CN109586917B - Anti-quantum-computation signature method and system based on asymmetric key pool - Google Patents
Anti-quantum-computation signature method and system based on asymmetric key pool Download PDFInfo
- Publication number
- CN109586917B CN109586917B CN201811286483.0A CN201811286483A CN109586917B CN 109586917 B CN109586917 B CN 109586917B CN 201811286483 A CN201811286483 A CN 201811286483A CN 109586917 B CN109586917 B CN 109586917B
- Authority
- CN
- China
- Prior art keywords
- signature
- seal
- key
- random number
- public key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Abstract
The invention discloses a quantum computation resistant signature method and a quantum computation resistant signature system based on an asymmetric key pool, wherein the signature method comprises the following steps: pre-issuing a key fob, wherein an electronic seal and a group key pool are stored in the key fob, and the same group key pool is configured in the key fob used for signing and verifying; when signing, the electronic seal in the key fob is used for signing the file to generate a file with the electronic signature; the electronic signature at least comprises a seal signature generated by participation of a seal public key and an anti-quantum computation public key generated by combining the seal public key with a group key pool in a key fob; and extracting a seal public key from the anti-quantum computation public key by using the group key pool during seal verification, and verifying the seal signature by using the seal public key.
Description
Technical Field
The invention relates to the field of secure communication, in particular to a signature method and a signature system for realizing quantum computation resistance by using a key fob.
Background
An electronic seal, also called a digital seal, is a visual representation of a digital signature, and can also be understood as the electronization of a traditional seal and a handwritten signature, and the function of the electronic seal is similar to that of a traditional seal or a handwritten signature used on a paper document. The objects to be stamped with electronic stamps are electronic documents that are also transmitted in a network environment, which makes the electronic stamp application system relatively complicated. Therefore, the electronic seal is not equivalent to a simple electronic seal picture, and has three basic characteristics of usability, safety, expansibility and the like.
The electronic seal system is mainly used for ensuring the authenticity and effectiveness of the official documents circulated in the system and preventing the official documents from being tampered under an open network environment. The system is based on cryptography as a theoretical basis, and combines a digital watermarking technology, a database technology, a component technology and the like to realize the functions of electronic document stamping effect, document verification, printing control, authority control, certificate management and the like. Meanwhile, the electronic seal system solves the biggest problem encountered by the traditional seal, namely the contradiction between the traditional seal technology and the modern paperless office. In an information automation environment, all official documents exist in the form of digital documents, and the traditional seal or signature verification mode cannot be used continuously in the environment. In addition, today with the advanced network technology, many documents must be delivered by post, which also seriously affects the efficiency and cost of a cross-regional, multi-department job.
At present, the demand of users for electronic seals and related products is more and more urgent, and a plurality of government agencies and enterprises have clearly proposed and hope to use electronic seals, so that the office electronization is promoted, the safety of the existing system is improved, and the efficiency is increased. Government and experts also pay considerable attention to electronic signatures, electronic seal technology, and reliable electronic signatures have legal effectiveness equal to hand-written signatures or seals. It is pointed out that the safe electronic seal is a revolution in the history of seals in China. The Chinese safe electronic seal management application system applies the advanced digital authentication technology in the world to seal public security management, strengthens the management of all links of the manufacture and the application of the electronic seal, and ensures the identity of the electronic seal holder to be real and reliable. It is believed that electronic seals will certainly find wide application in many fields such as office automation, enterprise informatization, electronic commerce and electronic government affairs in the near future.
Quantum computers have great potential in password cracking. The asymmetric (public key) encryption algorithms, such as the RSA encryption algorithm, which are mainstream today, are mostly based on two mathematical challenges, namely factorization of large integers or computation of discrete logarithms over a finite field. The difficulty of their cracking depends on the efficiency with which these problems are solved. On a traditional computer, the two mathematical problems are required to be solved, and the time is taken to be exponential (namely, the cracking time increases in exponential order along with the increase of the length of the public key), which is not acceptable in practical application. The xiuer algorithm tailored for quantum computers can perform integer factorization or discrete logarithm calculation within polynomial time (i.e. the cracking time increases at the speed of k power along with the increase of the length of a public key, wherein k is a constant irrelevant to the length of the public key), thereby providing possibility for the cracking of RSA and discrete logarithm encryption algorithms.
The problems existing in the prior art are as follows:
1. in the prior art, because a quantum computer can quickly obtain a corresponding private key through a public key, a digital signature method based on the public and private keys is cracked by the quantum computer, so that an electronic seal based on the digital signature technology is also cracked by the quantum computer.
2. In the prior art, the input and the output of a digital signature based on a public and private key can be known by other parties, and the private key can be deduced under the condition that a quantum computer exists, so that the electronic seal is cracked by the quantum computer.
Disclosure of Invention
In order to further improve the security of the signature, the invention provides a method for carrying out the signature by using an electronic seal.
A quantum computation resistant signature method based on an asymmetric key pool comprises the following steps:
pre-issuing a key fob, wherein an electronic seal and a group key pool are stored in the key fob, and the same group key pool is configured in the key fob used for signing and verifying;
when signing, the electronic seal in the key fob is used for signing the file to generate a file with the electronic signature;
the electronic signature at least comprises a seal signature generated by participation of a seal public key and a seal public key pointer random number used for extracting the seal public key from the group key pool;
extracting a seal public key from the group key pool by using a seal public key pointer random number during seal verification, and verifying a seal signature by using the seal public key; the corresponding relation between the random number of the seal public key pointer and the seal public key is as follows:
generating a seal public key pointer random number by a random number generator in a key fob of a signing party during signing;
a public key pointer function is used for acting on the seal public key pointer random number to generate a public key pointer;
the public key pointer points to the group key pool in the key card of the signature party to obtain a designated position, and the content of the designated position corresponds to the seal public key.
Several alternatives are provided below, but not as an additional limitation to the above general solution, but merely as a further addition or preference, each alternative being combinable individually for the above general solution or among several alternatives without technical or logical contradictions.
Optionally, the generation method of the seal signature includes:
the seal server signs a relevant part of the electronic seal at least containing a seal public key by using a private key to obtain a first signature;
the seal server generates a first random number, and encrypts a first signature by using the first random number to form a first signature ciphertext;
the seal server encrypts the first random number by using a private key to generate a first key ciphertext;
the first key ciphertext and the first signature ciphertext together form a seal signature.
Optionally, a seal server public key is further stored in the key fob for decrypting the seal signature.
Optionally, the verification method of the seal signature includes:
obtaining a seal public key by using the matched key fob and the seal public key pointer random number in a corresponding mode;
decrypting a first key ciphertext part in the seal signature by using a seal server public key to obtain a first random number, and decrypting the first signature ciphertext by using the first random number to obtain a first signature;
the first signature is decrypted with the seal server public key and verified.
Optionally, the electronic signature further includes a signature, and the verification of the signature is also included during the verification; the generation mode of the signature comprises the following steps:
signing related parts in the electronic signature by using a private key of a signer to obtain a second signature;
encrypting the second signature by using a second random number to form a second signature ciphertext;
encrypting the second random number by using a private key of the signer to generate a second key ciphertext;
the second key ciphertext and the second signature ciphertext together form a signature;
a random number generator is also configured within the key fob for generating the second random number.
Optionally, the verification method of the signature and signature includes:
decrypting the second key ciphertext part in the signature by using the public key of the signer to obtain a second random number;
and decrypting a second signature ciphertext in the signature by using a second random number to obtain a second signature, and verifying the second signature.
Optionally, the electronic signature further includes a file signature, and verification of the file signature is further included during verification; the generation mode of the file signature comprises the following steps:
signing the file by using a private key of a signer to obtain a third signature;
the third random number encrypts a third signature to form a third signature ciphertext;
encrypting the third random number by using a private key of the signer to generate a third key ciphertext;
the third key ciphertext and the third signature ciphertext jointly form a file signature;
a random number generator is also configured within the key fob for generating the third random number.
Optionally, the verification method of the file signature includes:
decrypting a third key ciphertext part in the file signature by using a public key of a signer to obtain a third random number;
and decrypting a third signature ciphertext in the file signature by using a third random number to obtain a third signature, and verifying the third signature.
The invention also provides a signature system based on the asymmetric key pool and resisting quantum computation, which comprises a seal server, a signature party and a seal verification party, wherein the signature party and the seal verification party have key fobs, electronic seals and group key pools are stored in the key fobs, and the same group key pools are configured in the key fobs used for signature and seal verification;
when signing, the signing party signs the file by using the electronic seal in the key fob to generate the file with the electronic signature;
the electronic signature at least comprises a seal signature generated by participation of a seal public key and a seal public key pointer random number used for extracting the seal public key from the group key pool;
when checking the seal, the seal checking party extracts the seal public key from the group key pool by using the random number of the seal public key pointer, and verifies the seal signature by using the seal public key; the corresponding relation between the random number of the seal public key pointer and the seal public key is as follows:
generating a seal public key pointer random number by a random number generator in a key fob of a signing party during signing;
a public key pointer function is used for acting on the seal public key pointer random number to generate a public key pointer;
the public key pointer points to the group key pool in the key card of the signature party to obtain a designated position, and the content of the designated position corresponds to the seal public key.
In the invention, a key fob is used for storing a public key, a private key and an electronic seal picture; and only the pointer random number of the public key is issued to the outside, and the original public key is not the public key itself. The key fob is a stand-alone hardware-isolated device, and the possibility of stealing keys or electronic stamp pictures by malware or malicious operations is greatly reduced. Because the quantum computer can not obtain the plaintext public key, and can not obtain the corresponding private key, the electronic seal of the scheme is not easy to be cracked by the quantum computer.
In the invention, the digital signature based on the public and private keys is further encrypted by the random number key, and the random number key is encrypted by the private key to form the encrypted digital signature. Even in the presence of quantum computers, it is difficult to derive the private key. Therefore, the electronic seal of the scheme is not easy to crack by a quantum computer.
Drawings
Fig. 1 is a view illustrating an internal structure of a key fob used in the present invention;
FIG. 2 is a schematic diagram of the relationship between an electronic seal and an electronic signature according to the present invention;
FIG. 3 is a view showing an internal structure of a disclosed part of the electronic seal according to the present invention;
FIG. 4 is a diagram illustrating an internal structure of an electronic signature according to the present invention;
fig. 5 is a flow chart of the public key encryption to quantum public key resistance in the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
For a better description and illustration of embodiments of the application, reference may be made to one or more of the drawings, but additional details or examples used in describing the drawings should not be construed as limiting the scope of any of the inventive concepts of the present application, the presently described embodiments, or the preferred versions.
Referring to fig. 1 to 5, the quantum electronic seal resisting method based on the symmetric key pool of the present embodiment has the following processes.
1. Issuing a key card by the seal server:
1.1 in the present invention, the seal server is responsible for issuing key fobs and has public and private keys belonging to its own parties.
The user terminal of the electronic seal can be a mobile terminal or a fixed terminal, and each user terminal is provided with a key card. The key card issuer matched with each user terminal belonging to a user terminal group is a seal server, and the seal server, namely the supervisor of the key card, generally belongs to the management department of a certain enterprise or a public institution; the issued party of the key fob is a member managed by the master administrator of the key fob, typically employees at various levels of a certain enterprise or business, and can be signed or verified through the user end.
The key fob is an independent hardware isolation device similar to a USBKey, an SDKey and a host key card, and the inside of the key fob can be divided into a plurality of areas for respectively storing corresponding data.
A random number generator is configured in the key fob.
The key fob stores a seal server public key (used to verify seal signatures), an electronic seal, and a group key pool.
The electronic seal comprises a public part of the electronic seal and a private part of the electronic seal.
In the key fob owned by the same group member (e.g., the signer and the verifier mentioned herein), the group key pool is the same, and the same function or algorithm, etc. is also stored in the key fob for performing the corresponding operations. Because the key fob has the property of being physically isolated, the likelihood that it will be stolen by malware or malicious operations is greatly reduced.
The electronic seal is a data structure containing digital signatures, it uses computer technology to simulate traditional physical seals, and the electronic document stamped by it has the same appearance, the same validity and similar usage as the paper document stamped by the physical seal. The electronic seal includes a public portion and a private portion, each stored in a different area of the key fob.
The private part of the electronic seal is the private key of the electronic seal, and the private part is an unknown part.
The public part of the electronic seal comprises seal basic information, a seal picture, a seal public key and a seal signature.
The seal basic information comprises an electronic seal issuer, an electronic seal user, an electronic seal unique item (equivalent to an ID identifier), electronic seal issuing time, an electronic seal name, a signature algorithm, an electronic seal effective date, an electronic seal invalid date, an expansion item and the like.
The generation mode of the seal signature comprises the following steps:
the seal server signs the seal basic information, the seal picture hash value and the seal public key by using a private key (corresponding to the seal server public key) to obtain a first signature;
the seal server generates a first random number, and encrypts a first signature by using the first random number to form a first signature ciphertext;
the seal server encrypts the first random number by using a private key to generate a first key ciphertext;
the first key ciphertext and the first signature ciphertext together form a seal signature.
The seal signature, the signature mentioned later, the document signature, etc. can be regarded as digital signature.
1.2 after the user registers and gets approval, the key fob issued by the seal server is obtained and used for signing or verifying the seal.
2. And (6) document signing.
The key fob is inserted into a user side (signature side) interface, the electronic seal (including a public part and a private part) in the key fob is used for signing the file needing to be signed at a designated place, the signed file (namely the file with the electronic signature) is generated, and then the signed file is sent to a signature side.
The electronic signature is an electronic signature expression form realized by using an electronic seal, the electronic signature operation is converted into a visual effect which is the same as the signature and seal operation of a paper file by using an image processing technology, and meanwhile, the authenticity and the integrity of electronic information and the undeniability of a signer are guaranteed by using the electronic signature technology.
The electronic signature comprises seal basic information, a seal picture hash value, a seal public key pointer random number, a seal signature, a file signature, signature equipment information, a signature timestamp, a signature and the like.
The signature device information is information for recording the current hardware device of the signature, such as host model, ip address, mac address, etc. The electronic signature may be written to the document or may form an independent signature file, the former being generally the default.
For the public part of the electronic seal (seal basic information, seal picture, seal public key and seal signature), the electronic signature mainly changes into:
converting the stamp picture into a stamp picture hash value;
converting the seal public key into a seal public key pointer random number;
generating a file signature, signature equipment information, a signature timestamp and a signature;
the following is further described for resist quantum computing public keys, file signatures, and signature signatures.
The electronic seal, the electronic signature and the file can be verified whether the electronic seal, the electronic signature and the file are tampered, and the subsequent steps 3, 4 and 5 are further described one by one.
In order to improve the security, when the electronic seal is used for signing a file to obtain the electronic signature, the seal public key is not disclosed, namely the seal public key is not directly displayed on the electronic signature, and seal public key pointer random numbers related to the position of the seal public key stored in a key pool in a key fob are publicly used.
The corresponding relation between the random number of the seal public key pointer and the seal public key is as follows:
a random number generator in the key fob generates a seal public key pointer random number rk (each random number mentioned in the invention is preferably a quantum random number);
the public key pointer function frkp acts on the seal public key pointer random number rk to generate a public key pointer rkp;
the public key pointer rkp points to the group key pool in the corresponding key fob to obtain the designated location, and the contents of the designated location correspond to the stamp public key krk.
The seal public key pointer random number rk is used as an anti-quantum computation public key in the electronic signature to be disclosed, and a corresponding seal public key can be obtained in a group key pool of the own party through the seal public key pointer random number rk during seal verification to participate in verification of the source of the electronic seal.
The contents of the seal public key are generated by the seal server and stored in the designated address in the key fob when the key fob is pre-issued, and the storage is also to find a location in the key fob using the corresponding seal public key pointer random number and then store the seal public key in this designated location. Correspondingly, when checking the seal, the seal public key can be extracted from the corresponding address by using the seal public key pointer random number.
Because the group key pool is in the key fob, the original seal public key can be obtained only by combining the anti-quantum computation public key and the group key pool in the key fob, so that the possibility of the seal public key being leaked and cracked is greatly reduced, and the safety is greatly improved.
The generation method of the signature in the electronic signature comprises the following steps:
the user side signs the seal basic information, the seal picture hash value, the seal public key pointer random number, the seal signature, the file signature, the signature equipment information and the signature timestamp by using a private key to obtain a second signature;
the key fob matched with the user side generates a second random number, and encrypts a second signature by using the second random number to form a second signature ciphertext;
the user side encrypts the second random number by using a private key to generate a second key ciphertext;
the second key ciphertext and the second signature ciphertext together form a signature.
The method for generating the file signature in the electronic signature comprises the following steps:
the user side signs the file by using a private key to obtain a third signature;
the key fob matched with the user side generates a third random number, and encrypts a third signature by using the third random number to form a third signature ciphertext;
the user side encrypts the third random number by using a private key to generate a third key ciphertext;
and the third key ciphertext and the third signature ciphertext jointly form a file signature.
Other part of information in the electronic signature can be generated by referring to the prior art or directly obtained from the electronic seal.
And (3) the seal checking party executes the steps 3, 4 and 5 in any order to check the seal after obtaining the signed file in the step 2.
3. And verifying the source of the electronic seal by using the electronic signature in the signed file.
3.1 the user (seal checker) needs to take out the seal basic information, the seal picture hash value, the seal public key pointer random number and the seal signature of the electronic signature.
And 3.2, the user side obtains the seal public key by using the matched key fob and the random number of the seal public key pointer in a corresponding mode.
3.3 the user side firstly decrypts the first secret key ciphertext part in the seal signature taken out of the 3.1 by using the seal server public key to obtain a first random number, and then decrypts the first signature ciphertext by using the first random number to obtain a first signature;
and then, decrypting the first signature by using the seal server public key to obtain an original first hash value (which can be regarded as a message digest).
And 3.4, calculating the basic information of the seal, the hash value of the seal picture and the original seal public key which is obtained by calculation in the step 3.1 by using the same hash function as that used for generating the first signature to obtain a second hash value (which can be regarded as a message digest).
And 3.5, comparing the first hash value with the second hash value, and if the first hash value is the same as the second hash value, indicating that the electronic seal is originated from the seal server and is not tampered.
4. And verifying the electronic signature in the signed file.
4.1 the user (the seal checking party) takes out the seal basic information, the seal picture hash, the seal public key pointer random number, the seal signature, the file signature, the signature equipment information, the signature time stamp and the signature of the electronic signature.
4.2, the public key of the signer is used for decrypting the second secret key ciphertext part in the signature taken out in the step 4.1 to obtain a second random number;
and then, decrypting a second signature ciphertext in the signature by using a second random number to obtain a second signature, and then decrypting the second signature by using a public key of a signer to obtain an original hash value.
4.3, calculating the basic information of the seal, the hash of the picture of the seal, the random number of the pointer of the public key of the seal, the signature of the file, the information of the signature device and the signature time stamp which are taken out in the step 4.1 by using the hash function which is the same as that used for generating the second signature to obtain a result.
4.4 comparing the result obtained in step 4.3 with the original hash value calculated in step 4.2, if the result is the same, it indicates that the electronic signature is from the signer and has not been tampered.
5. The electronic signature in the signed file is used for verifying the file, and the method for verifying the electronic signature is the same as the method for verifying the electronic signature.
5.1 the user side (the seal verifier) extracts the file after the seal.
5.2, firstly, decrypting the third secret key ciphertext part in the file signature taken out in the step 5.1 by using the public key of the signer to obtain a third random number;
and then, decrypting a third signature ciphertext in the file signature by using a third random number to obtain a third signature, and then decrypting the third signature by using a public key of a signer to obtain an original hash value.
5.3 the result is calculated for the file taken out in step 5.1 with the same hash function as when the third signature was generated.
5.4 comparing the result obtained in step 5.3 with the original hash value calculated in step 5.2, if the same, indicating that the document originated from the signer and was not tampered with.
The above disclosure is only an embodiment of the present invention, but the present invention is not limited thereto, and those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. It is to be understood that such changes and modifications are intended to be included within the scope of the appended claims. Furthermore, although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.
Claims (9)
1. A quantum computation resistant signature method based on an asymmetric key pool is characterized by comprising the following steps:
pre-issuing a key fob, wherein an electronic seal and a group key pool are stored in the key fob, and the same group key pool is configured in the key fob used for signing and verifying;
when signing, the electronic seal in the key fob is used for signing the file to generate a file with the electronic signature;
the electronic signature at least comprises a seal signature generated by participation of a seal public key and a seal public key pointer random number used for extracting the seal public key from the group key pool;
extracting a seal public key from the group key pool by using a seal public key pointer random number during seal verification, and verifying a seal signature by using the seal public key; the corresponding relation between the random number of the seal public key pointer and the seal public key is as follows:
generating a seal public key pointer random number by a random number generator in a key fob of a signing party during signing;
a public key pointer function is used for acting on the seal public key pointer random number to generate a public key pointer;
the public key pointer points to the group key pool in the key card of the signature party to obtain a designated position, and the content of the designated position corresponds to the seal public key.
2. The asymmetric-key-pool-based quantum-computation-resistant signing method of claim 1, wherein the generation manner of the seal signature comprises:
the seal server signs a relevant part of the electronic seal at least containing a seal public key by using a private key to obtain a first signature;
the seal server generates a first random number, and encrypts a first signature by using the first random number to form a first signature ciphertext;
the seal server encrypts the first random number by using a private key to generate a first key ciphertext;
the first key ciphertext and the first signature ciphertext together form a seal signature.
3. The asymmetric-key-pool-based quantum-computation-resistant signing method of claim 2, wherein a seal server public key is further stored in the key fob for decrypting a seal signature.
4. The asymmetric-key-pool-based quantum-computation-resistant signing method of claim 3, wherein the verification mode of the seal signature comprises:
obtaining a seal public key by using the matched key fob and the seal public key pointer random number in a corresponding mode;
decrypting a first key ciphertext part in the seal signature by using a seal server public key to obtain a first random number, and decrypting the first signature ciphertext by using the first random number to obtain a first signature;
the first signature is decrypted with the seal server public key and verified.
5. The asymmetric-key-pool-based quantum-computation-resistant signing method of claim 4, wherein the electronic signature further comprises a signature, and the signature verification further comprises verification of the signature; the generation mode of the signature comprises the following steps:
signing related parts in the electronic signature by using a private key of a signer to obtain a second signature;
encrypting the second signature by using a second random number to form a second signature ciphertext;
encrypting the second random number by using a private key of the signer to generate a second key ciphertext;
the second key ciphertext and the second signature ciphertext together form a signature;
a random number generator is also configured within the key fob for generating the second random number.
6. The asymmetric-key-pool-based quantum-computation-resistant signing method of claim 5, wherein the verification of the signature comprises:
decrypting the second key ciphertext part in the signature by using the public key of the signer to obtain a second random number;
and decrypting a second signature ciphertext in the signature by using a second random number to obtain a second signature, and verifying the second signature.
7. The asymmetric key pool-based quantum computation-resistant signing method of claim 6, wherein the electronic signature further comprises a file signature, and the verification of the file signature is further included; the generation mode of the file signature comprises the following steps:
signing the file by using a private key of a signer to obtain a third signature;
generating a third random number by using the key fob matched with the signer, and encrypting a third signature by using the third random number to form a third signature ciphertext;
encrypting the third random number by using a private key of the signer to generate a third key ciphertext;
the third key ciphertext and the third signature ciphertext jointly form a file signature;
a random number generator is also configured within the key fob for generating the third random number.
8. The asymmetric-key-pool-based quantum-computation-resistant signing method of claim 7, wherein the verification of the file signature comprises:
decrypting a third key ciphertext part in the file signature by using a public key of a signer to obtain a third random number;
and decrypting a third signature ciphertext in the file signature by using a third random number to obtain a third signature, and verifying the third signature.
9. A signature system based on asymmetric key pool and resisting quantum computation comprises a seal server, a signature party and a seal verification party, and is characterized in that the signature party and the seal verification party have key fobs, electronic seals and group key pools are stored in the key fobs, and the same group key pools are configured in the key fobs used for signature and seal verification;
when signing, the signing party signs the file by using the electronic seal in the key fob to generate the file with the electronic signature;
the electronic signature at least comprises a seal signature generated by participation of a seal public key and a seal public key pointer random number used for extracting the seal public key from the group key pool;
when checking the seal, the seal checking party extracts the seal public key from the group key pool by using the random number of the seal public key pointer, and verifies the seal signature by using the seal public key; the corresponding relation between the random number of the seal public key pointer and the seal public key is as follows:
generating a seal public key pointer random number by a random number generator in a key fob of a signing party during signing;
a public key pointer function is used for acting on the seal public key pointer random number to generate a public key pointer;
the public key pointer points to the group key pool in the key card of the signature party to obtain a designated position, and the content of the designated position corresponds to the seal public key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811286483.0A CN109586917B (en) | 2018-10-31 | 2018-10-31 | Anti-quantum-computation signature method and system based on asymmetric key pool |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811286483.0A CN109586917B (en) | 2018-10-31 | 2018-10-31 | Anti-quantum-computation signature method and system based on asymmetric key pool |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109586917A CN109586917A (en) | 2019-04-05 |
| CN109586917B true CN109586917B (en) | 2021-07-27 |
Family
ID=65920974
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811286483.0A Active CN109586917B (en) | 2018-10-31 | 2018-10-31 | Anti-quantum-computation signature method and system based on asymmetric key pool |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109586917B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111030825A (en) * | 2019-12-03 | 2020-04-17 | 南京如般量子科技有限公司 | Anti-quantum computation electronic seal system based on secret shared public key pool and signature and verification method thereof |
| CN110881048B (en) * | 2019-12-16 | 2021-11-09 | 苏宁云计算有限公司 | Safety communication method and device based on identity authentication |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1467661A (en) * | 2003-05-01 | 2004-01-14 | 齐宇庆 | Design method for digital electronic signet |
| CN102664732A (en) * | 2012-03-07 | 2012-09-12 | 南相浩 | Implementation method and system for resisting quantum computation attack based on CPK public key system |
| CN103413159A (en) * | 2013-08-15 | 2013-11-27 | 成都市易恒信科技有限公司 | RFID electronic certificate off-line distinguishing and anti-counterfeiting implementation method and system based on CPK |
| CN106357396A (en) * | 2016-09-23 | 2017-01-25 | 浙江神州量子网络科技有限公司 | Digital signature method, digital signature system and quantum key card |
| CN108599926A (en) * | 2018-03-20 | 2018-09-28 | 如般量子科技有限公司 | A kind of HTTP-Digest modified AKA identity authorization systems and method based on pool of symmetric keys |
| CN108712252A (en) * | 2018-05-29 | 2018-10-26 | 如般量子科技有限公司 | It is a kind of based on pool of symmetric keys and span centre after AKA identity authorization systems and method |
-
2018
- 2018-10-31 CN CN201811286483.0A patent/CN109586917B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1467661A (en) * | 2003-05-01 | 2004-01-14 | 齐宇庆 | Design method for digital electronic signet |
| CN102664732A (en) * | 2012-03-07 | 2012-09-12 | 南相浩 | Implementation method and system for resisting quantum computation attack based on CPK public key system |
| CN103413159A (en) * | 2013-08-15 | 2013-11-27 | 成都市易恒信科技有限公司 | RFID electronic certificate off-line distinguishing and anti-counterfeiting implementation method and system based on CPK |
| CN106357396A (en) * | 2016-09-23 | 2017-01-25 | 浙江神州量子网络科技有限公司 | Digital signature method, digital signature system and quantum key card |
| CN108599926A (en) * | 2018-03-20 | 2018-09-28 | 如般量子科技有限公司 | A kind of HTTP-Digest modified AKA identity authorization systems and method based on pool of symmetric keys |
| CN108712252A (en) * | 2018-05-29 | 2018-10-26 | 如般量子科技有限公司 | It is a kind of based on pool of symmetric keys and span centre after AKA identity authorization systems and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109586917A (en) | 2019-04-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109600228B (en) | Anti-quantum-computation signature method and system based on public key pool | |
| CN109614802B (en) | Anti-quantum-computation signature method and signature system | |
| CN109560935B (en) | Anti-quantum-computation signature method and signature system based on public asymmetric key pool | |
| US8433897B2 (en) | Group signature system, apparatus and storage medium | |
| CN108229188B (en) | Method for signing file and verifying file by using identification key | |
| US8386793B2 (en) | Method and apparatus for implementing electronic seal | |
| CN101789067B (en) | electronic document signature protecting method and system | |
| CN101136046B (en) | Electric signing verification system and method thereof | |
| CN109889495B (en) | Quantum computation resistant electronic seal method and system based on multiple asymmetric key pools | |
| CN109583219A (en) | A kind of data signature, encryption and preservation method, apparatus and equipment | |
| WO2005029292A1 (en) | Server-based digital signature | |
| CN109672530A (en) | Anti- quantum calculation digital signature method and anti-quantum calculation digital signature system based on unsymmetrical key pond | |
| CN109413078B (en) | Anonymous authentication method based on group signature under standard model | |
| CN109936456B (en) | Anti-quantum computation digital signature method and system based on private key pool | |
| CN109586918B (en) | Anti-quantum-computation signature method and signature system based on symmetric key pool | |
| CN108022194A (en) | Law-enforcing recorder and its data safety processing method, server and system | |
| Qureshi et al. | SeVEP: Secure and verifiable electronic polling system | |
| CN109687977A (en) | Anti- quantum calculation digital signature method and anti-quantum calculation digital signature system based on multiple pool of keys | |
| CN110826109A (en) | Penetrating signature method suitable for PDF document | |
| CN110569672A (en) | efficient credible electronic signature system and method based on mobile equipment | |
| CN109586917B (en) | Anti-quantum-computation signature method and system based on asymmetric key pool | |
| CN108446539A (en) | A kind of software authorization method and soft ware authorization filing system | |
| Zhang | A study on application of digital signature technology | |
| Sivasundari et al. | RETRACTED ARTICLE: Hybrid aggregated signcryption scheme using multi-constraints differential evolution algorithm for security | |
| CN110519040B (en) | Anti-quantum computation digital signature method and system based on identity |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |