CN109412813B - The endorsement method of elliptic curve, sign test method and apparatus - Google Patents
The endorsement method of elliptic curve, sign test method and apparatus Download PDFInfo
- Publication number
- CN109412813B CN109412813B CN201811076382.0A CN201811076382A CN109412813B CN 109412813 B CN109412813 B CN 109412813B CN 201811076382 A CN201811076382 A CN 201811076382A CN 109412813 B CN109412813 B CN 109412813B
- Authority
- CN
- China
- Prior art keywords
- signature
- parameter
- target value
- signature result
- elliptic curve
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3252—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Mathematical Physics (AREA)
- Physics & Mathematics (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Optimization (AREA)
- Computing Systems (AREA)
- Mathematical Analysis (AREA)
- General Physics & Mathematics (AREA)
- Algebra (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Collating Specific Patterns (AREA)
Abstract
The invention discloses a kind of endorsement methods of elliptic curve, sign test method and apparatus.Wherein, this method comprises: obtaining elliptic curve domain parameter, default private key integer corresponding with signature message;Mould based on elliptic curve is long to be converted to corresponding signature parameter set for integer, wherein includes one or more signature parameters in signature parameter set, the length of signature parameter is less than default bit wide;It is signed according to the random number of generation, elliptic curve domain parameter and default private key to signature parameter, obtains the signature result of message to be signed.The present invention solves and message is grouped processing in the longer situation of message in the prior art, so that the technical issues of signature result of message is short of integrality.
Description
Technical field
The present invention relates to data processing field, in particular to a kind of endorsement method of elliptic curve, sign test method and
Device.
Background technique
Currently, in prime field provided by embedded chip cipher code arithmetic assisting processor elliptic curve cryptography bit wide
L is usually 256.Signature algorithm such as SM2 algorithm, the bit wide of acceptable input data D are 256, the result one of signature
As be expressed as (R, S), wherein R be the hashed value e of random number k, basic point G, plaintext is calculated as a result, S be using
R, random number k and private key d be calculated as a result, the bit wide of R and S is respectively 256.
Hash algorithm such as SM3 algorithm will can be transformed in plain text 256 Hash values, in order to the bright of random length
Text is digitally signed, and common mode is to carry out hash operation to plaintext in advance, is then counted to the result of hash operation
Word signs to obtain signature result (R, S).
The defect of the introducing of hash algorithm is that digital signature procedure generates dependence to the safety of hash algorithm.Once miscellaneous
The algorithm that gathers is found effective collision, then the credibility of digital signature will be queried.For improve digital signature confidence level,
It needs directly to sign to message in special scenes.The special scenes include the transferred account service in Web bank, at this time
Message D includes target account information and the amount information etc. transferred accounts.
If the length of message D is greater than algorithm bit wide L, need to convert message and be grouped, obtains grouping D1、
D2..., Dn, etc. n grouping, then call existing signature process to sign each grouping, obtain (R1, S1)、(R2,
S2)、……、(RN, SN) it is signature result.The defect of this mode is to sacrifice the integrality of message D, makes attacker can be with
Using the partial data of existing signed data replacement current signature, and server-side can not identify this replacement, so as to cause report
Text may be distorted by attacker.
Message is grouped processing in the longer situation of message in the prior art, so that the signature result of message is owed
The problem of lacking integrality, currently no effective solution has been proposed.
Summary of the invention
The embodiment of the invention provides a kind of endorsement methods of elliptic curve, sign test method and apparatus, existing at least to solve
Have in technology and message is grouped processing in the longer situation of message, so that the technology of the signature result shortcoming integrality of message
Problem.
According to an aspect of an embodiment of the present invention, a kind of endorsement method of elliptic curve is provided, comprising: obtain oval
Curve field parameter, default private key and the corresponding integer of message to be signed;Mould based on elliptic curve is long to be converted to correspondence for integer
Signature parameter set, wherein include one or more signature parameters in signature parameter set, the length of signature parameter is less than pre-
If bit wide;Signed according to the random number of generation, elliptic curve domain parameter and the default private key to signature parameter, obtain to
The signature result of signature message.
Further, the first quotient and the first remainder are obtained with target value by integer division, wherein target value is for indicating
It is the truth of a matter with 2, with the value of a length of index of mould;It determines that the first remainder is the first signature parameter, and judges whether the first quotient is greater than mesh
Scale value;If the first quotient is less than target value, it is determined that the first quotient is the second signature parameter;If the first quotient is greater than or equal to target
Value then obtains the second quotient and the second remainder divided by target value by the first quotient;Determine that the second remainder is the second signature parameter, and
Judge whether the second quotient is greater than target value;It is long divided by mould by the second quotient if the second quotient is greater than or equal to target value, until
N-th obtained of quotient is less than target value.
Further, elliptic curve domain parameter includes: preset order, equation coefficient, mould length and basic point coordinate.
Further, random number is generated;According to random number and basic point coordinate, elliptic curve point coordinate is generated;It will be oval bent
The target value of default dimension in line point coordinate is added with signature parameter, and will add up and match exponents modulus, signed
The corresponding first signature result parameter of name parameter;Operation is carried out to the first signature result parameter according to default private key and order, is obtained
To the second signature result parameter;According to the first signature result parameter and the second signature result parameter, signature result is obtained.
Further, after obtaining the corresponding first signature result parameter of signature parameter, if the first signature result is joined
The sum of several and random number is equal to order, then the step of generating random number is reentered, to generate new random number.
Further, the second signature result parameter: s is calculated by following formulai=((1+dA)-1(k-ri*dA)) mod n,
Wherein, siFor indicating i-th of second signature result parameters, dAFor indicating default private key, riFor indicating i-th first label
Name result parameter, n is for indicating order.
According to another aspect of an embodiment of the present invention, a kind of sign test method of elliptic curve is additionally provided, is applied to above-mentioned
Elliptic curve endorsement method, comprising: obtain the signature result of message to be signed, wherein signature result include multiple groups signature
Result parameter, every group includes a first signature result parameter and a second signature result parameter;To every group of signature result
In the case that Verification passes through, according to the first signature result parameter in every group of signature result parameter, every group of signature is restored
The corresponding target value of result parameter, wherein target value is that the target value of dimension is preset in elliptic curve point coordinate;According to every group of label
The corresponding target value of name result, whether sign test passes through the determining signature result to message to be signed.
Further, if the corresponding target value of every group of signature result is identical, it is determined that the signature knot of message to be signed
Fruit sign test passes through.
According to another aspect of an embodiment of the present invention, a kind of signature apparatus of elliptic curve is additionally provided, comprising: obtain mould
Block, for obtaining elliptic curve domain parameter, default private key and the corresponding integer of message to be signed;Conversion module, for based on ellipse
The mould of circular curve is long to be converted to corresponding signature parameter set for integer, wherein includes one or more in signature parameter set
Signature parameter, the length of signature parameter are less than default bit wide;Signature blocks, for the random number according to generation, elliptic curve domain
Parameter and the default private key sign to signature parameter, obtain the signature result of message to be signed.
According to another aspect of an embodiment of the present invention, a kind of sign test device of elliptic curve is additionally provided, is applied to above-mentioned
Elliptic curve signature apparatus, including obtain module, for obtaining the signature result of message to be signed, wherein signature result
Including multiple groups signature result parameter, every group includes a first signature result parameter and a second signature result parameter;Reduction
Module, for being signed according to first in every group of signature result parameter in the case where passing through to every group of signature result Verification
Name result parameter, restores the corresponding target value of every group of signature result parameter, wherein target value is pre- in elliptic curve point coordinate
If the target value of dimension;Determining module, for determining the label to message to be signed according to the corresponding target value of every group of signature result
Whether sign test passes through name result.
According to another aspect of an embodiment of the present invention, a kind of storage medium is additionally provided, storage medium includes the journey of storage
Sequence, wherein equipment where control storage medium executes the endorsement method or above-mentioned ellipse of above-mentioned elliptic curve in program operation
The sign test method of circular curve.
According to another aspect of an embodiment of the present invention, a kind of processor is additionally provided, processor is used to run program,
In, program executes the endorsement method of above-mentioned elliptic curve or the sign test method of above-mentioned elliptic curve when running.
In embodiments of the present invention, elliptic curve domain parameter, default private key and the corresponding integer of message to be signed, base are obtained
Integer is converted into corresponding signature parameter set in the mould length of elliptic curve, is joined according to the random number of generation and elliptic curve domain
The several and default private key signs to signature parameter, obtains the signature result of message to be signed.Above scheme by using
The mould of elliptic curve is long, and the corresponding integer of message to be signed is converted to multiple signature parameters, reuses identical random number pair
Multiple signature parameters carry out signature calculation, multiple groups signature result are obtained, since the operation of each signature parameter requires random number
It participates in, therefore every group of obtained signature result is also all related to random number, to ensure that the integrality of message to be signed, in turn
It solves and message is grouped processing in the longer situation of message in the prior art, so that the signature result shortcoming of message is complete
The technical issues of property.
Further, the application above scheme only needs to generate in minimum situation a random number, therefore relative to existing
Have at least need to generate in technology N (N is quantity to the signature parameter obtained after the corresponding Integer Decomposition of message to be signed, and
Signature parameter in the prior art is different from the signature parameter in the application) calculating of a random number, additionally it is possible to reach raising meter
Calculate the purpose of efficiency.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present invention, constitutes part of this application, this hair
Bright illustrative embodiments and their description are used to explain the present invention, and are not constituted improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart of the endorsement method of elliptic curve according to an embodiment of the present invention;
Fig. 2 is the flow chart of the sign test method of elliptic curve according to an embodiment of the present invention;
Fig. 3 is the schematic diagram of the sign test device of elliptic curve according to an embodiment of the present invention;And
Fig. 4 is the schematic diagram of the sign test device of elliptic curve according to an embodiment of the present invention.
Specific embodiment
In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention
Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only
The embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people
The model that the present invention protects all should belong in member's every other embodiment obtained without making creative work
It encloses.
It should be noted that description and claims of this specification and term " first " in above-mentioned attached drawing, "
Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should be understood that using in this way
Data be interchangeable under appropriate circumstances, so as to the embodiment of the present invention described herein can in addition to illustrating herein or
Sequence other than those of description is implemented.In addition, term " includes " and " having " and their any deformation, it is intended that cover
Cover it is non-exclusive include, for example, the process, method, system, product or equipment for containing a series of steps or units are not necessarily limited to
Step or unit those of is clearly listed, but may include be not clearly listed or for these process, methods, product
Or other step or units that equipment is intrinsic.
Embodiment 1
According to embodiments of the present invention, a kind of embodiment of the endorsement method of elliptic curve is provided, it should be noted that
The step of process of attached drawing illustrates can execute in a computer system such as a set of computer executable instructions, also,
It, in some cases, can be to be different from shown in sequence execution herein although logical order is shown in flow charts
The step of out or describing.
Fig. 1 is the flow chart of the endorsement method of elliptic curve according to an embodiment of the present invention, as shown in Figure 1, this method packet
Include following steps:
Step S102 obtains elliptic curve domain parameter, the default corresponding integer of private key message to be signed.
Specifically, above-mentioned elliptic curve domain parameter can be preset, it may include ellipse in an alternative embodiment
The order etc. in circular curve domain.
Message to be signed can be used to indicate that different contents in different application scenarios, for example, in the field of banking
Under scape, message to be signed can be the content sent between the intelligent terminal of user and bank server.Message to be signed is corresponding
Integer refer to integer corresponding to the character string of message to be signed, can be obtained by a variety of preset functions, such as
Parselnt () function.
In an alternative embodiment, by taking banking as an example, user by the bank application software on intelligent terminal,
It transfers accounts to other accounts, after user issues transfer instructions, intelligent terminal issues message, the message to the server of bank
The transfer instructions issued for informing the server user of bank, the letter for being included to the message in the message transmissions
Breath carries out carrying out source acknowledgement, needs to carry out ellipse curve signature, which is message to be signed.
Step S104, the mould based on elliptic curve is long to be converted to corresponding signature parameter set for integer, wherein signature ginseng
Manifold includes one or more signature parameters in closing, and the length of signature parameter is less than default bit wide.
Specifically, above-mentioned signature parameter indicates the parameter of the signature operation for directly participating in elliptic curve.Elliptic curve
Mould it is long be fixed for special algorithm, for example, for SM2 ellipse curve public key cipher algorithm, the long len (p) of mould
=256.
Integer biggish for bit wide, after the long conversion of the mould of elliptic curve, the quantity of corresponding signature parameter is more,
Integer lesser for bit wide, after the long conversion of the mould of elliptic curve, the negligible amounts of corresponding signature parameter, that is, whole
The quantity of the corresponding signature parameter of number and the length proportional of integer.
In the case where a kind of special, integer is after the long conversion of mould, a corresponding signature parameter, in this case,
Illustrate that the length of integer is less than scheduled bit wide, can directly carry out signature operation without the long conversion of mould.
Above-mentioned signature parameter set is for indicating integer itself, since the length of integer is greater than preset bit wide, it is difficult into
Row signature algorithm, therefore above scheme is long according to the mould of elliptic curve, and integer is converted to multiple length and is not more than default bit wide
Signature parameter, since the length of each signature parameter is not more than default bit wide, can for each signature parameter into
Row ellipse curve signature operation.
Step S106 signs to signature parameter according to the random number of generation, elliptic curve domain parameter and default private key,
Obtain the signature result of message to be signed.
Above-mentioned random number is that algorithm generates, and in the case where signature parameter is multiple, signature result also includes multiple groups, by
In the operation of each signature parameter require the random number participate in, therefore every group of obtained signature result also all with the random number phase
It closes, to ensure that the integrality of message to be signed.
It in an alternative embodiment, is a with signature parameteriFor, i is the quantity of signature parameter, generates random number k
Afterwards, using random number k to each signature parameter aiIt is calculated, obtains the first signature result parameter ri, then to riOperation is carried out to obtain
To the second signature result parameter si.Obtaining riAnd siIt later, can be by riAnd siIt is combined, obtains signature result (ri, si),
Wherein, due to each riIt is all calculated by random number k, therefore each riRandom number k all having the same, so that often
Group (ri, si) between all have certain incidence relation.
It is corresponded to from the foregoing, it will be observed that the above embodiments of the present application obtain elliptic curve domain parameter, default private key and message to be signed
Integer, mould based on elliptic curve is long to be converted to corresponding signature parameter set for integer, according to the random number of generation, ellipse
Curve field parameter and default private key sign to signature parameter, obtain the signature result of message to be signed.Above scheme passes through
It is long using the mould of elliptic curve, the corresponding integer of message to be signed is converted into multiple signature parameters, is reused identical random
It is several to multiple signature parameters carry out signature calculation, obtain multiple groups signature result, due to the operation of each signature parameter require with
Machine number participates in, therefore every group of obtained signature result is also all related to random number, thus ensure that the integrality of message to be signed,
And then solve and message is grouped processing in the longer situation of message in the prior art, so that the signature result of message is short of
The technical issues of integrality.
Further, the application above scheme only needs to generate in minimum situation a random number, therefore relative to existing
Have at least need to generate in technology N (N is quantity to the signature parameter obtained after the corresponding Integer Decomposition of message to be signed, and
Signature parameter in the prior art is different from the signature parameter in the application) calculating of a random number, additionally it is possible to reach raising meter
Calculate the purpose of efficiency.
As a kind of optional embodiment, the mould based on elliptic curve is long to be converted to corresponding signature parameter collection for integer
It closes, comprising:
Step S1021 obtains the first quotient and the first remainder by integer division with target value, wherein target value is for indicating
It is the truth of a matter with 2, with the value of a length of index of mould.
Specifically, above-mentioned target value is 2len(p), in the case where len (p)=256, target value 2256。
Step S1023 determines that the first remainder is the first signature parameter, and judges whether the first quotient is greater than target value.
By taking ai is signature parameter as an example, if the first remainder is t1, the first quotient is q1, then a1=t1, and is judged whether full
Sufficient q1 > 2256。
Step S1025, if the first quotient is less than target value, it is determined that the first quotient is the second signature parameter.
In q1 < 2256In the case where, determine a2=q1, at this point, the decomposition for corresponding to integer to message to be signed terminates, this is whole
The corresponding signature parameter of number includes a1 and a2.
Step S1027, by the first quotient divided by target value, obtains second if the first quotient is greater than or equal to target value
Quotient and the second remainder.
In q1 > 2256In the case where, it needs to continue to decompose the corresponding integer of message to be signed, continues the side decomposed
Formula is the quotient obtained using last computation, i.e. the first quotient obtains the second quotient q2 and the second remainder t2 divided by target value.
Step S1029 determines that the second remainder is the second signature parameter, and judges whether the second quotient is greater than target value.
In q1 > 2256In the case where, determine a2=t1, and whether 2 are greater than to q2256Judged, to determine whether to continue
It is decomposed.
Step S10210, it is long divided by mould by the second quotient if the second quotient is greater than target value, until n-th obtained
Quotient is less than target value.
If q2 > 2256, then using q2 divided by 2256, and obtained third quotient is made whether to be greater than 2256Judgement, thus
It is recycled using the above method always, until certain quotient is divided by 2256Quotient later is less than 2256, that is, stop continuing to decompose, and
Obtain the corresponding all signature parameters of integer.
In the following, with a complete above-mentioned conversion to integer of process description:
S00: it is loaded into elliptic curve domain parameter, including rank n, private key dA;
S01: it is loaded into the character string M of message to be signed, completes the format checking of M;
S02:M is converted to integer e;
S03: i=0 is enabled;
S04: e is calculated divided by 2len(p), quotient q and remainder r are obtained, wherein len (p) is that mould is long;
S05: a is enabledi=r;
S06: if q is less than 2len(p), S08 is thened follow the steps, it is no to then follow the steps S07;
S07: e=q, i=i+1 are enabled, and is back to S04;
S08: a is enabledi+1=q;
S09: n=i+1 is enabled.
As a kind of optional embodiment, elliptic curve domain parameter includes: preset order, equation coefficient, mould length and base
Point coordinate.
As a kind of optional embodiment, signature parameter is signed according to the random number of generation and elliptic curve domain parameter
Name, obtains the signature result of message to be signed, comprising:
Step S1061 generates random number.
Step S1063 generates elliptic curve point coordinate according to random number and basic point coordinate.
Specifically, above-mentioned elliptic curve point is used to indicate point on elliptic curve, basic point coordinate can be from obtaining in advance
It is obtained in elliptic curve parameter.
In an alternative embodiment, still by taking random number is k as an example, elliptic curve point coordinate is (x.y), then (x, y)
=[k] G, wherein [k] G is for indicating that k and G carries out point multiplication operation.
The target value of default dimension in elliptic curve point coordinate is added with signature parameter, and will add up by step S1065
Obtain and match exponents modulus, obtains the corresponding first signature result parameter of signature parameter.
Specifically, above-mentioned operation can be indicated with following formula: ri=(ai+ x) mod n, wherein riFor the first signature knot
Fruit parameter, aiFor signature parameter, x is the x value in elliptic curve point coordinate, and n is the order in elliptic curve domain parameter.
Step S1067 carries out operation to the first signature result parameter according to default private key and order, obtains the second signature knot
Fruit parameter.
Step S1069 obtains signature result according to the first signature result parameter and the second signature result parameter.
In an alternative embodiment, the first signature result parameter is ri, and the second signature result parameter is si, then obtains
Signature result be (ri, si)。
As a kind of optional embodiment, after obtaining the corresponding first signature result parameter of signature parameter, method is also
If including: that the sum of the first signature result parameter and random number are equal to order, the step of generating random number is reentered, with life
The random number of Cheng Xin.
Herein it should be noted that if ri+ k is equal to n, i.e., if the sum of the first signature result parameter and random number are equal to
Order, then the signature is easier to be tampered there are security breaches, it is therefore desirable to regenerate new random number, generate newly
After random number, old random number is abandoned, and recalculates each r using new random numberi。
As a kind of optional embodiment, operation is carried out to the first signature result parameter according to default private key and order, is obtained
To the second signature result parameter, comprising:
The second signature result parameter is calculated by following formula:
si=((1+dA)-1(k-ri*dA)) mod n,
Wherein, siFor indicating i-th of second signature result parameters, dAFor indicating default private key, ri is for indicating i-th
A first signature result parameter, n is for indicating order.
In the following, continuing to be illustrated the endorsement method of the elliptic curve in the application after above-mentioned steps S09.
S10: random number k is generated;
S11: elliptic curve point (x, y)=[k] G is calculated;
S12: i=0 is enabled;
S13: r is calculatedi=(ai+x)mod n;
S14: if riEqual to 0 or ri+ k is equal to n, then is back to S10;
S15: i=i+1 is enabled;
S16: if i is less than n, it is back to S13;
S17: i=0 is enabled;
S18: s is calculatedi=((1+dA)-1(k-ri*dA))mod n;
S19: if siEqual to 0, then to S10;
S20: i=i+1 is enabled;
S21: if i is less than n, it is back to S18;
S22: setting output is null character string;
S23:i=0;
S24: by (ri,si) it is converted into character string Ti;
S25: output=output is enabled | | Ti;
S26: i=i+1 is enabled;
S27: if i is less than n, until S24;
S28: the output output digital signature as M.
Embodiment 2
According to embodiments of the present invention, a kind of ellipse of endorsement method applied to the elliptic curve in embodiment 1 is provided
The embodiment of the sign test method of curve, Fig. 2 are the flow charts of the sign test method of elliptic curve according to an embodiment of the present invention, are such as schemed
Shown in 2, this method comprises the following steps:
Step S202 obtains the signature result of message to be signed, wherein and signature result includes multiple groups signature result parameter,
Every group includes a first signature result parameter and a second signature result parameter.
The endorsement method of 1 elliptic curve is it is found that the signature result in message to be signed is (r in conjunction with the embodimentsi, si)
In the case of, the first signature result parameter is ri, the second signature result parameter is si。
Step S204, in the case where passing through to every group of signature result Verification, according in every group of signature result parameter
The first signature result parameter, restore the corresponding target value of every group of signature result parameter, wherein target value is elliptic curve point
The target value of dimension is preset in coordinate.
Specifically, being r calculating the first signature result parameteriWhen, it has used and has preset dimension in elliptic curve point coordinate
Coordinate value, therefore when determining the first signature result parameter, the mesh of the default dimension in elliptic curve point coordinate can be restored
Scale value.
Since elliptic curve point coordinate is determined based on random number and preset basic point, in the feelings that preset basic point is constant
Under condition, if it is equal to generate random number used in every group of signature result parameter, in every group of signature result parameter, elliptic curve
The target value of default dimension in point coordinate is also equal, therefore, can be corresponding by the every group of signature result parameter restored
Target value verifies signature result.
Step S206, according to the corresponding target value of every group of signature result, whether the determining signature result to message to be signed
Sign test passes through.
From the foregoing, it will be observed that the above embodiments of the present application obtain the signature result of message to be signed, join to every group of signature result
In the case that number is verified, according to the first signature result parameter in every group of signature result parameter, every group of signature knot is restored
The corresponding target value of fruit parameter, according to the corresponding target value of every group of signature result, determination is to the signature result of message to be signed
No sign test passes through.Above scheme is according to dimension default from the elliptic curve point coordinate restored in the first signature result parameter
Target value verifies signature result so that the signature result being tampered can not sign test pass through, and then ensure that signature
As a result integrality solves and message is grouped processing in the longer situation of message in the prior art, so that the label of message
The technical issues of name result shortcoming integrality.
It is determined according to the corresponding target value of every group of signature result to message to be signed as a kind of optional embodiment
Whether sign test passes through signature result, comprising: if the corresponding target value of every group of signature result is identical, it is determined that message to be signed
Signature result sign test pass through.
If any one group of signature result parameter in signature result is tampered, since attacker can not know to generate signature
As a result random number, therefore the corresponding random number of signature result parameter being tampered is corresponding with other signature result parameters random
Number is different, so that the corresponding target value of signature result parameter being tampered target value corresponding with other signature result parameters
It is different.
Based on this, when detecting that the corresponding target value of every group of signature result parameter is not exactly the same in signature result, really
Recognize and fails to the signature result sign test.
In the above scheme, if the corresponding target value of every group of signature result is identical, it is determined that for generating every group of signature
As a result random number is identical, and then can determine that every group of signature result parameter in signature result is all not tampered with, and can be true
It is fixed that the signature result sign test of message to be signed is passed through.
Embodiment 3
According to embodiments of the present invention, the ellipse for providing a kind of endorsement method applied to the elliptic curve in embodiment is bent
The embodiment of the signature apparatus of line, Fig. 3 are the schematic diagram of the sign test device of elliptic curve according to an embodiment of the present invention, such as Fig. 3
Shown, which includes:
Module 30 is obtained, for obtaining elliptic curve domain parameter, the default corresponding integer of private key message to be signed.
Integer is converted to corresponding signature parameter set for the mould length based on elliptic curve by conversion module 32, wherein
It include one or more signature parameters in signature parameter set, the length of signature parameter is less than default bit wide.
Signature blocks 34, for according to the random number of generation, elliptic curve domain parameter and default private key to signature parameter into
Row signature, obtains the signature result of message to be signed.
As a kind of optional embodiment, obtaining module includes: the first division submodule, for passing through integer division with target
Value, obtains the first quotient and the first remainder, wherein target value is for indicating with 2 to be the truth of a matter, with the value of a length of index of mould;First really
Stator modules for determining that the first remainder is the first signature parameter, and judge whether the first quotient is greater than target value;Second determines son
Module, if being less than target value for the first quotient, it is determined that the first quotient is the second signature parameter;Second division submodule, is used for
If the first quotient is greater than or equal to target value, by the first quotient divided by target value, the second quotient and the second remainder are obtained;Third is true
Stator modules for determining that the second remainder is the second signature parameter, and judge whether the second quotient is greater than target value;Third determines son
Module, it is long divided by mould by the second quotient if being greater than or equal to target value for the second quotient, until n-th obtained of quotient is small
In target value.
As a kind of optional embodiment, elliptic curve domain parameter includes: preset order, private key and basic point coordinate.
As a kind of optional embodiment, signature blocks include: the first generation submodule, for generating random number;Second
Submodule is generated, for generating elliptic curve point coordinate according to random number and basic point coordinate;Addition submodule, being used for will be oval
The target value of default dimension in curve point coordinate is added with signature parameter, and will add up and match exponents modulus, obtain
The corresponding first signature result parameter of signature parameter;Operation submodule, for being joined according to private key and order to the first signature result
Number carries out operation, obtains the second signature result parameter;Acquisition submodule, for being signed according to the first signature result parameter and second
Result parameter obtains signature result.
As a kind of optional embodiment, above-mentioned apparatus further include: judgment module, for obtain signature parameter corresponding
After first signature result parameter, if the sum of the first signature result parameter and random number are equal to order, generation is reentered
The step of random number, to generate new random number.
As a kind of optional embodiment, operation submodule includes: computing unit, for calculating second by following formula
Signature result parameter: si=((1+dA)-1(k-ri*dA)) mod n, wherein siFor indicating i-th of second signature result parameters,
dAFor indicating private key, riFor indicating i-th of first signature result parameters, n is for indicating order.
Embodiment 4
According to embodiments of the present invention, a kind of ellipse of sign test method applied to the elliptic curve in embodiment 2 is provided
The embodiment of the sign test device of curve, Fig. 4 are the schematic diagrames of the sign test device of elliptic curve according to an embodiment of the present invention, are such as schemed
Shown in 4, which includes:
Module 40 is obtained, for obtaining the signature result of message to be signed, wherein signature result includes multiple groups signature result
Parameter, every group includes a first signature result parameter and a second signature result parameter.
Recovery module 42, in the case where passing through to every group of signature result Verification, according to every group of signature result
The first signature result parameter in parameter restores the corresponding target value of every group of signature result parameter, wherein target value is ellipse
The target value of dimension is preset in curve point coordinate.
Determining module 44, for determining the signature knot to message to be signed according to the corresponding target value of every group of signature result
Whether sign test passes through fruit.
As a kind of optional embodiment, determining module includes: sign test submodule, if corresponding for every group of signature result
Target value it is identical, it is determined that the signature result sign test of message to be signed is passed through.
Embodiment 5
According to embodiments of the present invention, a kind of storage medium is provided, storage medium includes the program of storage, wherein in journey
Equipment where controlling storage medium when sort run executes the endorsement method of the elliptic curve of embodiment 1 or the ellipse song of embodiment 2
The sign test method of line.
Embodiment 6
According to embodiments of the present invention, a kind of processor is provided, processor is for running program, wherein when program is run
Execute the sign test method of the endorsement method of the elliptic curve of embodiment 1 or the elliptic curve of embodiment 2.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
In the above embodiment of the invention, it all emphasizes particularly on different fields to the description of each embodiment, does not have in some embodiment
The part of detailed description, reference can be made to the related descriptions of other embodiments.
In several embodiments provided herein, it should be understood that disclosed technology contents can pass through others
Mode is realized.Wherein, the apparatus embodiments described above are merely exemplary, such as the division of the unit, Ke Yiwei
A kind of logical function partition, there may be another division manner in actual implementation, for example, multiple units or components can combine or
Person is desirably integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed is mutual
Between coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or communication link of unit or module
It connects, can be electrical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
On unit.It can some or all of the units may be selected to achieve the purpose of the solution of this embodiment according to the actual needs.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product
When, it can store in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially
The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words
It embodies, which is stored in a storage medium, including some instructions are used so that a computer
Equipment (can for personal computer, server or network equipment etc.) execute each embodiment the method for the present invention whole or
Part steps.And storage medium above-mentioned includes: that USB flash disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited
Reservoir (RAM, Random Access Memory), mobile hard disk, magnetic or disk etc. be various to can store program code
Medium.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered
It is considered as protection scope of the present invention.
Claims (11)
1. a kind of endorsement method of elliptic curve characterized by comprising
Obtain elliptic curve domain parameter, default private key and the corresponding integer of message to be signed, wherein the message to be signed is corresponding
Integer refer to integer corresponding to the character string of the message to be signed;
Mould based on the elliptic curve is long to be converted to corresponding signature parameter set for the integer, wherein the signature ginseng
Manifold includes one or more signature parameters in closing, and the length of the signature parameter is less than default bit wide, the signature parameter table
Show the parameter of the signature operation for directly participating in the elliptic curve;
The signature parameter is carried out according to the same random number of generation, the elliptic curve domain parameter and the default private key
Signature, obtains the signature result of the message to be signed;
Mould based on the elliptic curve is long to be converted to corresponding signature parameter set for the integer, comprising:
By the integer division with target value, the first quotient and the first remainder are obtained, wherein the target value is used for expression with 2 and is
The truth of a matter, with the value of a length of index of the mould;
It determines that first remainder is the first signature parameter, and judges whether first quotient is greater than the target value;
If first quotient is less than the target value, it is determined that first quotient is the second signature parameter;
If first quotient is greater than or equal to the target value, by first quotient divided by the target value, the is obtained
Two quotient and the second remainder;
It determines that second remainder is the second signature parameter, and judges whether second quotient is greater than the target value;
It is long divided by the mould by second quotient if second quotient is greater than or equal to the target value, until obtaining
N-th of quotient be less than the target value.
2. the method according to claim 1, wherein the elliptic curve domain parameter includes: preset order, side
Journey coefficient, mould length and basic point coordinate.
3. according to the method described in claim 2, it is characterized in that, according to the random number of generation, the elliptic curve domain parameter
It signs with the default private key to the signature parameter, obtains the signature result of the message to be signed, comprising:
Generate random number;
According to the random number and the basic point coordinate, the elliptic curve point coordinate is generated;
The target value of default dimension in the elliptic curve point coordinate is added with the signature parameter, and will add up
With to the order modulus, the corresponding first signature result parameter of the signature parameter is obtained;
Operation is carried out to the first signature result parameter according to the default private key and the order, obtains the second signature result
Parameter;
According to the first signature result parameter and the second signature result parameter, the signature result is obtained.
4. according to the method described in claim 3, it is characterized in that, obtaining corresponding first signature result of the signature parameter
After parameter, the method also includes:
If the sum of the first signature result parameter and random number are equal to the order, the step for generating random number is reentered
Suddenly, to generate new random number.
5. according to the method described in claim 3, it is characterized in that, according to the default private key and the order to described first
Signature result parameter carries out operation, obtains the second signature result parameter, comprising:
The second signature result parameter is calculated by following formula:
si=((1+dA)-1(k-ri*dA)) mod n,
Wherein, siFor indicating i-th of second signature result parameters, dAFor indicating the default private key, riFor indicating i-th
A first signature result parameter, n is for indicating the order.
6. a kind of sign test method of elliptic curve, which is characterized in that applied to ellipse described in any one of claim 1 to 5
The endorsement method of circular curve, comprising:
Obtain the signature result of message to be signed, wherein the signature result includes multiple groups signature result parameter, and every group includes one
A first signature result parameter and a second signature result parameter;
In the case where passing through to every group of signature result Verification, according to first signature in every group of signature result parameter
Result parameter restores the corresponding target value of every group of signature result parameter, wherein the target value is in elliptic curve point coordinate
The target value of default dimension;
According to the corresponding target value of every group of signature result, whether sign test passes through the determining signature result to the message to be signed.
7. according to the method described in claim 6, it is characterized in that, according to the corresponding target value of every group of signature result, determine pair
Whether sign test passes through the signature result of the message to be signed, comprising:
If the corresponding target value of every group of signature result is identical, it is determined that logical to the signature result sign test of the message to be signed
It crosses.
8. a kind of signature apparatus of elliptic curve characterized by comprising
Module is obtained, for obtaining elliptic curve domain parameter, default private key and the corresponding integer of message to be signed, wherein described
The corresponding integer of message to be signed refers to integer corresponding to the character string of the message to be signed;
The integer is converted to corresponding signature parameter set for the mould length based on the elliptic curve by conversion module,
In, it include one or more signature parameters in the signature parameter set, the length of the signature parameter is less than default bit wide, institute
State the parameter for the signature operation that signature parameter is indicated for directly participating in the elliptic curve;
Signature blocks, for according to the same random number of generation, the elliptic curve domain parameter and the default private key to institute
It states signature parameter to sign, obtains the signature result of the message to be signed;
Conversion module includes: the first division submodule, for, with target value, obtaining the first quotient and more than first by the integer division
Number, wherein the target value is for indicating with 2 to be the truth of a matter, with the value value of a length of index of the mould;First determines submodule, uses
In determining that first remainder is the first signature parameter, and judge whether first quotient is greater than the target value;Second determines
Submodule, if being less than the target value for first quotient, it is determined that first quotient is the second signature parameter;Second removes
Method submodule, if being greater than or equal to the target value for first quotient, by first quotient divided by the target
Value, obtains the second quotient and the second remainder;Third determines submodule, for determining that second remainder is the second signature parameter, and
Judge whether second quotient is greater than the target value;Third determines submodule, if be greater than or equal to for second quotient
The target value, then it is long divided by the mould by second quotient, until n-th obtained of quotient is less than the target value.
9. a kind of sign test device of elliptic curve, which is characterized in that the signature applied to elliptic curve according to any one of claims 8 fills
It sets, comprising:
Module is obtained, for obtaining the signature result of message to be signed, wherein the signature result includes multiple groups signature result ginseng
Number, every group includes a first signature result parameter and a second signature result parameter;
Recovery module, in the case where passing through to every group of signature result Verification, according in every group of signature result parameter
The first signature result parameter, restore the corresponding target value of every group of signature result parameter, wherein the target value be it is ellipse
The target value of dimension is preset in circular curve point coordinate;
Determining module, for determining the signature result to the message to be signed according to the corresponding target value of every group of signature result
Whether sign test passes through.
10. a kind of storage medium, which is characterized in that the storage medium includes the program of storage, wherein run in described program
When control the storage medium where equipment perform claim require any one of 1 to 5 described in elliptic curve endorsement method,
Or the sign test method of elliptic curve described in any one of claim 6 to 7.
11. a kind of processor, which is characterized in that the processor is for running program, wherein right of execution when described program is run
Benefit require any one of 1 to 5 described in elliptic curve endorsement method or ellipse described in any one of claim 6 to 7
The sign test method of circular curve.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811076382.0A CN109412813B (en) | 2018-09-14 | 2018-09-14 | The endorsement method of elliptic curve, sign test method and apparatus |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811076382.0A CN109412813B (en) | 2018-09-14 | 2018-09-14 | The endorsement method of elliptic curve, sign test method and apparatus |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109412813A CN109412813A (en) | 2019-03-01 |
CN109412813B true CN109412813B (en) | 2019-08-09 |
Family
ID=65464076
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811076382.0A Active CN109412813B (en) | 2018-09-14 | 2018-09-14 | The endorsement method of elliptic curve, sign test method and apparatus |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109412813B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110336674B (en) * | 2019-06-21 | 2022-06-24 | 矩阵元技术(深圳)有限公司 | Range proving method, range proving device, computer equipment and storage medium |
CN113595730B (en) * | 2021-09-28 | 2022-02-22 | 统信软件技术有限公司 | Processing method and device for generating ECC curve in engineering |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101296075A (en) * | 2007-04-29 | 2008-10-29 | 四川虹微技术有限公司 | Identity authentication system based on elliptic curve |
CN103270546A (en) * | 2010-12-24 | 2013-08-28 | 三菱电机株式会社 | Signature generating device, method of generating signature, and recording medium |
US8700894B2 (en) * | 2007-10-17 | 2014-04-15 | Pitney Bowes Inc. | Method and system for securing routing information of a communication using identity-based encryption scheme |
CN105450398A (en) * | 2014-09-23 | 2016-03-30 | 德克萨斯仪器股份有限公司 | Homogeneous atomic pattern for double, add, and subtract operations for digital authentication using elliptic curve cryptography |
CN106612182A (en) * | 2016-12-22 | 2017-05-03 | 中国电子科技集团公司第三十研究所 | Method for implementing SM2 white-box digital signature based on residue number system |
-
2018
- 2018-09-14 CN CN201811076382.0A patent/CN109412813B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101296075A (en) * | 2007-04-29 | 2008-10-29 | 四川虹微技术有限公司 | Identity authentication system based on elliptic curve |
US8700894B2 (en) * | 2007-10-17 | 2014-04-15 | Pitney Bowes Inc. | Method and system for securing routing information of a communication using identity-based encryption scheme |
CN103270546A (en) * | 2010-12-24 | 2013-08-28 | 三菱电机株式会社 | Signature generating device, method of generating signature, and recording medium |
CN105450398A (en) * | 2014-09-23 | 2016-03-30 | 德克萨斯仪器股份有限公司 | Homogeneous atomic pattern for double, add, and subtract operations for digital authentication using elliptic curve cryptography |
CN106612182A (en) * | 2016-12-22 | 2017-05-03 | 中国电子科技集团公司第三十研究所 | Method for implementing SM2 white-box digital signature based on residue number system |
Also Published As
Publication number | Publication date |
---|---|
CN109412813A (en) | 2019-03-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP7266638B2 (en) | DATA TRANSFER CONTROL METHOD AND SYSTEM BASED ON INTEGRATED BLOCKCHAIN | |
CN109741056B (en) | Method and device for uploading electronic certificate | |
CN109785130A (en) | Block chain is known together method, apparatus, computer equipment and storage medium at random | |
CN111010265B (en) | Block chain organization key management method based on hierarchical key and BLS digital signature | |
CN109272316B (en) | Block implementing method and system based on block chain network | |
CN111597590B (en) | Block chain-based data integrity quick inspection method | |
CN110417502B (en) | Block chain link point clock consensus method and device | |
CN107770159A (en) | A kind of car accident data record method and device | |
CN110365481A (en) | The optimization of the close SM2 algorithm of state is accelerated to realize system and method | |
CN112069550B (en) | Electronic contract evidence-storing system based on intelligent contract mode | |
CN109412813B (en) | The endorsement method of elliptic curve, sign test method and apparatus | |
CN108650087A (en) | A kind of SM2 ellipse curve signature dot product encryption methods under binary field F2m | |
CN112769567B (en) | Block chain HD private key retrieving method | |
CN113645278B (en) | Cross-chain message transmission method, device and storage medium of block chain | |
CN112184229A (en) | Block chain-based sub-account transaction processing method, system and equipment | |
Xiong et al. | {VeriZexe}: Decentralized Private Computation with Universal Setup | |
CN110363509A (en) | A kind of information protecting method and device | |
CN109067526A (en) | Level public private key pair generation method and device | |
CN110175169A (en) | A kind of encryption data De-weight method, system and relevant apparatus | |
CN112115201A (en) | Transaction processing method and device based on block chain and transaction tracking method and device | |
CN110264172A (en) | Transaction processing method and device based on block chain | |
CN112785306A (en) | Identical encryption method based on Paillier and application system | |
CN112100688A (en) | Data verification method, device, equipment and storage medium | |
CN115643098A (en) | Cloud data sharing system and auditing system based on certificateless encryption | |
CN111401875A (en) | Block chain transfer method and device based on account model |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |