CN109586917A - The signature method and sealing system of anti-quantum calculation based on unsymmetrical key pond - Google Patents

The signature method and sealing system of anti-quantum calculation based on unsymmetrical key pond Download PDF

Info

Publication number
CN109586917A
CN109586917A CN201811286483.0A CN201811286483A CN109586917A CN 109586917 A CN109586917 A CN 109586917A CN 201811286483 A CN201811286483 A CN 201811286483A CN 109586917 A CN109586917 A CN 109586917A
Authority
CN
China
Prior art keywords
signature
seal
key
public key
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811286483.0A
Other languages
Chinese (zh)
Other versions
CN109586917B (en
Inventor
富尧
钟民
钟一民
汪仲祥
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ruban Quantum Technology Co Ltd
Original Assignee
Ruban Quantum Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ruban Quantum Technology Co Ltd filed Critical Ruban Quantum Technology Co Ltd
Priority to CN201811286483.0A priority Critical patent/CN109586917B/en
Publication of CN109586917A publication Critical patent/CN109586917A/en
Application granted granted Critical
Publication of CN109586917B publication Critical patent/CN109586917B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses the signature methods and sealing system of a kind of anti-quantum calculation based on unsymmetrical key pond, signature method includes: pre- to issue key card, it is stored with E-seal and group key pond in key card, and carries out stamped signature and tests in key card used in chapter configured with identical group key pond;Stamped signature is carried out to file using the E-seal in key card when stamped signature, generates the file for having Electronic Signature;It is included at least in the Electronic Signature and the seal generated signature, and the anti-quantum calculation public key generated using the group key pond in seal public key combination key card is participated in by seal public key;Seal public key is extracted from the anti-quantum calculation public key using group key pond when testing chapter, and seal signature is verified using seal public key.

Description

The signature method and sealing system of anti-quantum calculation based on unsymmetrical key pond
Technical field
The present invention relates to secure communications, it is especially a kind of using key card realize anti-quantum calculation signature method and Sealing system.
Background technique
E-seal, also referred to as digital sealing are a kind of visual forms of expression of digital signature, can also be interpreted as The electronization of traditional seal and handwritten signature, it be functionally similar to using on paper document traditional seal or hand-written label Name.The object for needing to cover E-seal is electronic document, these electronic documents will also transmit in a network environment, this makes electricity Sub- seal application system becomes relative complex.Therefore, E-seal is not equivalent to simple E-seal picture, it must have Three kinds of fundamental characteristics such as standby ease for use, safety, scalability.
Electronic seal system is mainly used for ensureing under open network environment, and the official document to circulate in system really has Effect is not tampered.System is using cryptography as theoretical basis, to rely on, in conjunction with digital watermark technology, database technology, component skill Art etc. realizes the effect of affixing one's seal of electronic document, the functions such as confirmation of secretarial document, print control, permission control, certificate management.Meanwhile electricity Sub- seal system solves the greatest problem that traditional seal instantly is encountered, and is exactly traditional seal technology and modern paperless office Between contradiction.In the environment of an information automation, all official documents exist all in the form of digital document, traditional lid The validation testing of chapter or signature will be unable to continue to use in such a case.In addition, today so flourishing in network technology, very Multifile must but lean on the mode of mailing to transmit, this can also be seriously affected for a cross-region, multidisciplinary work Its efficiency and cost.
Currently, demand of the user to E-seal and its Related product is also more more and more urgent, many government bodies and enterprise It clearly proposes to want to using E-seal, to promote office electronization, improves the safety of existing system, increase Efficiency.Government and expert also quite pay attention to electronic signature, E-seal technology, reliable electronic signature and handwritten signature or It affixes one's seal with same legal effect.And point out, safe electronic seal is a revolution in China's seal history.Chinese safety electricity Sub- control of stamping application system advanced digital authentication technology will be applied in seal security administration in the world, strengthen to electronic seal The production of chapter and the management of application links, it is ensured that E-seal holder's identity is true and reliable.It is believed that the foreseeable future is electric Sub- seal is bound to be widely applied in many fields such as office automation, IT application in enterprises, e-commerce and e-government.
Quantum computer has great potential in password cracking.Asymmetric (public key) Encryption Algorithm of current mainstream, such as RSA cryptographic algorithms, the calculating of most of factorization or the discrete logarithm in finite field for being all based on big integer the two Difficult math question.Their difficulty that cracks also is dependent on the efficiency solved these problems.On traditional computer, it is desirable that solve the two Difficult math question, cost time are exponential time (cracking the time as the growth of public key length is increased with exponential), this is in reality It is unacceptable in the application of border.It and is that your the elegant algorithm that quantum computer is made to measure (can be broken in polynomial time The solution time is increased with the growth of public key length with the speed of k power, and wherein k is the constant unrelated with public key length) carry out it is whole Number factorization or discrete logarithm calculate, to provide possibility for RSA, cracking for discrete logarithm Encryption Algorithm.
Problem of the existing technology:
1. in the prior art, corresponding private key is obtained quickly through public key due to quantum calculation function, based on public and private The digital signature method of key is cracked by quantum computer, causes the E-seal based on digital signature technology also by quantum computer It cracks.
2. the outputting and inputting for digital signature in the prior art, based on public and private key can be known to other party, in quantum meter In the presence of calculation machine, it may be derived private key, E-seal is caused to be cracked by quantum computer.
Summary of the invention
In order to further increase the safety of stamped signature, the present invention provides a kind of method for carrying out stamped signature using E-seal.
A kind of signature method of the anti-quantum calculation based on unsymmetrical key pond, comprising:
Key card is issued in advance, is stored with E-seal and group key pond in key card, and carries out stamped signature and test chapter being made Identical group key pond is configured in key card;
Stamped signature is carried out to file using the E-seal in key card when stamped signature, generates the file for having Electronic Signature;
It is included at least in the Electronic Signature and the seal generated signature is participated in by seal public key, and in group key The seal public key pointer random number of seal public key is extracted in pond;
Seal public key is extracted from group key pond using seal public key pointer random number when testing chapter, and utilizes seal public key Seal signature is verified;The wherein corresponding relationship of the seal public key pointer random number and seal public key are as follows:
Randomizer when stamped signature in stamped signature side's key card generates seal public key pointer random number;
Seal public key pointer random number is acted on using public key pointer function, generates public key pointer;
The group key pond that the public key pointer is directed toward in stamped signature side's key card obtains designated position, which is Corresponding seal public key.
Several optional ways also provided below, but be not intended as the additional qualification to above-mentioned overall plan, only into The supplement of one step is preferred, and under the premise of no technology or logical contradiction, each optional way can be individually for above-mentioned totality side Case is combined, and be can also be and is combined between multiple optional ways.
Optionally, the generating mode of the seal signature includes:
Seal server is signed to obtain with the relevant portion including at least seal public key of the private key to E-seal One signature;
Seal server generates the first random number, and carries out encryption to the first signature using first random number and form first Signature ciphertext;
Seal server carries out encryption to the first random number with private key and generates first key ciphertext;
First key ciphertext and the first signature ciphertext collectively form seal signature.
Optionally, seal server public key is also stored in the key card for decrypting seal signature.
Optionally, the verification mode of seal signature includes:
Seal public key is obtained using in the way of corresponding by matched key card and seal public key pointer random number;
The first key cipher text part in seal signature is decrypted with seal server public key, it is random to obtain first Number, then the first signature ciphertext is decrypted to obtain the first signature with the first random number;
It is signed with seal server public key decryption first, and first signature is verified.
Optionally, further include stamped signature signature in the Electronic Signature, further include the verifying to stamped signature signature when testing chapter;It is described Stamped signature signature generating mode include:
The relevant portion in Electronic Signature is signed with stamped signature side's private key to obtain the second signature;
Encryption is carried out to the second signature with the second random number and forms the second signature ciphertext;
Encryption is carried out to the second random number with stamped signature side's private key and generates the second key ciphertext;
Second key ciphertext and the second signature ciphertext collectively form stamped signature signature;
The randomizer for generating second random number is also configured in the key card.
Optionally, the verification mode of the stamped signature signature includes:
The second key cipher text part in stamped signature signature is decrypted with the public key of stamped signature side, obtains the second random number;
Be decrypted to obtain the second signature to the second signature ciphertext in stamped signature signature with the second random number, and to this second Signature is verified.
Optionally, further include file signature in the Electronic Signature, further include the verifying to file signature when testing chapter;It is described The generating mode of file signature includes:
File is signed with stamped signature side's private key to obtain third signature;
The third random number carries out encryption to third signature and forms third signature ciphertext;
Encryption is carried out to third random number with stamped signature side's private key and generates third key ciphertext;
Third key ciphertext and third signature ciphertext collectively form file signature;
The randomizer for generating the third random number is also configured in the key card.
Optionally, the verification mode of the file signature includes:
The third key cipher text part in file signature is decrypted with the public key of stamped signature side, obtains third random number;
The third signature ciphertext in file signature is decrypted to obtain third signature with third random number, and to the third Signature is verified.
The present invention also provides a kind of sealing systems of anti-quantum calculation based on unsymmetrical key pond, including seal server And stamped signature side and test Zhang Fang, it the stamped signature side and tests Zhang Fang and holds key card, be stored with E-seal and group in key card Pool of keys, and carry out stamped signature and test in key card used in chapter configured with identical group key pond;
When stamped signature, stamped signature side carries out stamped signature to file using the E-seal in key card, generates with Electronic Signature File;
It is included at least in the Electronic Signature and the seal generated signature is participated in by seal public key, and in group key The seal public key pointer random number of seal public key is extracted in pond;
When testing chapter, Zhang Fang is tested using seal public key pointer random number and extracts seal public key from group key pond, and is utilized Seal public key verifies seal signature;The wherein corresponding relationship of the seal public key pointer random number and seal public key are as follows:
Randomizer when stamped signature in stamped signature side's key card generates seal public key pointer random number;
Seal public key pointer random number is acted on using public key pointer function, generates public key pointer;
The group key pond that the public key pointer is directed toward in stamped signature side's key card obtains designated position, which is Corresponding seal public key.
In the present invention, key card storage of public keys, private key and E-seal picture are used;And the only public key externally issued Pointer random number is not original public key itself.Key card is independent hardware isolated equipment, is grasped by Malware or malice A possibility that stealing key or E-seal picture substantially reduces.Since quantum computer is unable to get plaintext public key, then Also it is unable to get corresponding private key, therefore the E-seal of the program is not easy to be cracked by quantum computer.
In the present invention, the digital signature based on public and private key is further encrypted by random number key, and random number key is private Key encryption, forms the digital signature of encryption.Even if in the presence of quantum computer, it is also difficult to be derived private key.Cause The E-seal of this program is not easy to be cracked by quantum computer.
Detailed description of the invention
Fig. 1 is key card internal structure chart used in the present invention;
Fig. 2 is the relation schematic diagram of the E-seal and Electronic Signature in the present invention;
Fig. 3 is the open partial internal structure figure of the E-seal in the present invention;
Fig. 4 is the Electronic Signature internal structure chart in the present invention;
Fig. 5 is the flow chart that the public key encryption in the present invention is anti-quantum public key;
Fig. 6 is the flow chart that signer generates digital signature;
Fig. 7 is the flow chart that authentication verifies digital signature.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
In order to better describe and illustrate embodiments herein, one or more attached drawing can refer to, but attached for describing The additional detail or example of figure are not construed as to present invention creation, current described embodiment or preferred side The limitation of the range of any one in formula.
Referring to FIG. 1 to FIG. 7, anti-Quantum Electronics seal method process of the present embodiment based on pool of symmetric keys is as follows.
1. seal server issues key card:
In 1.1 present invention, seal server is responsible for issuing key card, and possesses the public and private key for belonging to one's own side.
The user terminal of E-seal can be mobile terminal or fixed terminal in the present invention, and each user terminal is equipped with key Card.The matched key card side of issuing, each user terminal institute for belonging to a user terminal group is seal server, the seal service Device, that is, key card supervisor side, typically belongs to the administrative department of certain enterprise or public institution;The key card side of being awarded is key card The member that is managed of supervisor side, generally employees at different levels of certain enterprise or public institution, can be carried out by user terminal stamped signature or Person tests chapter.
Key card is the independent hardware isolated equipment of similar USBkey, SDKey, host key board, and inside can be divided For multiple regions, corresponding data are stored respectively.
Randomizer is configured in key card.
Seal server public key (for verifying seal signature), E-seal and group key pond are stored in key card.
Wherein E-seal includes the Private Parts of the open part of E-seal, E-seal.
In the key card that same group member (such as stamped signature side mentioned in this article and test Zhang Fang) is possessed, group key Pond is identical, and identical function or algorithm etc. are also stored in key card, for carrying out corresponding operation.Because key card have physics every From attribute, a possibility that being stolen by Malware or malicious operation substantially reduces.
E-seal is the data structure comprising digital signature, it simulates tradition seal in kind using computer technology, The electronic document of capping has appearance identical with the paper document that seal in kind covers, identical validity and similar use Mode.E-seal includes open part and Private Parts, is respectively stored in the different zones of key card.
The Private Parts of E-seal is exactly the private key of E-seal, this part is part that cannot be known.
The open part of E-seal includes seal essential information, seal picture, seal public key and seal signature.
Seal essential information be by E-seal label originator, E-seal user, E-seal uniquity (be equivalent to ID this Kind of identifier), E-seal signs and issues the time, E-seal title, signature algorithm, E-seal effective date, E-seal lose Imitate the composition such as date and extension.
Wherein, the generating mode of seal signature includes:
Seal server with private key (corresponding to seal server public key) to seal essential information, seal picture hash value and Seal public key is signed to obtain the first signature;
Seal server generates the first random number, and carries out encryption to the first signature using first random number and form first Signature ciphertext;
Seal server carries out encryption to the first random number with private key and generates first key ciphertext;
First key ciphertext and the first signature ciphertext collectively form seal signature.
Seal signature and the subsequent stamped signature signature referred to herein, file signature etc. can be considered digital signature, just raw Itself at digital signature, existing principle can be used to implement, signature operation (such as when generating the first signature) and verifying (example When such as verifying the first signature) process it is as follows:
Referring to Fig. 6, the original text that signer will sign makees one-way hash function operation and obtains eap-message digest, uses private key Algorithm for encryption is carried out to eap-message digest, obtained signature and original text are sent jointly into authentication.
Referring to Fig. 7, authentication will obtain original text and signature and separate, and equally carry out one-way hash function operation to original text and obtain New eap-message digest;Algorithm decryption is carried out to digital signature with corresponding public key, obtain original eap-message digest and is disappeared with new Breath abstract is compared, and illustrates that the sender of original text is reliable if completely the same, and the process original text transmitted does not have It is tampered.
1.2 users register it is granted after, obtain the key card that seal server is issued, for stamped signature or test Chapter.
2. document signing.
Key card is inserted into user terminal (stamped signature side) interface, with E-seal (including open part and the privacy in key card Part) stamped signature is carried out in designated place to the file for needing to carry out stamped signature, file (has the text of Electronic Signature after generating stamped signature Part), it is then forwarded to and tests Zhang Fang.
Since safe data interaction can be carried out between key card and user terminal, the specific step that stamped signature is related to is carried out Suddenly it can both carry out, can also have been carried out in user terminal in key card, it is subsequent to test Zhang Tongli.
Electronic Signature is a kind of electronic signature form of expression realized using E-seal, will be electric using image processing techniques Sub- signature operation is converted into visual effect identical with paper document signature, stamping, while being protected using electronic signature technology Hinder the authenticity and integrity of electronic information and the non-repudiation of signer.
Electronic Signature include seal essential information, seal picture hash value, seal public key pointer random number, seal signature, File signature, stamped signature facility information, stamped signature timestamp and stamped signature signature etc..
Wherein stamped signature facility information is the information for recording stamped signature Current hardware equipment, such as host model, the address ip, mac Address etc..Electronic Signature can be written into document, can also form independent stamped signature file, and default is for the former under normal circumstances.
Relative to the open part (seal essential information, seal picture, seal public key and seal signature) of E-seal, electricity Main change in sub- stamped signature are as follows:
Seal picture is converted to seal picture hash value;
Seal public key is converted to seal public key pointer random number;
Generate file signature, stamped signature facility information, stamped signature timestamp and stamped signature signature;
It is described further below for anti-quantum calculation public key, file signature and stamped signature signature.
Wherein E-seal, Electronic Signature and file can verify whether to be tampered, another in subsequent step 3,4,5 It explains one by one.
In order to improve safety, when obtaining Electronic Signature to file progress stamped signature using E-seal, seal public key is all It is underground, i.e., it does not directly display in Electronic Signature, what disclosure used is all the seal public affairs with storing in pool of keys in key card The related seal public key pointer random number in the position of key.
The corresponding relationship of seal the public key pointer random number and seal public key are as follows:
It is (each random mentioned in the present invention that randomizer in key card generates seal public key pointer random number rk The all preferred quantum random number of number);
Public key pointer function frkp acts on seal public key pointer random number rk, generates public key pointer rkp;
The group key pond that public key pointer rkp is directed toward in corresponding key card obtains designated position, in the designated position Hold i.e. corresponding seal public key krk.
Seal public key pointer random number rk is disclosed in Electronic Signature as anti-quantum calculation public key, Zhang Shike is tested and passes through Seal public key pointer random number rk, which obtains corresponding seal public key in the group key pond of one's own side, carrys out E-seal for participating in The verifying in source.
The content of seal public key is formed and stored in key card middle finger via seal server when issuing key card in advance Fixed address suffers, and storage is that a position is found in key card also with corresponding seal public key pointer random number, so Seal public key is stored in this specified position afterwards.Correspondingly, when testing chapter, using seal public key pointer random number right Seal public key is extracted in the address answered.
Because group key pond is in key card, it is desirable to obtain really original seal public key, the handle only in key card Anti- quantum calculation public key and group key pond combine operation just available original seal public key, so seal public key quilt Leakage a possibility that being cracked, substantially reduces, largely improve safety.
The generation method of stamped signature signature includes: in Electronic Signature
User terminal private key is to seal essential information, seal picture hash value, seal public key pointer random number, seal label Name, file signature, stamped signature facility information, stamped signature timestamp are signed to obtain the second signature;
The matched key card of user terminal generates the second random number, and is encrypted using second random number to the second signature Form the second signature ciphertext;
User terminal carries out encryption to the second random number with private key and generates the second key ciphertext;
Second key ciphertext and the second signature ciphertext collectively form stamped signature signature.
The generation method of file signature includes: in Electronic Signature
User terminal signs file with private key to obtain third signature;
The matched key card of user terminal generates third random number, and is added using the third random number to third signature Close formation third signature ciphertext;
User terminal carries out encryption to third random number with private key and generates third key ciphertext;
Third key ciphertext and third signature ciphertext collectively form file signature.
Other parts information can refer to the prior art and generate or directly obtain from E-seal in Electronic Signature.
Zhang Fang file after the stamped signature for obtaining step 2 is tested, carries out testing chapter with any order execution step 3,4,5.
3. being verified using the Electronic Signature in file after stamped signature to E-seal source.
It is public that 3.1 user terminals (testing Zhang Fang) need to take out the seal essential information of Electronic Signature, seal picture hash value, seal Key pointer random number, seal signature.
3.2 user terminals obtain seal using in the way of corresponding by matched key card and seal public key pointer random number Public key.
3.3 user terminals are first with seal server public key to the first key cipher text part in the seal signature taken out in 3.1 It is decrypted, obtains the first random number, then be decrypted to obtain the first signature to the first signature ciphertext with the first random number;
Then again with the first signature of seal server public key decryption, obtaining the first original hashed value (can be considered that message is plucked It wants).
3.4 with identical hash function when signing with generation first to seal essential information, the print taken out in step 3.1 The original seal public key being calculated in chapter picture hash value and step 3.2 is calculated, and obtaining the second hashed value (can It is considered as eap-message digest).
3.5 are compared the first hashed value and the second hashed value, if the same illustrate that E-seal is derived from print Chapter server, and be not tampered with.
4. the Electronic Signature after pair stamped signature in file is verified.
4.1 user terminals (testing Zhang Fang) take out the seal essential information of Electronic Signature, seal picture hash, seal public key pointer Random number, seal signature, file signature, stamped signature facility information, stamped signature timestamp and stamped signature signature.
4.2 first carry out the second key cipher text part in the stamped signature signature taken out in step 4.1 with the public key of stamped signature side Decryption, obtains the second random number;
Again the second signature ciphertext in stamped signature signature is decrypted to obtain the second signature with the second random number, then be used again The public key decryptions second of stamped signature person are signed, and original hashed value is obtained.
4.3 with identical hash function when signing with generation second to taken out in step 4.1 seal essential information, seal Picture hash, seal public key pointer random number, seal signature, file signature, stamped signature facility information, stamped signature timestamp are calculated Obtain result.
4.4 by result obtained in step 4.3 with being compared with the original hashed value calculated in step 4.2, such as Fruit is identical, illustrates the Electronic Signature person that is derived from stamped signature, and be not tampered with.
5. verifying using the Electronic Signature in file after stamped signature to file, and verify the method for Electronic Signature similarly.
5.1 user terminals (testing Zhang Fang) file extraction document after stamped signature.
5.2 first carry out the third key cipher text part in the file signature taken out in step 5.1 with the public key of stamped signature side Decryption, obtains third random number;
Again the third signature ciphertext in file signature is decrypted to obtain third signature with third random number, then be used again The public key decryptions third of stamped signature person is signed, and original hashed value is obtained.
5.3 are calculated the file taken out in step 5.1 with hash function identical when generating third signature As a result.
5.4 by result obtained in step 5.3 with being compared with the original hashed value calculated in step 5.2, such as The identical then supporting paper of fruit is derived from stamped signature person, and and is not tampered with.
Disclosed above is only the embodiment of the present invention, but the present invention is not limited to this, those skilled in the art Various changes and modifications can be made to the invention without departing from the spirit and scope of the present invention.These obvious modification and variations are equal Should belong to the present invention claims protection scope protection in.In addition, although being used some specific terms in this specification, this A little terms merely for convenience of description, are not constituted the present invention any specifically limited.

Claims (9)

1. a kind of signature method of the anti-quantum calculation based on unsymmetrical key pond characterized by comprising
Key card is issued in advance, E-seal and group key pond are stored in key card, and carries out stamped signature and tests used in chapter Identical group key pond is configured in key card;
Stamped signature is carried out to file using the E-seal in key card when stamped signature, generates the file for having Electronic Signature;
It is included at least in the Electronic Signature and the seal generated signature is participated in by seal public key, and in group key pond Extract the seal public key pointer random number of seal public key;
Seal public key is extracted from group key pond using seal public key pointer random number when testing chapter, and using seal public key to print Chapter signature is verified;The wherein corresponding relationship of the seal public key pointer random number and seal public key are as follows:
Randomizer when stamped signature in stamped signature side's key card generates seal public key pointer random number;
Seal public key pointer random number is acted on using public key pointer function, generates public key pointer;
The group key pond that the public key pointer is directed toward in stamped signature side's key card obtains designated position, which corresponds to Seal public key.
2. the signature method of the anti-quantum calculation based on unsymmetrical key pond as described in claim 1, which is characterized in that described Seal signature generating mode include:
Seal server is signed to obtain the first label with the relevant portion including at least seal public key of the private key to E-seal Name;
Seal server generates the first random number, and carries out encryption to the first signature using first random number and form the first signature Ciphertext;
Seal server carries out encryption to the first random number with private key and generates first key ciphertext;
First key ciphertext and the first signature ciphertext collectively form seal signature.
3. the signature method of the anti-quantum calculation based on unsymmetrical key pond as claimed in claim 2, which is characterized in that described Seal server public key is also stored in key card for decrypting seal signature.
4. the signature method of the anti-quantum calculation based on unsymmetrical key pond as claimed in claim 3, which is characterized in that seal The verification mode of signature includes:
Seal public key is obtained using in the way of corresponding by matched key card and seal public key pointer random number;
The first key cipher text part in seal signature is decrypted with seal server public key, obtains the first random number, then The first signature ciphertext is decrypted to obtain the first signature with the first random number;
It is signed with seal server public key decryption first, and first signature is verified.
5. the signature method of the anti-quantum calculation based on unsymmetrical key pond as claimed in claim 4, which is characterized in that described Further include stamped signature signature in Electronic Signature, further includes the verifying to stamped signature signature when testing chapter;The generating mode of the stamped signature signature Include:
The relevant portion in Electronic Signature is signed with stamped signature side's private key to obtain the second signature;
Encryption is carried out to the second signature with the second random number and forms the second signature ciphertext;
Encryption is carried out to the second random number with stamped signature side's private key and generates the second key ciphertext;
Second key ciphertext and the second signature ciphertext collectively form stamped signature signature;
The randomizer for generating second random number is also configured in the key card.
6. the signature method of the anti-quantum calculation based on unsymmetrical key pond as claimed in claim 5, which is characterized in that described Stamped signature signature verification mode include:
The second key cipher text part in stamped signature signature is decrypted with the public key of stamped signature side, obtains the second random number;
The second signature ciphertext in stamped signature signature is decrypted with the second random number to obtain the second signature, and to second signature It is verified.
7. the signature method of the anti-quantum calculation based on unsymmetrical key pond as claimed in claim 6, which is characterized in that described Further include file signature in Electronic Signature, further includes the verifying to file signature when testing chapter;The generating mode of the file signature Include:
File is signed with stamped signature side's private key to obtain third signature;
The third random number carries out encryption to third signature and forms third signature ciphertext;
Encryption is carried out to third random number with stamped signature side's private key and generates third key ciphertext;
Third key ciphertext and third signature ciphertext collectively form file signature;
The randomizer for generating the third random number is also configured in the key card.
8. the signature method of the anti-quantum calculation based on unsymmetrical key pond as claimed in claim 7, which is characterized in that described The verification mode of file signature includes:
The third key cipher text part in file signature is decrypted with the public key of stamped signature side, obtains third random number;
The third signature ciphertext in file signature is decrypted to obtain third signature with third random number, and is signed to the third It is verified.
9. a kind of sealing system of the anti-quantum calculation based on unsymmetrical key pond, including seal server and stamped signature side and test Zhang Fang, which is characterized in that the stamped signature side and test Zhang Fang and hold key card, be stored with E-seal and group key in key card Pond, and carry out stamped signature and test in key card used in chapter configured with identical group key pond;
When stamped signature, stamped signature side carries out stamped signature to file using the E-seal in key card, generates the file for having Electronic Signature;
It is included at least in the Electronic Signature and the seal generated signature is participated in by seal public key, and in group key pond Extract the seal public key pointer random number of seal public key;
When testing chapter, Zhang Fang is tested using seal public key pointer random number and extracts seal public key from group key pond, and utilizes seal Public key verifies seal signature;The wherein corresponding relationship of the seal public key pointer random number and seal public key are as follows:
Randomizer when stamped signature in stamped signature side's key card generates seal public key pointer random number;
Seal public key pointer random number is acted on using public key pointer function, generates public key pointer;
The group key pond that the public key pointer is directed toward in stamped signature side's key card obtains designated position, which corresponds to Seal public key.
CN201811286483.0A 2018-10-31 2018-10-31 Anti-quantum-computation signature method and system based on asymmetric key pool Active CN109586917B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811286483.0A CN109586917B (en) 2018-10-31 2018-10-31 Anti-quantum-computation signature method and system based on asymmetric key pool

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811286483.0A CN109586917B (en) 2018-10-31 2018-10-31 Anti-quantum-computation signature method and system based on asymmetric key pool

Publications (2)

Publication Number Publication Date
CN109586917A true CN109586917A (en) 2019-04-05
CN109586917B CN109586917B (en) 2021-07-27

Family

ID=65920974

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811286483.0A Active CN109586917B (en) 2018-10-31 2018-10-31 Anti-quantum-computation signature method and system based on asymmetric key pool

Country Status (1)

Country Link
CN (1) CN109586917B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110881048A (en) * 2019-12-16 2020-03-13 苏宁云计算有限公司 Safety communication method and device based on identity authentication
CN111030825A (en) * 2019-12-03 2020-04-17 南京如般量子科技有限公司 Anti-quantum computation electronic seal system based on secret shared public key pool and signature and verification method thereof

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1467661A (en) * 2003-05-01 2004-01-14 齐宇庆 Design method for digital electronic signet
CN102664732A (en) * 2012-03-07 2012-09-12 南相浩 Implementation method and system for resisting quantum computation attack based on CPK public key system
CN103413159A (en) * 2013-08-15 2013-11-27 成都市易恒信科技有限公司 RFID electronic certificate off-line distinguishing and anti-counterfeiting implementation method and system based on CPK
CN106357396A (en) * 2016-09-23 2017-01-25 浙江神州量子网络科技有限公司 Digital signature method, digital signature system and quantum key card
CN108599926A (en) * 2018-03-20 2018-09-28 如般量子科技有限公司 A kind of HTTP-Digest modified AKA identity authorization systems and method based on pool of symmetric keys
CN108712252A (en) * 2018-05-29 2018-10-26 如般量子科技有限公司 It is a kind of based on pool of symmetric keys and span centre after AKA identity authorization systems and method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1467661A (en) * 2003-05-01 2004-01-14 齐宇庆 Design method for digital electronic signet
CN102664732A (en) * 2012-03-07 2012-09-12 南相浩 Implementation method and system for resisting quantum computation attack based on CPK public key system
CN103413159A (en) * 2013-08-15 2013-11-27 成都市易恒信科技有限公司 RFID electronic certificate off-line distinguishing and anti-counterfeiting implementation method and system based on CPK
CN106357396A (en) * 2016-09-23 2017-01-25 浙江神州量子网络科技有限公司 Digital signature method, digital signature system and quantum key card
CN108599926A (en) * 2018-03-20 2018-09-28 如般量子科技有限公司 A kind of HTTP-Digest modified AKA identity authorization systems and method based on pool of symmetric keys
CN108712252A (en) * 2018-05-29 2018-10-26 如般量子科技有限公司 It is a kind of based on pool of symmetric keys and span centre after AKA identity authorization systems and method

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111030825A (en) * 2019-12-03 2020-04-17 南京如般量子科技有限公司 Anti-quantum computation electronic seal system based on secret shared public key pool and signature and verification method thereof
CN110881048A (en) * 2019-12-16 2020-03-13 苏宁云计算有限公司 Safety communication method and device based on identity authentication
CN110881048B (en) * 2019-12-16 2021-11-09 苏宁云计算有限公司 Safety communication method and device based on identity authentication

Also Published As

Publication number Publication date
CN109586917B (en) 2021-07-27

Similar Documents

Publication Publication Date Title
CN108229188B (en) Method for signing file and verifying file by using identification key
CN109614802A (en) The signature method and sealing system of anti-quantum calculation
US10559049B2 (en) Digital passport country entry stamp
CN109600228B (en) Anti-quantum-computation signature method and system based on public key pool
US8108678B1 (en) Identity-based signcryption system
CN101674304B (en) Network identity authentication system and method
CN109274503A (en) Distributed collaboration endorsement method and distributed collaboration signature apparatus, soft shield system
CN109560935A (en) The signature method and sealing system of anti-quantum calculation based on public asymmetric key pond
CN106341493A (en) Entity rights oriented digitalized electronic contract signing method
CN109672530A (en) Anti- quantum calculation digital signature method and anti-quantum calculation digital signature system based on unsymmetrical key pond
CN106713336B (en) Electronic data safeguard system and method based on double, asymmetrical encryption technology
CN101183439A (en) Electronic bill processing system and processing method
CN109889495B (en) Quantum computation resistant electronic seal method and system based on multiple asymmetric key pools
CN108090370A (en) Instant messaging encryption method and system based on index
CN109687977A (en) Anti- quantum calculation digital signature method and anti-quantum calculation digital signature system based on multiple pool of keys
Liu et al. Application of AES and RSA Hybrid Algorithm in E-mail
CN110826109A (en) Penetrating signature method suitable for PDF document
CN109586918A (en) The signature method and sealing system of anti-quantum calculation based on pool of symmetric keys
CN109714175A (en) Deposit card method, evidence collecting method and deposit system
CN107229879A (en) Electronics confirmation request automatic generation method and system based on safe Quick Response Code
CN108777673A (en) One kind carrying out Bidirectional identity authentication method in block chain
Zhang A study on application of digital signature technology
Sujithra et al. ID based adaptive-key signcryption for data security in cloud environment
CN109586917A (en) The signature method and sealing system of anti-quantum calculation based on unsymmetrical key pond
CN110519040B (en) Anti-quantum computation digital signature method and system based on identity

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant