CN109560935A - The signature method and sealing system of anti-quantum calculation based on public asymmetric key pond - Google Patents
The signature method and sealing system of anti-quantum calculation based on public asymmetric key pond Download PDFInfo
- Publication number
- CN109560935A CN109560935A CN201811287444.2A CN201811287444A CN109560935A CN 109560935 A CN109560935 A CN 109560935A CN 201811287444 A CN201811287444 A CN 201811287444A CN 109560935 A CN109560935 A CN 109560935A
- Authority
- CN
- China
- Prior art keywords
- signature
- seal
- key
- random number
- public key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses the signature methods and sealing system of a kind of anti-quantum calculation based on public asymmetric key pond, signature method includes: pre- to issue key card, it is stored with E-seal and unsymmetrical key pond in key card, and carries out stamped signature and tests in key card used in chapter configured with identical unsymmetrical key pond;Stamped signature is carried out to file using the E-seal in key card when stamped signature, generates the file for having Electronic Signature;It is included at least in the Electronic Signature and the seal generated signature, and the anti-quantum calculation public key generated using the unsymmetrical key pond in seal public key combination key card is participated in by seal public key;Seal public key is extracted from the anti-quantum calculation public key using unsymmetrical key pond when testing chapter, and seal signature is verified using seal public key.
Description
Technical field
The present invention relates to secure communications, especially a kind of E-seal side that anti-quantum calculation is realized using key card
Method.
Background technique
E-seal, also referred to as digital sealing are a kind of visual forms of expression of digital signature, can also be interpreted as
The electronization of traditional seal and handwritten signature, it be functionally similar to using on paper document traditional seal or hand-written label
Name.The object for needing to cover E-seal is electronic document, these electronic documents will also transmit in a network environment, this makes electricity
Sub- seal application system becomes relative complex.Therefore, E-seal is not equivalent to simple E-seal picture, it must have
Three kinds of fundamental characteristics such as standby ease for use, safety, scalability.
Electronic seal system is mainly used for ensureing under open network environment, and the official document to circulate in system really has
Effect is not tampered.System is using cryptography as theoretical basis, to rely on, in conjunction with digital watermark technology, database technology, component skill
Art etc. realizes the effect of affixing one's seal of electronic document, the functions such as confirmation of secretarial document, print control, permission control, certificate management.Meanwhile electricity
Sub- seal system solves the greatest problem that traditional seal instantly is encountered, and is exactly traditional seal technology and modern paperless office
Between contradiction.In the environment of an information automation, all official documents exist all in the form of digital document, traditional lid
The validation testing of chapter or signature will be unable to continue to use in such a case.In addition, today so flourishing in network technology, very
Multifile must but lean on the mode of mailing to transmit, this can also be seriously affected for a cross-region, multidisciplinary work
Its efficiency and cost.
Currently, demand of the user to E-seal and its Related product is also more more and more urgent, many government bodies and enterprise
It clearly proposes to want to using E-seal, to promote office electronization, improves the safety of existing system, increase
Efficiency.Government and expert also quite pay attention to electronic signature, E-seal technology, reliable electronic signature and handwritten signature or
It affixes one's seal with same legal effect.And point out, safe electronic seal is a revolution in China's seal history.Chinese safety electricity
Sub- control of stamping application system advanced digital authentication technology will be applied in seal security administration in the world, strengthen to electronic seal
The production of chapter and the management of application links, it is ensured that E-seal holder's identity is true and reliable.It is believed that the foreseeable future is electric
Sub- seal is bound to be widely applied in many fields such as office automation, IT application in enterprises, e-commerce and e-government.
Quantum computer has great potential in password cracking.Asymmetric (public key) Encryption Algorithm of current mainstream, such as
RSA cryptographic algorithms, the calculating of most of factorization or the discrete logarithm in finite field for being all based on big integer the two
Difficult math question.Their difficulty that cracks also is dependent on the efficiency solved these problems.On traditional computer, it is desirable that solve the two
Difficult math question, cost time are exponential time (cracking the time as the growth of public key length is increased with exponential), this is in reality
It is unacceptable in the application of border.It and is that your the elegant algorithm that quantum computer is made to measure (can be broken in polynomial time
The solution time is increased with the growth of public key length with the speed of k power, and wherein k is the constant unrelated with public key length) carry out it is whole
Number factorization or discrete logarithm calculate, to provide possibility for RSA, cracking for discrete logarithm Encryption Algorithm.
Problem of the existing technology:
1. in the prior art, corresponding private key is obtained quickly through public key due to quantum calculation function, based on public and private
The digital signature method of key is cracked by quantum computer, causes the E-seal based on digital signature technology also by quantum computer
It cracks.
2. the outputting and inputting for digital signature in the prior art, based on public and private key can be known to other party, in quantum meter
In the presence of calculation machine, it may be derived private key, E-seal is caused to be cracked by quantum computer.
Summary of the invention
In order to further increase the safety of stamped signature, the present invention provides a kind of method for carrying out stamped signature using E-seal.
A kind of signature method of the anti-quantum calculation based on public asymmetric key pond, comprising:
Key card is issued in advance to seal server and each client respectively, is wherein stored with print in the key card of client
Chapter picture and unsymmetrical key pond;
E-seal and unsymmetrical key pond are stored in seal server key card, and be each equipped in each key card with
Machine number generator and identical unsymmetrical key pond;
The client of stamped signature side carries out pre- stamped signature to file using the seal picture in key card, and by the text after pre- stamped signature
Part is sent to the request of seal server and carries out stamped signature;
Seal server carries out stamped signature to file in response to the request of client and generates the file transmission with Electronic Signature
To the client for testing Zhang Fang;
It is included at least in the Electronic Signature and the seal generated signature is participated in by seal public key, and for asymmetric close
The seal public key pointer random number of seal public key is extracted in key pond;
The client for testing Zhang Fang extracts seal public key, and benefit using seal public key pointer random number from unsymmetrical key pond
Seal signature is verified with seal public key.
Several optional ways also provided below, but be not intended as the additional qualification to above-mentioned overall plan, only into
The supplement of one step is preferred, and under the premise of no technology or logical contradiction, each optional way can be individually for above-mentioned totality side
Case is combined, and be can also be and is combined between multiple optional ways.
Optionally, the corresponding relationship of the seal public key pointer random number and seal public key are as follows:
The randomizer of the key card of seal server generates seal public key pointer random number;
Seal public key pointer random number is acted on using public key pointer function, generates public key pointer;
The unsymmetrical key pond that the public key pointer is directed toward in the key card of seal server obtains designated position, the specific bit
It sets content and corresponds to seal public key.
Optionally, the client progress pre- stamped signature of stamped signature side includes:
It is signed to obtain authentication signature using file of the private key to insertion seal picture;
Certification random number is generated with the randomizer in matched key card, is authenticated using the certification random number encryption
Signature generates authentication signature ciphertext;
Encryption is carried out to the random number using private key and generates authentication key ciphertext;
Authentication key ciphertext and authentication signature ciphertext collectively form authentication document signature;
Client id, file and authentication document signature are sent to the request of seal server and carry out stamped signature;The seal
Server carries out signature verification to the authentication document signature received, carries out stamped signature again after.
Optionally, the generating mode of the seal signature includes:
Seal server is signed to obtain with the relevant portion including at least seal public key of the private key to E-seal
One signature;
Seal server generates the first random number, and carries out encryption to the first signature using first random number and form first
Signature ciphertext;
Seal server carries out encryption to the first random number with private key and generates first key ciphertext;
First key ciphertext and the first signature ciphertext collectively form seal signature.
Optionally, the public key of seal server is also stored in key card, the verification mode of the seal signature includes:
The client of Zhang Fang is tested to obtain by matched key card and seal public key pointer random number using in the way of corresponding
Obtain seal public key;
The first key cipher text part in seal signature is decrypted with seal server public key, it is random to obtain first
Number, then the first signature ciphertext is decrypted to obtain the first signature with the first random number;
It is signed with seal server public key decryption first, and first signature is verified.
Optionally, further include stamped signature signature in the Electronic Signature, further include the verifying to stamped signature signature when testing chapter;It is described
Stamped signature signature generating mode include:
Seal server signs the relevant portion in Electronic Signature with private key to obtain the second signature;
The randomizer of the key card of seal server generates the second random number, and is signed with the second random number to second
Name carries out encryption and forms the second signature ciphertext;
Seal server carries out encryption to the second random number with private key and generates the second key ciphertext;
Second key ciphertext and the second signature ciphertext collectively form stamped signature signature.
Optionally, the verification mode of the stamped signature signature includes:
The client for testing Zhang Fang solves the second key cipher text part in stamped signature signature with the public key of seal server
It is close, obtain the second random number;
Be decrypted to obtain the second signature to the second signature ciphertext in stamped signature signature with the second random number, and to this second
Signature is verified.
Optionally, further include file signature in the Electronic Signature, further include the verifying to file signature when testing chapter;It is described
The generating mode of file signature includes:
Seal server signs file with private key to obtain third signature;
The third random number carries out encryption to third signature and forms third signature ciphertext;
Seal server carries out encryption to third random number with private key and generates third key ciphertext;
Third key ciphertext and third signature ciphertext collectively form file signature;
The verification mode of the file signature includes:
The client for testing Zhang Fang solves the third key cipher text part in file signature with the public key of seal server
It is close, obtain third random number;
The third signature ciphertext in file signature is decrypted to obtain third signature with third random number, and to the third
Signature is verified.
The present invention also provides a kind of sealing systems of anti-quantum calculation based on public asymmetric key pond, including seal to take
Business and is each configured with key respectively as stamped signature side and the client for testing Zhang Fang, seal server and each client at device
Card, is wherein stored with seal picture and unsymmetrical key pond in the key card of client;
E-seal and unsymmetrical key pond are stored in seal server key card, and be each equipped in each key card with
Machine number generator and identical unsymmetrical key pond;
The client of stamped signature side carries out pre- stamped signature to file using the seal picture in key card, and by the text after pre- stamped signature
Part is sent to the request of seal server and carries out stamped signature;
Seal server carries out stamped signature to file in response to the request of client and generates the file transmission with Electronic Signature
To the client for testing Zhang Fang;
It is included at least in the Electronic Signature and the seal generated signature is participated in by seal public key, and for asymmetric close
The seal public key pointer random number of seal public key is extracted in key pond;
The client for testing Zhang Fang extracts seal public key, and benefit using seal public key pointer random number from unsymmetrical key pond
Seal signature is verified with seal public key.
In the present invention, key card storage of public keys, private key and E-seal picture are used;And the only public key externally issued
Pointer random number is not original public key itself.Key card is independent hardware isolated equipment, is grasped by Malware or malice
A possibility that stealing key or E-seal picture substantially reduces.Since quantum computer is unable to get plaintext public key, then
Also it is unable to get corresponding private key, therefore the E-seal of the program is not easy to be cracked by quantum computer.
In the present invention, the digital signature based on public and private key is further encrypted by random number key, and random number key is private
Key encryption, forms the digital signature of encryption.Even if in the presence of quantum computer, it is also difficult to be derived private key.Cause
The E-seal of this program is not easy to be cracked by quantum computer.
Detailed description of the invention
Fig. 1 is difference key card relational graph used in the present invention;
Fig. 2 is server key card internal structure chart in the present invention;
Fig. 3 is client key card internal structure chart used in the present invention;
Fig. 4 is the relational graph of the E-seal and Electronic Signature in the present invention;
Fig. 5 is the open partial internal structure figure of the E-seal in the present invention;
Fig. 6 is the Electronic Signature internal structure chart in the present invention;
Fig. 7 is the flow chart that the public key encryption in the present invention is anti-quantum calculation public key;
Fig. 8 is the flow chart that signer generates digital signature;
Fig. 9 is the flow chart that authentication verifies digital signature;
Figure 10 is the flow chart of stamped signature in the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
In order to better describe and illustrate embodiments herein, one or more attached drawing can refer to, but attached for describing
The additional detail or example of figure are not construed as to present invention creation, current described embodiment or preferred side
The limitation of the range of any one in formula.
Referring to Fig. 1~Figure 10, anti-Quantum Electronics seal method process of the present embodiment based on pool of symmetric keys is as follows.
1. seal server issues key card:
In 1.1 present invention, seal server is responsible for issuing server key card and client key card, and possesses and belong to
The public and private key of oneself.
Seal server also handles the request from client, carries out stamped signature to the file that client is sent.
E-seal client can be mobile terminal or fixed terminal in the present invention, and terminal is equipped with key card.
The matched key card of each client institute and server end key card for belonging to a client group issue Fang Jun
For seal server, which typically belongs to the administrative department of certain enterprise or public institution.
The member that the client key card side of being awarded is managed by the supervisor side of key card, generally certain enterprise or cause list
The employees at different levels of position carry out stamped signature using E-seal client or test the preparation of chapter, client according to role again
Stamped signature side can be divided into and test Zhang Fang.
Supervisor side's application that client arrives key card first is opened an account.After client, which carries out registration, logs in granted, it will obtain
Key card (has unique ID).
Randomizer is configured in each key card.
Key card is the independent hardware isolated equipment of similar USBkey, SDKey, host key board, and inside is divided into more
A region.
Client key card is stored with the public key and private key, the public key of seal server, seal picture and non-right of client
Claim pool of keys.
Server key card is stored with seal server public key and private key, the open part of E-seal, E-seal
Private Parts and unsymmetrical key pond.
Since server key card is stored with E-seal corresponding with multiple client difference, electronics also can be considered
Seal pond.
The key that same group member (such as stamped signature side mentioned in this article, test chapter side and seal server) is possessed
In card, unsymmetrical key pond is identical, and identical function or algorithm etc. are also stored in key card, for carrying out corresponding operation.
Because of the hardware isolated attribute of key card, the key being stored therein or E-seal picture are by Malware or malice
A possibility that operation is stolen substantially reduces.
E-seal is the data structure comprising digital signature, it simulates tradition seal in kind using computer technology,
The electronic document of capping has appearance identical with the paper document that seal in kind covers, identical validity and similar use
Mode.E-seal includes open part and Private Parts, is respectively stored in the different zones of key card.
The Private Parts of E-seal is exactly the private key of E-seal, this part is part that cannot be known.
The open part of E-seal includes seal essential information, seal picture, seal public key and seal signature.
Seal essential information be by E-seal label originator, E-seal user, E-seal uniquity (be equivalent to ID this
Kind of identifier), E-seal signs and issues the time, E-seal title, signature algorithm, E-seal effective date, E-seal lose
Imitate the composition such as date and extension.
Wherein, the generating mode of seal signature includes:
Seal server with private key (corresponding to seal server public key) to seal essential information, seal picture hash value and
Seal public key is signed to obtain the first signature;
Seal server generates the first random number, and carries out encryption to the first signature using first random number and form first
Signature ciphertext;
Seal server carries out encryption to the first random number with private key and generates first key ciphertext;
First key ciphertext and the first signature ciphertext collectively form seal signature.
Seal signature and the subsequent stamped signature signature referred to herein, file signature etc. can be considered digital signature, just raw
Itself at digital signature, existing principle can be used to implement, signature operation (such as when generating the first signature) and verifying (example
When such as verifying the first signature) process it is as follows:
Referring to Fig. 8, the original text that signer will sign makees one-way hash function operation and obtains eap-message digest, uses private key
Algorithm for encryption is carried out to eap-message digest, obtained signature and original text are sent jointly into authentication.
Referring to Fig. 9, authentication will obtain original text and signature and separate, and equally carry out one-way hash function operation to original text and obtain
New eap-message digest;Algorithm decryption is carried out to digital signature with corresponding public key, obtain original eap-message digest and is disappeared with new
Breath abstract is compared, and illustrates that the sender of original text is reliable if completely the same, and the process original text transmitted does not have
It is tampered.
1.2 users register it is granted after, obtain the key card that seal server is issued, for stamped signature or test
Chapter.
2. client carry out stamped signature before preparation and send a request to seal server.
Client (signature client) accesses key card due to that can carry out safe data between key card and client
Interaction, therefore the specific steps being related to can both carry out in key card, can also carry out in client, subsequent stamped signature and
Test Zhang Tongli.
Stamped signature side is inserted into seal picture and is signed on needing the file for carrying out stamped signature using the matched key card of institute
It is sent to the request of seal server after (i.e. pre- stamped signature) and carries out stamped signature.
Seal picture is inserted on needing the file for carrying out stamped signature and the mode signed includes:
It is signed to obtain authentication signature using file of the private key to insertion seal picture in stamped signature side;
Randomizer of the stamped signature side in matched key card generates certification random number, is added using the certification random number
Close authentication signature generates authentication signature ciphertext;
Stamped signature side carries out encryption to the random number using private key and generates authentication key ciphertext;
Authentication key ciphertext and authentication signature ciphertext collectively form authentication document signature;
Client id, file and authentication document signature are sent to the request of seal server and carry out stamped signature by stamped signature side.
3. seal server carries out stamped signature to file.
3.1 seal servers carry out signature verification to the authentication document signature received first.
3.1.1 first the authentication key cipher text part in authentication document signature is decrypted with the corresponding public key in stamped signature side,
Certification random number is obtained, then authentication signature ciphertext is decrypted to obtain original authentication signature with certification random number;
Then original hashed value is obtained with the corresponding public key decryptions in the stamped signature side authentication signature again.
3.1.2 file is carried out with identical hash function that result is calculated.
3.1.3 by result obtained in 3.1.2 with being compared with the original hashed value calculated in 3.1.1, if
Identical, supporting paper is derived from correct client, and is not tampered with, it can implements further stamped signature.
3.2 seal servers carry out stamped signature to file.
Key card is inserted into mobile terminal or fixed terminal interface by server end, using with the E-seal in key card
Picture insertion place carries out stamped signature hereof to the file for needing to carry out stamped signature for open part and hidden parts.
Electronic Signature is a kind of electronic signature form of expression realized using E-seal, will be electric using image processing techniques
Sub- signature operation is converted into visual effect identical with paper document signature, stamping, while being protected using electronic signature technology
Hinder the authenticity and integrity of electronic information and the non-repudiation of signer.
Electronic Signature include seal essential information, seal picture hash value, seal public key pointer random number, seal signature,
File signature, stamped signature facility information, stamped signature timestamp and stamped signature signature etc..
Wherein stamped signature facility information is the information for recording stamped signature Current hardware equipment, such as host model, the address ip, mac
Address etc..Electronic Signature can be written into document, can also form independent stamped signature file, and default is for the former under normal circumstances.
Relative to the open part (seal essential information, seal picture, seal public key and seal signature) of E-seal, electricity
Main change in sub- stamped signature are as follows:
Seal picture is converted to seal picture hash value;
Seal public key is converted to seal public key pointer random number;
Generate file signature, stamped signature facility information, stamped signature timestamp and stamped signature signature;
It is described further below for seal public key pointer random number, file signature and stamped signature signature.
Wherein E-seal, Electronic Signature and file can verify whether to be tampered, separately have in subsequent steps by
One explanation.
In order to improve safety, when obtaining Electronic Signature to file progress stamped signature using E-seal, seal public key is all
It is underground, i.e., it does not directly display in Electronic Signature, what disclosure used is all the seal public affairs with storing in pool of keys in key card
The related seal public key pointer random number in the position of key.
The corresponding relationship of seal the public key pointer random number and seal public key are as follows:
It is (each random mentioned in the present invention that randomizer in key card generates seal public key pointer random number rk
The all preferred quantum random number of number);
Public key pointer function frkp acts on seal public key pointer random number rk, generates public key pointer rkp;
The unsymmetrical key pond that public key pointer rkp is directed toward in corresponding key card obtains designated position, the designated position
The i.e. corresponding seal public key krk of content.
Seal public key pointer random number rk is disclosed in Electronic Signature as anti-quantum calculation public key, Zhang Shike is tested and passes through
Seal public key pointer random number rk obtains corresponding seal public key for participating in E-seal in the unsymmetrical key pond of one's own side
The verifying in source.
The content of seal public key is formed and stored in key card middle finger via seal server when issuing key card in advance
Fixed address suffers, and storage is that a position is found in key card also with corresponding seal public key pointer random number, so
Seal public key is stored in this specified position afterwards.Correspondingly, when testing chapter, using seal public key pointer random number right
Seal public key is extracted in the address answered.
Because unsymmetrical key pond is in key card, it is desirable to really original seal public key is obtained, only in key card
Anti- quantum calculation public key and unsymmetrical key pond are combined operation just available original seal public key, so seal is public
Key is leaked a possibility that being cracked and substantially reduces, largely improve safety.
The generation method of stamped signature signature includes: in Electronic Signature
Seal server private key is to seal essential information, seal picture hash value, the seal public key of encryption, seal label
Name, file signature, stamped signature facility information, stamped signature timestamp are signed to obtain the second signature;
The key card of seal server matches generates the second random number, and is carried out using second random number to the second signature
Encryption forms the second signature ciphertext;
Seal server carries out encryption to the second random number with private key and generates the second key ciphertext;
Second key ciphertext and the second signature ciphertext collectively form stamped signature signature.
The generation method of file signature includes: in Electronic Signature
Seal server signs file with private key to obtain third signature;
The key cards of seal server matches generates third random number, and using the third random number to third sign into
Row encryption forms third signature ciphertext;
Seal server carries out encryption to third random number with private key and generates third key ciphertext;
Third key ciphertext and third signature ciphertext collectively form file signature.
Other parts information can refer to the prior art and generate or directly obtain from E-seal in Electronic Signature.
File after stamped signature is sent to by 3.3 seal servers tests Zhang Fang, i.e., stamped signature process is completed.
Zhang Fang file after the stamped signature for obtaining step 2 is tested, carries out testing chapter with any order execution step 4,5,6.
4. being verified using the Electronic Signature in file after stamped signature to E-seal source.
4.1 clients (testing chapter client) need to take out the seal essential information of Electronic Signature, seal picture hash value, print
Chapter public key pointer random number, seal signature.
4.2 clients obtain seal using in the way of corresponding by matched key card and seal public key pointer random number
Public key.
4.3 clients are first with seal server public key to the first key cipher text part in the seal signature taken out in 4.1
It is decrypted, obtains the first random number, then be decrypted to obtain the first signature to the first signature ciphertext with the first random number;
Then again with the first signature of seal server public key decryption, obtaining the first original hashed value (can be considered that message is plucked
It wants).
4.4 with identical hash function when signing with generation first to taken out in step 4.1 seal essential information, seal
The original seal public key being calculated in picture hash value and step 4.2 is calculated, and it is (visual to obtain the second hashed value
For eap-message digest).
4.5 are compared the first hashed value and the second hashed value, if the same illustrate that E-seal is derived from print
Chapter server, and be not tampered with.
5. the Electronic Signature after pair stamped signature in file is verified.
5.1 clients (testing Zhang Fang) take out the seal essential information of Electronic Signature, seal picture hash, seal public key pointer
Random number, seal signature, file signature, stamped signature facility information, stamped signature timestamp and stamped signature signature.
5.2 first carry out the second key cipher text part in the stamped signature signature taken out in step 5.1 with the public key of stamped signature side
Decryption, obtains the second random number;
Again the second signature ciphertext in stamped signature signature is decrypted to obtain the second signature with the second random number, then be used again
The public key decryptions second of stamped signature person are signed, and original hashed value is obtained.
5.3 with identical hash function when signing with generation second to taken out in step 5.1 seal essential information, seal
Picture hash, seal public key pointer random number, seal signature, file signature, stamped signature facility information, stamped signature timestamp are calculated
Obtain result.
5.4 by result obtained in step 5.3 with being compared with the original hashed value calculated in step 5.2, such as
Fruit is identical, illustrates the Electronic Signature person that is derived from stamped signature, and be not tampered with.
6. verifying using the Electronic Signature in file after stamped signature to file, and verify the method for Electronic Signature similarly.
6.1 clients (testing Zhang Fang) extraction document in file after stamped signature.
6.2 first carry out the third key cipher text part in the file signature taken out in step 6.1 with the public key of stamped signature side
Decryption, obtains third random number;
Again the third signature ciphertext in file signature is decrypted to obtain third signature with third random number, then be used again
The public key decryptions third of stamped signature person is signed, and original hashed value is obtained.
6.3 are calculated the file taken out in step 6.1 with hash function identical when generating third signature
As a result.
6.4 by result obtained in step 6.3 with being compared with the original hashed value calculated in step 6.2, such as
The identical then supporting paper of fruit is derived from stamped signature person, and and is not tampered with.
Disclosed above is only the embodiment of the present invention, but the present invention is not limited to this, those skilled in the art
Various changes and modifications can be made to the invention without departing from the spirit and scope of the present invention.These obvious modification and variations are equal
Should belong to the present invention claims protection scope protection in.In addition, although being used some specific terms in this specification, this
A little terms merely for convenience of description, are not constituted the present invention any specifically limited.
Claims (9)
1. a kind of signature method of the anti-quantum calculation based on public asymmetric key pond characterized by comprising
Key card is issued in advance to seal server and each client respectively, is wherein stored with seal figure in the key card of client
Piece and unsymmetrical key pond;
It is stored with E-seal and unsymmetrical key pond in seal server key card, and is each equipped with random number in each key card
Generator and identical unsymmetrical key pond;
The client of stamped signature side carries out pre- stamped signature to file using the seal picture in key card, and the file after pre- stamped signature is sent out
It send to seal server and requests to carry out stamped signature;
Seal server is sent to file progress stamped signature generation with the file of Electronic Signature in response to the request of client and tests
The client of Zhang Fang;
It is included at least in the Electronic Signature and the seal generated signature is participated in by seal public key, and in unsymmetrical key pond
The middle seal public key pointer random number for extracting seal public key;
The client for testing Zhang Fang extracts seal public key using seal public key pointer random number from unsymmetrical key pond, and utilizes print
Chapter public key verifies seal signature.
2. the signature method of the anti-quantum calculation based on public asymmetric key pond as described in claim 1, which is characterized in that
The corresponding relationship of the seal public key pointer random number and seal public key are as follows:
The randomizer of the key card of seal server generates seal public key pointer random number;
Seal public key pointer random number is acted on using public key pointer function, generates public key pointer;
The unsymmetrical key pond that the public key pointer is directed toward in the key card of seal server obtains designated position, in the designated position
Hold i.e. corresponding seal public key.
3. the signature method of the anti-quantum calculation based on public asymmetric key pond as claimed in claim 2, which is characterized in that
The client of stamped signature side carries out the pre- stamped signature
It is signed to obtain authentication signature using file of the private key to insertion seal picture;
Certification random number is generated with the randomizer in matched key card, utilizes the certification random number encryption authentication signature
Generate authentication signature ciphertext;
Encryption is carried out to the random number using private key and generates authentication key ciphertext;
Authentication key ciphertext and authentication signature ciphertext collectively form authentication document signature;
Client id, file and authentication document signature are sent to the request of seal server and carry out stamped signature;The seal service
Device carries out signature verification to the authentication document signature received, carries out stamped signature again after.
4. the signature method of the anti-quantum calculation based on public asymmetric key pond as claimed in claim 3, which is characterized in that
The generating mode of seal signature includes:
Seal server is signed to obtain the first label with the relevant portion including at least seal public key of the private key to E-seal
Name;
Seal server generates the first random number, and carries out encryption to the first signature using first random number and form the first signature
Ciphertext;
Seal server carries out encryption to the first random number with private key and generates first key ciphertext;
First key ciphertext and the first signature ciphertext collectively form seal signature.
5. the signature method of the anti-quantum calculation based on public asymmetric key pond as claimed in claim 4, which is characterized in that
The public key of seal server is also stored in key card, the verification mode of the seal signature includes:
The client of Zhang Fang is tested to be printed by matched key card and seal public key pointer random number using in the way of corresponding
Chapter public key;
The first key cipher text part in seal signature is decrypted with seal server public key, obtains the first random number, then
The first signature ciphertext is decrypted to obtain the first signature with the first random number;
It is signed with seal server public key decryption first, and first signature is verified.
6. the signature method of the anti-quantum calculation based on public asymmetric key pond as claimed in claim 5, which is characterized in that
Further include stamped signature signature in the Electronic Signature, further includes the verifying to stamped signature signature when testing chapter;The generation of the stamped signature signature
Mode includes:
Seal server signs the relevant portion in Electronic Signature with private key to obtain the second signature;
The randomizer of the key card of seal server generates the second random number, and with the second random number to second sign into
Row encryption forms the second signature ciphertext;
Seal server carries out encryption to the second random number with private key and generates the second key ciphertext;
Second key ciphertext and the second signature ciphertext collectively form stamped signature signature.
7. the signature method of the anti-quantum calculation based on public asymmetric key pond as claimed in claim 6, which is characterized in that
The verification mode of stamped signature signature includes:
The client for testing Zhang Fang is decrypted the second key cipher text part in stamped signature signature with the public key of seal server, obtains
To the second random number;
The second signature ciphertext in stamped signature signature is decrypted with the second random number to obtain the second signature, and to second signature
It is verified.
8. the signature method of the anti-quantum calculation based on public asymmetric key pond as claimed in claim 7, which is characterized in that
Further include file signature in the Electronic Signature, further includes the verifying to file signature when testing chapter;The generation of the file signature
Mode includes:
Seal server signs file with private key to obtain third signature;
The third random number carries out encryption to third signature and forms third signature ciphertext;
Seal server carries out encryption to third random number with private key and generates third key ciphertext;
Third key ciphertext and third signature ciphertext collectively form file signature;
The verification mode of the file signature includes:
The client for testing Zhang Fang is decrypted the third key cipher text part in file signature with the public key of seal server, obtains
To third random number;
The third signature ciphertext in file signature is decrypted to obtain third signature with third random number, and is signed to the third
It is verified.
9. a kind of sealing system of the anti-quantum calculation based on public asymmetric key pond, including seal server and make respectively
For stamped signature side and the client for testing Zhang Fang, which is characterized in that seal server and each client are each configured with key card,
Seal picture and unsymmetrical key pond are stored in the key card of middle client;
It is stored with E-seal and unsymmetrical key pond in seal server key card, and is each equipped with random number in each key card
Generator and identical unsymmetrical key pond;
The client of stamped signature side carries out pre- stamped signature to file using the seal picture in key card, and the file after pre- stamped signature is sent out
It send to seal server and requests to carry out stamped signature;
Seal server is sent to file progress stamped signature generation with the file of Electronic Signature in response to the request of client and tests
The client of Zhang Fang;
It is included at least in the Electronic Signature and the seal generated signature is participated in by seal public key, and in unsymmetrical key pond
The middle seal public key pointer random number for extracting seal public key;
The client for testing Zhang Fang extracts seal public key using seal public key pointer random number from unsymmetrical key pond, and utilizes print
Chapter public key verifies seal signature.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811287444.2A CN109560935B (en) | 2018-10-31 | 2018-10-31 | Anti-quantum-computation signature method and signature system based on public asymmetric key pool |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811287444.2A CN109560935B (en) | 2018-10-31 | 2018-10-31 | Anti-quantum-computation signature method and signature system based on public asymmetric key pool |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109560935A true CN109560935A (en) | 2019-04-02 |
CN109560935B CN109560935B (en) | 2021-08-31 |
Family
ID=65865483
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811287444.2A Active CN109560935B (en) | 2018-10-31 | 2018-10-31 | Anti-quantum-computation signature method and signature system based on public asymmetric key pool |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109560935B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110138565A (en) * | 2019-04-22 | 2019-08-16 | 如般量子科技有限公司 | Anti- quantum calculation wired home quantum communications method and system based on unsymmetrical key pond pair |
CN110572788A (en) * | 2019-07-16 | 2019-12-13 | 如般量子科技有限公司 | Wireless sensor communication method and system based on asymmetric key pool and implicit certificate |
CN110611572A (en) * | 2019-10-30 | 2019-12-24 | 江苏亨通问天量子信息研究院有限公司 | Asymmetric password terminal based on quantum random number, communication system and method |
CN111030825A (en) * | 2019-12-03 | 2020-04-17 | 南京如般量子科技有限公司 | Anti-quantum computation electronic seal system based on secret shared public key pool and signature and verification method thereof |
CN111291392A (en) * | 2020-01-22 | 2020-06-16 | 京东数字科技控股有限公司 | Electronic signature method and device, electronic equipment and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105337726A (en) * | 2015-04-06 | 2016-02-17 | 安徽问天量子科技股份有限公司 | End-to-end hand-held device encryption method based on quantum cryptography and system |
CN106357649A (en) * | 2016-09-23 | 2017-01-25 | 浙江神州量子网络科技有限公司 | User identity authentication system and method |
CN108718237A (en) * | 2018-03-20 | 2018-10-30 | 如般量子科技有限公司 | A kind of modified AKA identity authorization systems and method based on pool of symmetric keys |
-
2018
- 2018-10-31 CN CN201811287444.2A patent/CN109560935B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105337726A (en) * | 2015-04-06 | 2016-02-17 | 安徽问天量子科技股份有限公司 | End-to-end hand-held device encryption method based on quantum cryptography and system |
CN106357649A (en) * | 2016-09-23 | 2017-01-25 | 浙江神州量子网络科技有限公司 | User identity authentication system and method |
CN108718237A (en) * | 2018-03-20 | 2018-10-30 | 如般量子科技有限公司 | A kind of modified AKA identity authorization systems and method based on pool of symmetric keys |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110138565A (en) * | 2019-04-22 | 2019-08-16 | 如般量子科技有限公司 | Anti- quantum calculation wired home quantum communications method and system based on unsymmetrical key pond pair |
CN110572788A (en) * | 2019-07-16 | 2019-12-13 | 如般量子科技有限公司 | Wireless sensor communication method and system based on asymmetric key pool and implicit certificate |
CN110572788B (en) * | 2019-07-16 | 2022-08-09 | 如般量子科技有限公司 | Wireless sensor communication method and system based on asymmetric key pool and implicit certificate |
CN110611572A (en) * | 2019-10-30 | 2019-12-24 | 江苏亨通问天量子信息研究院有限公司 | Asymmetric password terminal based on quantum random number, communication system and method |
CN111030825A (en) * | 2019-12-03 | 2020-04-17 | 南京如般量子科技有限公司 | Anti-quantum computation electronic seal system based on secret shared public key pool and signature and verification method thereof |
CN111291392A (en) * | 2020-01-22 | 2020-06-16 | 京东数字科技控股有限公司 | Electronic signature method and device, electronic equipment and storage medium |
CN111291392B (en) * | 2020-01-22 | 2022-09-06 | 京东科技控股股份有限公司 | Electronic signature method and device, electronic equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN109560935B (en) | 2021-08-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109614802B (en) | Anti-quantum-computation signature method and signature system | |
CN108229188B (en) | Method for signing file and verifying file by using identification key | |
US8108678B1 (en) | Identity-based signcryption system | |
CN109600228A (en) | The signature method and sealing system of anti-quantum calculation based on public keys pond | |
CN109560935A (en) | The signature method and sealing system of anti-quantum calculation based on public asymmetric key pond | |
US8145718B1 (en) | Secure messaging system with personalization information | |
US10559049B2 (en) | Digital passport country entry stamp | |
CN102647461B (en) | Communication means based on HTTP, server, terminal | |
US7765582B2 (en) | Identity-based-encryption messaging system with public parameter host servers | |
CN106341493A (en) | Entity rights oriented digitalized electronic contract signing method | |
US20050132201A1 (en) | Server-based digital signature | |
CN101183439A (en) | Electronic bill processing system and processing method | |
CN109672530A (en) | Anti- quantum calculation digital signature method and anti-quantum calculation digital signature system based on unsymmetrical key pond | |
US7685414B1 (en) | Subscription management service for secure messaging system | |
CN102546173B (en) | Digital signature system and signature method based on certificate | |
CN105681470A (en) | Communication method, server and terminal based on hypertext transfer protocol | |
CN109889495A (en) | Anti- quantum calculation electronic seal method and system based on multiple unsymmetrical key ponds | |
CN108022194A (en) | Law-enforcing recorder and its data safety processing method, server and system | |
Qureshi et al. | SeVEP: Secure and verifiable electronic polling system | |
CN109687977A (en) | Anti- quantum calculation digital signature method and anti-quantum calculation digital signature system based on multiple pool of keys | |
CN109413078A (en) | A kind of anonymous authentication scheme based on group ranking under master pattern | |
CN110113334A (en) | Contract processing method, equipment and storage medium based on block chain | |
CN109714175A (en) | Deposit card method, evidence collecting method and deposit system | |
CN109586918A (en) | The signature method and sealing system of anti-quantum calculation based on pool of symmetric keys | |
Zhang | A study on application of digital signature technology |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |