherein target value is for indicating with 2 to be the truth of a matter, with the value of a length of index of mould;First really Stator modules for determining that the first remainder is the first signature parameter, and judge whether the first quotient is greater than target value;Second determines son Module, if being less than target value for the first quotient, it is determined that the first quotient is the second signature parameter;Second division submodule, is used for If the first quotient is greater than or equal to target value, by the first quotient divided by target value, the second quotient and the second remainder are obtained;Third is true Stator modules for determining that the second remainder is the second signature parameter, and judge whether the second quotient is greater than target value;Third determines son Module, it is long divided by mould by the second quotient if being greater than or equal to target value for the second quotient, until n-th obtained of quotient is small In target value.
As a kind of optional embodiment, elliptic curve domain parameter includes: preset order, private key and basic point coordinate.
As a kind of optional embodiment, signature blocks include: the first generation submodule, for generating random number;Second Submodule is generated, for generating elliptic curve point coordinate according to random number and basic point coordinate;Addition submodule, being used for will be oval The target value of default dimension in curve point coordinate is added with signature parameter, and will add up and match exponents modulus, obtain The corresponding first signature result parameter of signature parameter;Operation submodule, for being joined according to private key and order to the first signature result Number carries out operation, obtains the second signature result parameter;Acquisition submodule, for being signed according to the first signature result parameter and second Result parameter obtains signature result.
As a kind of optional embodiment, above-mentioned apparatus further include: judgment module, for obtain signature parameter corresponding After first signature result parameter, if the sum of the first signature result parameter and random number are equal to order, generation is reentered The step of random number, to generate new random number.
As a kind of optional embodiment, operation submodule includes: computing unit, for calculating second by following formula Signature result parameter: si=((1+dA)-1(k-ri*dA)) mod n, wherein siFor indicating i-th of second signature result parameters, dAFor indicating private key, riFor indicating i-th of first signature result parameters, n is for indicating order.
Embodiment 4
According to embodiments of the present invention, a kind of ellipse of sign test method applied to the elliptic curve in embodiment 2 is provided The embodiment of the sign test device of curve, Fig. 4 are the schematic diagrames of the sign test device of elliptic curve according to an embodiment of the present invention, are such as schemed Shown in 4, which includes:
Module 40 is obtained, for obtaining the signature result of message to be signed, wherein signature result includes multiple groups signature result Parameter, every group includes a first signature result parameter and a second signature result parameter.
Recovery module 42, in the case where passing through to every group of signature result Verification, according to every group of signature result The first signature result parameter in parameter restores the corresponding target value of every group of signature result parameter, wherein target value is ellipse The target value of dimension is preset in curve point coordinate.
Determining module 44, for determining the signature knot to message to be signed according to the corresponding target value of every group of signature result Whether sign test passes through fruit.
As a kind of optional embodiment, determining module includes: sign test submodule, if corresponding for every group of signature result Target value it is identical, it is determined that the signature result sign test of message to be signed is passed through.
Embodiment 5
According to embodiments of the present invention, a kind of storage medium is provided, storage medium includes the program of storage, wherein in journey Equipment where controlling storage medium when sort run executes the endorsement method of the elliptic curve of embodiment 1 or the ellipse song of embodiment 2 The sign test method of line.
Embodiment 6
According to embodiments of the present invention, a kind of processor is provided, processor is for running program, wherein when program is run Execute the sign test method of the endorsement method of the elliptic curve of embodiment 1 or the elliptic curve of embodiment 2.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
In the above embodiment of the invention, it all emphasizes particularly on different fields to the description of each embodiment, does not have in some embodiment The part of detailed description, reference can be made to the related descriptions of other embodiments.
In several embodiments provided herein, it should be understood that disclosed technology contents can pass through others Mode is realized.Wherein, the apparatus embodiments described above are merely exemplary, such as the division of the unit, Ke Yiwei A kind of logical function partition, there may be another division manner in actual implementation, for example, multiple units or components can combine or Person is desirably integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed is mutual Between coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or communication link of unit or module It connects, can be electrical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple On unit.It can some or all of the units may be selected to achieve the purpose of the solution of this embodiment according to the actual needs.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product When, it can store in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words It embodies, which is stored in a storage medium, including some instructions are used so that a computer Equipment (can for personal computer, server or network equipment etc.) execute each embodiment the method for the present invention whole or Part steps.And storage medium above-mentioned includes: that USB flash disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited Reservoir (RAM, Random Access Memory), mobile hard disk, magnetic or disk etc. be various to can store program code Medium.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered It is considered as protection scope of the present invention.

Claims (11)

1. a kind of endorsement method of elliptic curve characterized by comprising
Obtain elliptic curve domain parameter, default private key and the corresponding integer of message to be signed, wherein the message to be signed is corresponding Integer refer to integer corresponding to the character string of the message to be signed;
Mould based on the elliptic curve is long to be converted to corresponding signature parameter set for the integer, wherein the signature ginseng Manifold includes one or more signature parameters in closing, and the length of the signature parameter is less than default bit wide, the signature parameter table Show the parameter of the signature operation for directly participating in the elliptic curve;
The signature parameter is carried out according to the same random number of generation, the elliptic curve domain parameter and the default private key Signature, obtains the signature result of the message to be signed;
Mould based on the elliptic curve is long to be converted to corresponding signature parameter set for the integer, comprising:
By the integer division with target value, the first quotient and the first remainder are obtained, wherein the target value is used for expression with 2 and is The truth of a matter, with the value of a length of index of the mould;
It determines that first remainder is the first signature parameter, and judges whether first quotient is greater than the target value;
If first quotient is less than the target value, it is determined that first quotient is the second signature parameter;
If first quotient is greater than or equal to the target value, by first quotient divided by the target value, the is obtained Two quotient and the second remainder;
It determines that second remainder is the second signature parameter, and judges whether second quotient is greater than the target value;
It is long divided by the mould by second quotient if second quotient is greater than or equal to the target value, until obtaining N-th of quotient be less than the target value.
2. the method according to claim 1, wherein the elliptic curve domain parameter includes: preset order, side Journey coefficient, mould length and basic point coordinate.
3. according to the method described in claim 2, it is characterized in that, according to the random number of generation, the elliptic curve domain parameter It signs with the default private key to the signature parameter, obtains the signature result of the message to be signed, comprising:
Generate random number;
According to the random number and the basic point coordinate, the elliptic curve point coordinate is generated;
The target value of default dimension in the elliptic curve point coordinate is added with the signature parameter, and will add up With to the order modulus, the corresponding first signature result parameter of the signature parameter is obtained;
Operation is carried out to the first signature result parameter according to the default private key and the order, obtains the second signature result Parameter;
According to the first signature result parameter and the second signature result parameter, the signature result is obtained.
4. according to the method described in claim 3, it is characterized in that, obtaining corresponding first signature result of the signature parameter After parameter, the method also includes:
If the sum of the first signature result parameter and random number are equal to the order, the step for generating random number is reentered Suddenly, to generate new random number.
5. according to the method described in claim 3, it is characterized in that, according to the default private key and the order to described first Signature result parameter carries out operation, obtains the second signature result parameter, comprising:
The second signature result parameter is calculated by following formula:
si=((1+dA)-1(k-ri*dA)) mod n,
Wherein, siFor indicating i-th of second signature result parameters, dAFor indicating the default private key, riFor indicating i-th A first signature result parameter, n is for indicating the order.
6. a kind of sign test method of elliptic curve, which is characterized in that applied to ellipse described in any one of claim 1 to 5 The endorsement method of circular curve, comprising:
Obtain the signature result of message to be signed, wherein the signature result includes multiple groups signature result parameter, and every group includes one A first signature result parameter and a second signature result parameter;
In the case where passing through to every group of signature result Verification, according to first signature in every group of signature result parameter Result parameter restores the corresponding target value of every group of signature result parameter, wherein the target value is in elliptic curve point coordinate The target value of default dimension;
According to the corresponding target value of every group of signature result, whether sign test passes through the determining signature result to the message to be signed.
7. according to the method described in claim 6, it is characterized in that, according to the corresponding target value of every group of signature result, determine pair Whether sign test passes through the signature result of the message to be signed, comprising:
If the corresponding target value of every group of signature result is identical, it is determined that logical to the signature result sign test of the message to be signed It crosses.
8. a kind of signature apparatus of elliptic curve characterized by comprising
Module is obtained, for obtaining elliptic curve domain parameter, default private key and the corresponding integer of message to be signed, wherein described The corresponding integer of message to be signed refers to integer corresponding to the character string of the message to be signed;
The integer is converted to corresponding signature parameter set for the mould length based on the elliptic curve by conversion module, In, it include one or more signature parameters in the signature parameter set, the length of the signature parameter is less than default bit wide, institute State the parameter for the signature operation that signature parameter is indicated for directly participating in the elliptic curve;
Signature blocks, for according to the same random number of generation, the elliptic curve domain parameter and the default private key to institute It states signature parameter to sign, obtains the signature result of the message to be signed;
Conversion module includes: the first division submodule, for, with target value, obtaining the first quotient and more than first by the integer division Number, wherein the target value is for indicating with 2 to be the truth of a matter, with the value value of a length of index of the mould;First determines submodule, uses In determining that first remainder is the first signature parameter, and judge whether first quotient is greater than the target value;Second determines Submodule, if being less than the target value for first quotient, it is determined that first quotient is the second signature parameter;Second removes Method submodule, if being greater than or equal to the target value for first quotient, by first quotient divided by the target Value, obtains the second quotient and the second remainder;Third determines submodule, for determining that second remainder is the second signature parameter, and Judge whether second quotient is greater than the target value;Third determines submodule, if be greater than or equal to for second quotient The target value, then it is long divided by the mould by second quotient, until n-th obtained of quotient is less than the target value.
9. a kind of sign test device of elliptic curve, which is characterized in that the signature applied to elliptic curve according to any one of claims 8 fills It sets, comprising:
Module is obtained, for obtaining the signature result of message to be signed, wherein the signature result includes multiple groups signature result ginseng Number, every group includes a first signature result parameter and a second signature result parameter;
Recovery module, in the case where passing through to every group of signature result Verification, according in every group of signature result parameter The first signature result parameter, restore the corresponding target value of every group of signature result parameter, wherein the target value be it is ellipse The target value of dimension is preset in circular curve point coordinate;
Determining module, for determining the signature result to the message to be signed according to the corresponding target value of every group of signature result Whether sign test passes through.
10. a kind of storage medium, which is characterized in that the storage medium includes the program of storage, wherein run in described program When control the storage medium where equipment perform claim require any one of 1 to 5 described in elliptic curve endorsement method, Or the sign test method of elliptic curve described in any one of claim 6 to 7.
11. a kind of processor, which is characterized in that the processor is for running program, wherein right of execution when described program is run Benefit require any one of 1 to 5 described in elliptic curve endorsement method or ellipse described in any one of claim 6 to 7 The sign test method of circular curve.
CN201811076382.0A 2018-09-14 2018-09-14 The endorsement method of elliptic curve, sign test method and apparatus Active CN109412813B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811076382.0A CN109412813B (en) 2018-09-14 2018-09-14 The endorsement method of elliptic curve, sign test method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811076382.0A CN109412813B (en) 2018-09-14 2018-09-14 The endorsement method of elliptic curve, sign test method and apparatus

Publications (2)

Publication Number Publication Date
CN109412813A CN109412813A (en) 2019-03-01
CN109412813B true CN109412813B (en) 2019-08-09

Family

ID=65464076

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811076382.0A Active CN109412813B (en) 2018-09-14 2018-09-14 The endorsement method of elliptic curve, sign test method and apparatus

Country Status (1)

Country Link
CN (1) CN109412813B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110336674B (en) * 2019-06-21 2022-06-24 矩阵元技术(深圳)有限公司 Range proving method, range proving device, computer equipment and storage medium
CN113595730B (en) * 2021-09-28 2022-02-22 统信软件技术有限公司 Processing method and device for generating ECC curve in engineering

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101296075A (en) * 2007-04-29 2008-10-29 四川虹微技术有限公司 Identity authentication system based on elliptic curve
CN103270546A (en) * 2010-12-24 2013-08-28 三菱电机株式会社 Signature generating device, method of generating signature, and recording medium
US8700894B2 (en) * 2007-10-17 2014-04-15 Pitney Bowes Inc. Method and system for securing routing information of a communication using identity-based encryption scheme
CN105450398A (en) * 2014-09-23 2016-03-30 德克萨斯仪器股份有限公司 Homogeneous atomic pattern for double, add, and subtract operations for digital authentication using elliptic curve cryptography
CN106612182A (en) * 2016-12-22 2017-05-03 中国电子科技集团公司第三十研究所 Method for implementing SM2 white-box digital signature based on residue number system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101296075A (en) * 2007-04-29 2008-10-29 四川虹微技术有限公司 Identity authentication system based on elliptic curve
US8700894B2 (en) * 2007-10-17 2014-04-15 Pitney Bowes Inc. Method and system for securing routing information of a communication using identity-based encryption scheme
CN103270546A (en) * 2010-12-24 2013-08-28 三菱电机株式会社 Signature generating device, method of generating signature, and recording medium
CN105450398A (en) * 2014-09-23 2016-03-30 德克萨斯仪器股份有限公司 Homogeneous atomic pattern for double, add, and subtract operations for digital authentication using elliptic curve cryptography
CN106612182A (en) * 2016-12-22 2017-05-03 中国电子科技集团公司第三十研究所 Method for implementing SM2 white-box digital signature based on residue number system

Also Published As

Publication number Publication date
CN109412813A (en) 2019-03-01

Similar Documents

Publication Publication Date Title
JP7266638B2 (en) DATA TRANSFER CONTROL METHOD AND SYSTEM BASED ON INTEGRATED BLOCKCHAIN
CN109741056B (en) Method and device for uploading electronic certificate
CN109785130A (en) Block chain is known together method, apparatus, computer equipment and storage medium at random
CN111010265B (en) Block chain organization key management method based on hierarchical key and BLS digital signature
CN109272316B (en) Block implementing method and system based on block chain network
CN111597590B (en) Block chain-based data integrity quick inspection method
CN110417502B (en) Block chain link point clock consensus method and device
CN107770159A (en) A kind of car accident data record method and device
CN110365481A (en) The optimization of the close SM2 algorithm of state is accelerated to realize system and method
CN112069550B (en) Electronic contract evidence-storing system based on intelligent contract mode
CN109412813B (en) The endorsement method of elliptic curve, sign test method and apparatus
CN108650087A (en) A kind of SM2 ellipse curve signature dot product encryption methods under binary field F2m
CN112769567B (en) Block chain HD private key retrieving method
CN113645278B (en) Cross-chain message transmission method, device and storage medium of block chain
CN112184229A (en) Block chain-based sub-account transaction processing method, system and equipment
Xiong et al. {VeriZexe}: Decentralized Private Computation with Universal Setup
CN110363509A (en) A kind of information protecting method and device
CN109067526A (en) Level public private key pair generation method and device
CN110175169A (en) A kind of encryption data De-weight method, system and relevant apparatus
CN112115201A (en) Transaction processing method and device based on block chain and transaction tracking method and device
CN110264172A (en) Transaction processing method and device based on block chain
CN112785306A (en) Identical encryption method based on Paillier and application system
CN112100688A (en) Data verification method, device, equipment and storage medium
CN115643098A (en) Cloud data sharing system and auditing system based on certificateless encryption
CN111401875A (en) Block chain transfer method and device based on account model

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant