CN109547212B - Threshold signature method based on SM2 signature algorithm - Google Patents

Threshold signature method based on SM2 signature algorithm Download PDF

Info

Publication number
CN109547212B
CN109547212B CN201811473852.7A CN201811473852A CN109547212B CN 109547212 B CN109547212 B CN 109547212B CN 201811473852 A CN201811473852 A CN 201811473852A CN 109547212 B CN109547212 B CN 109547212B
Authority
CN
China
Prior art keywords
signature
user
users
calculating
ltoreq
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811473852.7A
Other languages
Chinese (zh)
Other versions
CN109547212A (en
Inventor
范佳
白健
安红章
王震
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 30 Research Institute
Original Assignee
CETC 30 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 30 Research Institute filed Critical CETC 30 Research Institute
Priority to CN201811473852.7A priority Critical patent/CN109547212B/en
Publication of CN109547212A publication Critical patent/CN109547212A/en
Application granted granted Critical
Publication of CN109547212B publication Critical patent/CN109547212B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Complex Calculations (AREA)

Abstract

The invention discloses a threshold signature method based on SM2 signature algorithm, which comprises a system establishing stage, a signature stage and a signature verification stage, wherein: in the system establishment phase, a plurality of participating users jointly generate a DSA key pair (x, y ═ g)x) Where y is a public value and x is shared among users; in the stage of generating the signature, a signature algorithm of DSA is adopted, a random number k in the DSA signature is jointly generated by n users, then an encrypted value of the DSA signature is jointly calculated through the property of homomorphic encryption, and finally the value is decrypted to generate the signature of the message digest. The invention provides a novel threshold signature method based on sm2 algorithm, wherein the total membership n in the method only needs to be more than or equal to t +1, and the intermediate result of each step output by a user can be verified. Therefore, the threshold signature method provided by the invention is more flexible and wider in application range.

Description

Threshold signature method based on SM2 signature algorithm
Technical Field
The invention relates to a threshold signature method based on an SM2 signature algorithm.
Background
The national crypto-authority issued SM2 elliptic curve public key cryptography on 12 months and 17 days 2010. The SM2 algorithm aims to guarantee the safety of various information systems and has great significance for the construction of commercial cipher products and information safety systems in China. The SM2 elliptic curve public key cryptographic algorithm comprises a digital signature algorithm, a key exchange protocol and a public key encryption algorithm.
In a common signature algorithm, the private key is held by only 1 user. If the user private key is stolen by an attacker, the attacker can forge the signature. To avoid this risk, desmdt et al propose the idea of a threshold signature. In threshold signatures, where the private key is shared by a community of n users, any t or more members collaborate to generate a valid signature on behalf of the community, and less than t members collaborate to generate a valid signature on behalf of the community.
In 2014, Shang Ming et al proposed a threshold signature algorithm based on sm2 algorithm. However, this algorithm has the following limitations: (1) the total number of group members n must be at least 2t +1 or more. Therefore, the method is not suitable for block chain signature scenes such as (2, 3), (2, 2) and the like. (2) The validity of the signature given by each user in the group cannot be verified, and only the final result can be authenticated. If the signature result is incorrect, a non-honest user cannot be determined.
Disclosure of Invention
In order to overcome the above disadvantages of the prior art, the present invention provides a threshold signature method based on SM2 signature algorithm.
The technical scheme adopted by the invention for solving the technical problems is as follows: a threshold signature method based on SM2 signature algorithm comprises a system establishing stage, a signature stage and a signature verification stage, wherein: in the system establishment phase, a plurality of participating users jointly generate a DSA key pair (x, y ═ g)x) Where y is a public value and x is shared among users; in the stage of generating the signature, a signature algorithm of DSA is adopted, a random number k in the DSA signature is jointly generated by n users, then an encrypted value of the DSA signature is jointly calculated through the property of homomorphic encryption, and finally the value is decrypted to generate the signature of the message digest.
Compared with the prior art, the invention has the following positive effects:
the invention provides a novel threshold signature method based on sm2 algorithm, wherein the total membership n in the method only needs to be more than or equal to t +1, and the intermediate result of each step output by a user can be verified.
Therefore, the threshold signature method provided by the invention is more flexible and wider in application range.
The method of the invention can be applied in a block chain system to support various applications, such as:
(1) the user stores the digital assets in the synthetic address, and both parties respectively master a private key and cannot independently control the assets. Both parties need to sign for a transaction when trading assets.
(2) For example, in a transaction, three parties are respectively from a buyer, a seller and an arbitrator, and each transaction requires a signature of the buyer, the seller and the arbitrator to complete the transaction.
Detailed Description
The threshold signature based on the SM2 signature algorithm proposed by the method comprises three stages: a system setup phase, a signature phase, and a verification signature phase.
In this method, the following three documents are cited as techniques for constructing our scheme.
A key generation method of a threshold homomorphic encryption scheme in cited documents of 'C.Hazay, G.L.Mikkelsen, T.Rabin, T.Toft.and A.A.Nicolosi: Efficient RSA key generation and threshold Pattern in the two-party setting' generates a user private key and a scheme public key of the threshold homomorphic encryption scheme, and the threshold encryption and decryption algorithms in the cited documents are cited as encryption algorithms E and D in the scheme; the notation in the cited literature in the method is preparedERepresenting homomorphic multiplication.
The commitment algorithm and commitment verification algorithm described in the documents "r.gennaro.multi-trailer Commitments and heat Applications to pro of sof Knowledge current Man-in-the-Middle attacks.proc.ofcrypto' 04, Springer LNCS 3152, pp.220-236" are cited as the Com algorithm and Ver algorithm in the present solution.
Zero knowledge evidence was generated and validated by the method in the literature "R.Gennaro, S.Goldfeder, Narayanan A.Threshold-Optimal DSA/ECDSA Signatures and an Application to Bitcion Wallet Security [ J ]. 2016".
The method comprises the following specific construction processes:
first, system establishment
In the present process, the main purpose is that multiple participating users jointly generate a DSA key pair (x, y ═ g)x) Where y is a public value and x is shared among users. A public key N for an additive homomorphic encryption scheme E is first generated, along with a secret key d in shared form between users. Secondly, each user selects a respective private key xiGenerating a public key yiAnd calculating a signature public key y; then for xiEncrypted with E, the value α ═ E (x) can be obtained according to the nature of the additive homomorphism. Note that α is an implicit (t, n) secret sharing of x, since the decryption key d for E is shared among users, only ≧ t users can recover key d.
Firstly, each user generates a user private key and a scheme public key of a threshold homomorphic encryption scheme by adopting a key generation method of the threshold homomorphic encryption scheme.
And (3) generating a scheme public key:
n users jointly generate a public key N of RSA; the composition form is
Figure BDA0001891692150000031
Figure BDA0001891692150000032
Each user generates a pair of Paillier keys N independentlyi=pi.qiThen, p can be obtained by applying the property of Paillier homomorphic encryption between every two users through common calculationiqjThe value of (c).
1) The users each generate an RSA combination pair:
generating an ElGamal public key by the n users; in the group with original g and Q, each party PiSelecting a random number x'i∈ZQBroadcasting, broadcasting
Figure BDA0001891692150000033
Then the public key of ElGamal
Figure BDA0001891692150000034
Each user PiGenerating a Paillier key Ni=pi.qiAnd broadcast. p is a radical ofiAnd q isiIs a private key.
2) Computing a scheme public key N:
the main idea is to do for any two users PiAnd PjParticipating in protocol acquisition
Figure BDA0001891692150000041
It can be directly calculated when i ═ j. Thereby obtaining
Figure BDA0001891692150000042
The method comprises the following specific steps:
for 1. ltoreq. i, j. ltoreq. n, PjBroadcast uniform random values
Figure BDA0001891692150000043
ElGamal encrypted value of (1).
For 1. ltoreq. i, j. ltoreq. n, PiSending piOf Paillier's encryption value
Figure BDA0001891692150000044
To Pj
For 1. ltoreq. i, j. ltoreq. n, PjWhen the secret key is NiThe Paillier encryption is calculated as follows:
Figure BDA0001891692150000045
wherein r isijIs a random number. Will be provided with
Figure BDA0001891692150000046
Is sent to Pi
For 1. ltoreq. i, j. ltoreq. n, PiDecryption
Figure BDA0001891692150000047
The plaintext modulo Q is denoted as
Figure BDA0001891692150000048
For 1. ltoreq. i, j. ltoreq. n, each user confirms that everyone is actually dedicated to producing pi·qjThe fraction of (c).
Based on qjEncryption of, user PiCompute and broadcast pi·qjThe new encryption of (2); all parties then calculate the ElGamal encryption using homomorphism
Figure BDA0001891692150000049
The plaintext obtained after decryption by all users is 0.
For 1. ltoreq. i, j. ltoreq. n, all users use homomorphism calculation
Figure BDA00018916921500000410
Encryption of (2). And P isiBroadcasting si
For 1. ltoreq. i, j. ltoreq. n, the final user calculation
Figure BDA00018916921500000411
And (3) generating a user private key:
when the private key of the user is generated, the addition sharing d of d is firstly calculatediCalculated by user together
Figure BDA00018916921500000412
And
Figure BDA00018916921500000413
in this process d is obtainedi. Then, the values of d are calculated together, and a Shamir share of (t, n) is generated for d and is given to the related n users.
The second step is that:
1) each user randomly selects xiCalculating yi=xi*G,αi=E(xi) Calculate [ C ]i,Di]=Com(yi);
2) Per user broadcast Ci
The third step:
1) calculating zero knowledge evidence pi for each user(0,i)
Certifying that
Figure BDA0001891692150000052
So that eta G ═ yi,D(αi)=η;
2) Broadcast per user Di,αi,Π(0,i)
The fourth step:
1) each user verifying other user commitments yi=Ver(Ci,Di)
2) Each user verifying zero knowledge proof of other users
3) E (α) is calculated per user, where
Figure BDA0001891692150000051
4) The algorithm public key is y
Second, generate signature
The main approach is to apply the signature algorithm of DSA. The random number k in the DSA signature is jointly generated by n users; namely, each participating user selects a random number and then calculates to obtain k, and the encrypted value of the DSA signature is obtained through the common calculation of the property of homomorphic encryption. Decrypting the value generates a signature of the message digest.
The first step is as follows:
each user Pi
1) Selecting rhoiRZq
2) Calculating ui=E(ρi),vi=ρi×Eα=E(ρix)
3) Calculating [ C ]1,i,D1,i]=Com([ui,vi])
4) Calculating zero knowledge evidence Π(1,i)
Certifying that
Figure BDA0001891692150000062
So that D (u)i)=η,D(vi)=ηD(E(x))
5) Broadcast C1,i
Second step, each user PiBroadcast D1,iZero knowledge evidence pi (1, i)
The third step:
each user Pi
1) Open other user commitments by calculating [ uj,vj]=Ver(C1,j,D1,j)
2) Verifying zero knowledge evidence II of other users(1,j)
3) If the verification is passed, u-E (rho) and v-E (rho x) are calculated, wherein
Figure BDA0001891692150000061
The fourth step:
each user Pi
1) Selection of kiR ZqandciR[-q6,q6]
2) Calculating ri=ki*G,
3) Calculating wi=(ki×E u)+EE(ciq)=E(kiρ+ciq)
4) Calculating [ C ]2,i,D2,i]=Com(ri,wi)
5) Calculating zero knowledge evidence Π (2, i), (ensure uiAnd viIs correctly set up)
Certifying that
Figure BDA0001891692150000063
So that eta G ri,D(wi)=ηD(u)mod q
6) Broadcast C2,i(ensure each kiIndependence of (2)
Fifth step, each user PiBroadcast D2,iZero knowledge evidence pi (2, i)
And a sixth step:
each user Pi
1) Open other user commitments by calculating [ rj,wj]=Ver(C2,j,D2,j)
2) Verifying zero knowledge evidence II of other users(2,j)
3) If the verification is passed, w ═ E (k ρ + cq) is calculated, where
Figure BDA0001891692150000071
4) Computing
Figure BDA0001891692150000072
r=[R]x+e mod n,
The seventh step:
each user Pi
1) The threshold decryption v yields d (v) · η ∈ [ -q7, q7]And η mod q and ψ η-1mod q
2) Calculating sigma psi × E [ w + E (r × E u)]=ψ×E[E(kρ+cq)+E E(rρ)]
=(ρ-1x-1EE(kρ+cq+rρ)=E(x-1(k+r))
3) Threshold decryption σ, calculating s ═ D (v) -r modq
And eighthly, obtaining a signature (r, s).
Third, verify the signature
The verify signature step is consistent with the verify SM2 signature step.

Claims (6)

1. A threshold signature method based on SM2 signature algorithm is characterized in that: the method comprises a system establishing stage, a signature stage and a signature verification stage, wherein: in the system establishment phase, the participating n users jointly generate a DSA key pair (x, y ═ g)x) Where y is a public value and x is shared among users; in the stage of generating the signature, a signature algorithm of DSA is adopted, a random number k in the DSA signature is jointly generated by n users, then an encrypted value of the DSA signature is jointly calculated through the property of homomorphic encryption, and finally the value is decrypted to generate the signature of the message digest.
2. The threshold signature method based on the SM2 signature algorithm of claim 1, wherein: the method for generating the DSA key pair comprises the following steps: firstly, generating a public key N for an additive homomorphic encryption scheme E and a secret key d existing in a shared form among users; secondly, each user selects a respective private key xiGenerating a public key yiAnd calculating a signature public key y; then for xiE is used for encryption, and a value alpha (E) (x) is obtained through calculation according to the property of addition homomorphism, wherein alpha is implicit (t, n) secret sharing of x, a decryption key d of E is shared among users, and the key d can be recovered only by more than or equal to t users.
3. The threshold signature method based on the SM2 signature algorithm of claim 2, wherein: the specific process of establishing the system comprises the following steps:
firstly, each user generates a user private key and a scheme public key of a threshold homomorphic encryption scheme by adopting a key generation method of the threshold homomorphic encryption scheme;
second, each user randomly selects xiCalculating yi=xi*G,αi=E(xi) Calculate [ C ]i,Di]=Com(yi) (ii) a Per user broadcast Ci
Thirdly, calculating zero knowledge evidence pi for each user(0,i)Prove that
Figure FDA0003003402430000012
So that eta G ═ yi,D(αi) η; broadcast per user Di,αi,Π(0,i)
Fourth, each user verifies other user commitments yi=Ver(Ci,Di) And zero knowledge evidence of other users, calculating E (alpha), wherein
Figure FDA0003003402430000011
The algorithm public key is y.
4. The threshold signature method based on the SM2 signature algorithm of claim 3, wherein: the method for generating the scheme public key comprises the following steps:
1) the users each generate an RSA combination pair:
generating an ElGamal public key by the n users; in generating the group of original g and order Q, each party PiSelecting a random number x'i∈ZQBroadcasting, broadcasting
Figure FDA0003003402430000021
Then the public key of ElGamal
Figure FDA0003003402430000022
Each user PiGenerating a Paillier key Ni=pi.qiAnd broadcast, piAnd q isiIs a private key;
2) computing a scheme public key N:
for 1. ltoreq. i, j. ltoreq. n, PjBroadcast uniform random values
Figure FDA0003003402430000023
The ElGamal encrypted value of (1);
for 1. ltoreq. i, j. ltoreq. n, PiSending piOf Paillier's encryption value
Figure FDA0003003402430000024
To Pj
For 1. ltoreq. i, j. ltoreq. n, PjWhen the secret key is NiThe Paillier encryption is calculated as follows:
Figure FDA0003003402430000025
wherein r isijIs a random number, will
Figure FDA0003003402430000026
Is sent to Pi
For 1. ltoreq. i, j. ltoreq. n, PiDecryption
Figure FDA0003003402430000027
The plaintext modulo Q is denoted as
Figure FDA0003003402430000028
For 1. ltoreq. i, j. ltoreq. n, each user confirms that everyone is actually dedicated to producing pi·qjBased on the share of qjEncryption of, user PiCompute and broadcast pi·qjThe new encryption of (2); all parties then calculate the ElGamal encryption using homomorphism
Figure FDA0003003402430000029
The plaintext obtained after all users decrypt is 0;
for 1. ltoreq. i, j. ltoreq. n, all users use homomorphism calculation
Figure FDA00030034024300000210
Is encrypted, and PiBroadcasting si
For 1. ltoreq. i, j. ltoreq. n, the final user calculation
Figure FDA00030034024300000211
5. The threshold signature method based on the SM2 signature algorithm of claim 3, wherein: the method for generating the user private key comprises the following steps: compute d first for the additive share diObtained by common calculation of users
Figure FDA00030034024300000212
And
Figure FDA00030034024300000213
and in the process d is obtainedi(ii) a Then, the values of d are calculated together, and a Shamir share of (t, n) is generated for d and is given to the related n users.
6. The threshold signature method based on the SM2 signature algorithm of claim 1, wherein: the specific process of generating the signature includes:
first step, per user PiSelecting rhoiRZqCalculating ui=E(ρi),vi=ρi×Eα=E(ρix); calculating [ C ]1,i,D1,i]=Com([ui,vi]) (ii) a Calculating zero knowledge evidence Π(1,i)Prove that
Figure FDA0003003402430000034
So that D (u)i)=η,D(vi) Eta D (e (x)), and then broadcast C1,i
Second step, each user PiBroadcast D1,iZero knowledge evidence Π (1, i);
third step, each user PiOpen other user commitments by calculating [ uj,vj]=Ver(C1,j,D1,j) Verifying zero-knowledge evidence II of other users(1,j)And calculating u ═ E (ρ) and v ═ E (ρ x) after the verification is passed, wherein
Figure FDA0003003402430000031
Fourth step, each user PiSelection of kiR ZqandciR[-q6,q6]Calculating ri=kiG; calculating wi=(ki×Eu)+EE(ciq)=E(kiρ+ciq); calculating [ C ]2,i,D2,i]=Com(ri,wi) (ii) a Calculating zero knowledge evidence II (2, i) to prove
Figure FDA0003003402430000035
So that eta G ri,D(wi) η d (u) mod q, then broadcast C2,i
Fifth step, each user PiBroadcast D2,iZero knowledge evidence Π (2, i);
sixth step, each user PiOpen other user commitments by calculating [ rj,wj]=Ver(C2,j,D2,j) Verifying zero-knowledge evidence II of other users(2,j)And calculating w ═ E (k ρ + cq) after the verification passes, wherein
Figure FDA0003003402430000032
Computing
Figure FDA0003003402430000033
Seventh step, each user PiThe threshold decryption v yields d (v) · η ∈ [ -q7, q7]And η mod q and ψ η-1mod q; calculating sigma ═ psi × E [ w + E (r × Eu)]=ψ×E[E(kρ+cq)+EE(rρ)]=(ρ-1x-1EE(kρ+cq+rρ)=E(x-1(k + r)); threshold decryption σ, calculating s ═ d (v) -r modq;
and eighthly, obtaining a signature (r, s).
CN201811473852.7A 2018-12-04 2018-12-04 Threshold signature method based on SM2 signature algorithm Active CN109547212B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811473852.7A CN109547212B (en) 2018-12-04 2018-12-04 Threshold signature method based on SM2 signature algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811473852.7A CN109547212B (en) 2018-12-04 2018-12-04 Threshold signature method based on SM2 signature algorithm

Publications (2)

Publication Number Publication Date
CN109547212A CN109547212A (en) 2019-03-29
CN109547212B true CN109547212B (en) 2021-06-18

Family

ID=65852677

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811473852.7A Active CN109547212B (en) 2018-12-04 2018-12-04 Threshold signature method based on SM2 signature algorithm

Country Status (1)

Country Link
CN (1) CN109547212B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111130786A (en) * 2019-10-25 2020-05-08 武汉大学 Multi-party cooperative SM2 key generation and ciphertext decryption method and medium
CN110958114A (en) * 2019-10-25 2020-04-03 武汉大学 Two-party cooperative SM2 key generation and ciphertext decryption method and medium
CN111064557A (en) * 2019-12-25 2020-04-24 杭州安司源科技有限公司 Distributed trusteeship digital currency threshold signature key distribution method
CN111756537B (en) * 2020-07-13 2022-11-29 广州安研信息科技有限公司 Two-party cooperative decryption method, system and storage medium based on SM2 standard
CN114338028A (en) * 2020-09-28 2022-04-12 华为技术有限公司 Threshold signature method and device, electronic equipment and readable storage medium
CN112417489B (en) * 2020-12-04 2022-09-30 矩阵元技术(深圳)有限公司 Digital signature generation method and device and server
CN113079020B (en) * 2021-03-30 2022-05-06 桂林电子科技大学 Multi-chain forensics method of alliance chain based on threshold signature decision system
CN113300841B (en) * 2021-05-25 2022-11-25 贵州大学 Identity-based collaborative signature method and system
CN113507374B (en) * 2021-07-02 2021-11-30 恒生电子股份有限公司 Threshold signature method, device, equipment and storage medium
CN114157427B (en) * 2021-12-02 2023-06-20 南京邮电大学 SM2 digital signature-based threshold signature method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1138927A (en) * 1994-01-13 1996-12-25 银行家信托公司 Cryptographic system and method with key escrow feature
CN101267308A (en) * 2008-04-24 2008-09-17 上海交通大学 Democratic signature method with threshold tracking
CN105933116A (en) * 2016-06-27 2016-09-07 收付宝科技有限公司 SM2-based electronic signature generating and verifying methods and devices
CN108173639A (en) * 2018-01-22 2018-06-15 中国科学院数据与通信保护研究教育中心 A kind of two side's cooperation endorsement methods based on SM9 signature algorithms
CN108667626A (en) * 2018-07-20 2018-10-16 陕西师范大学 The two sides cooperation SM2 endorsement methods of safety
CN108667627A (en) * 2018-07-20 2018-10-16 武汉大学 SM2 digital signature methods based on two sides collaboration

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1138927A (en) * 1994-01-13 1996-12-25 银行家信托公司 Cryptographic system and method with key escrow feature
CN101267308A (en) * 2008-04-24 2008-09-17 上海交通大学 Democratic signature method with threshold tracking
CN105933116A (en) * 2016-06-27 2016-09-07 收付宝科技有限公司 SM2-based electronic signature generating and verifying methods and devices
CN108173639A (en) * 2018-01-22 2018-06-15 中国科学院数据与通信保护研究教育中心 A kind of two side's cooperation endorsement methods based on SM9 signature algorithms
CN108667626A (en) * 2018-07-20 2018-10-16 陕西师范大学 The two sides cooperation SM2 endorsement methods of safety
CN108667627A (en) * 2018-07-20 2018-10-16 武汉大学 SM2 digital signature methods based on two sides collaboration

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
SM2椭圆曲线门限密码算法;尚铭;《密码学报》;20140415;第1卷(第2期);第155-166页 *

Also Published As

Publication number Publication date
CN109547212A (en) 2019-03-29

Similar Documents

Publication Publication Date Title
CN109547212B (en) Threshold signature method based on SM2 signature algorithm
CN107707358B (en) EC-KCDSA digital signature generation method and system
CN109194478B (en) Method for generating SM9 digital signature by combining multiple parties under asymmetric environment
CN108667625B (en) Digital signature method of cooperative SM2
CN109660361B (en) Method for generating SM9 digital signature by combining multiple parties under symmetric environment
CN107733648B (en) Identity-based RSA digital signature generation method and system
CN108667627B (en) SM2 digital signature method based on two-party cooperation
CN114157427B (en) SM2 digital signature-based threshold signature method
CN110011803B (en) Method for cooperatively generating digital signature by two parties of light SM2
CN110120939B (en) Encryption method and system capable of repudiation authentication based on heterogeneous system
CN109547199B (en) Method for generating SM2 digital signature by combining multiple parties
CN103248478A (en) Multi-party security agreement based sealed electric auction scheme and verification method
CN110601859B (en) Certificateless public key cryptographic signature method based on 25519 elliptic curve
CN104767612A (en) Signcryption method from certificateless environment to public key infrastructure environment
CN109639439A (en) A kind of ECDSA digital signature method based on two sides collaboration
CN104767611A (en) Signcryption method from public key infrastructure environment to certificateless environment
CN111355582A (en) Two-party combined signature and decryption method and system based on SM2 algorithm
CN110061828A (en) Distributed digital endorsement method without trusted party
CN111030821B (en) Encryption method of alliance chain based on bilinear mapping technology
CN113132104A (en) Active and safe ECDSA (electronic signature SA) digital signature two-party generation method
Islam et al. Certificateless strong designated verifier multisignature scheme using bilinear pairings
CN115473631A (en) Block chain certificateless aggregation signcryption key negotiation method based on Chinese remainder theorem
EP1571778A1 (en) Method for generating fair blind signatures
CN108055134B (en) Collaborative computing method and system for elliptic curve point multiplication and pairing operation
Kwak et al. Efficient distributed signcryption scheme as group signcryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant