CN109614802B - Anti-quantum-computation signature method and signature system - Google Patents
Anti-quantum-computation signature method and signature system Download PDFInfo
- Publication number
- CN109614802B CN109614802B CN201811286452.5A CN201811286452A CN109614802B CN 109614802 B CN109614802 B CN 109614802B CN 201811286452 A CN201811286452 A CN 201811286452A CN 109614802 B CN109614802 B CN 109614802B
- Authority
- CN
- China
- Prior art keywords
- seal
- signature
- key
- public key
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/58—Random or pseudo-random number generators
- G06F7/588—Random number generators, i.e. based on natural stochastic processes
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Computational Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Pure & Applied Mathematics (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a quantum computation resistant signature method and a quantum computation resistant signature system, wherein the signature method comprises the following steps: respectively issuing key fobs to a seal server and each client in advance, wherein seal pictures are stored in the key fobs of the clients; an electronic seal and a public key pool are stored in the key fob of the seal server, and a random number generator is configured in each key fob; the client of the signing party performs pre-signing on the file by using the seal picture in the key fob and sends the pre-signed file to a seal server to request for signing; the seal server responds to the request of the client to sign the file to generate the file with the electronic signature; after obtaining the file with the electronic signature, the seal checking party forwards the file to the seal server to request for checking the seal; the seal server obtains a seal public key by utilizing the quantum computation resistant public key and the public key pool, verifies the seal signature by utilizing the seal public key and then sends a verification result to a seal verifying party.
Description
Technical Field
The invention relates to the field of secure communication, in particular to an electronic seal method for realizing quantum computation resistance by using a key fob.
Background
An electronic seal, also called a digital seal, is a visual representation of a digital signature, and can also be understood as the electronization of a traditional seal and a handwritten signature, and the function of the electronic seal is similar to that of a traditional seal or a handwritten signature used on a paper document. The objects to be stamped with electronic stamps are electronic documents that are also transmitted in a network environment, which makes the electronic stamp application system relatively complicated. Therefore, the electronic seal is not equivalent to a simple electronic seal picture, and has three basic characteristics of usability, safety, expansibility and the like.
The electronic seal system is mainly used for ensuring the authenticity and effectiveness of the official documents circulated in the system and preventing the official documents from being tampered under an open network environment. The system is based on cryptography as a theoretical basis, and combines a digital watermarking technology, a database technology, a component technology and the like to realize the functions of electronic document stamping effect, document verification, printing control, authority control, certificate management and the like. Meanwhile, the electronic seal system solves the biggest problem encountered by the traditional seal, namely the contradiction between the traditional seal technology and the modern paperless office. In an information automation environment, all official documents exist in the form of digital documents, and the traditional seal or signature verification mode cannot be used continuously in the environment. In addition, today with the advanced network technology, many documents must be delivered by post, which also seriously affects the efficiency and cost of a cross-regional, multi-department job.
At present, the demand of users for electronic seals and related products is more and more urgent, and a plurality of government agencies and enterprises have clearly proposed and hope to use electronic seals, so that the office electronization is promoted, the safety of the existing system is improved, and the efficiency is increased. Government and experts also pay considerable attention to electronic signatures, electronic seal technology, and reliable electronic signatures have legal effectiveness equal to hand-written signatures or seals. It is pointed out that the safe electronic seal is a revolution in the history of seals in China. The Chinese safe electronic seal management application system applies the advanced digital authentication technology in the world to seal public security management, strengthens the management of all links of the manufacture and the application of the electronic seal, and ensures the identity of the electronic seal holder to be real and reliable. It is believed that electronic seals will certainly find wide application in many fields such as office automation, enterprise informatization, electronic commerce and electronic government affairs in the near future.
Quantum computers have great potential in password cracking. The asymmetric (public key) encryption algorithms, such as the RSA encryption algorithm, which are mainstream today, are mostly based on two mathematical challenges, namely factorization of large integers or computation of discrete logarithms over a finite field. The difficulty of their cracking depends on the efficiency with which these problems are solved. On a traditional computer, the two mathematical problems are required to be solved, and the time is taken to be exponential (namely, the cracking time increases in exponential order along with the increase of the length of the public key), which is not acceptable in practical application. The xiuer algorithm tailored for quantum computers can perform integer factorization or discrete logarithm calculation within polynomial time (i.e. the cracking time increases at the speed of k power along with the increase of the length of a public key, wherein k is a constant irrelevant to the length of the public key), thereby providing possibility for the cracking of RSA and discrete logarithm encryption algorithms.
The problems existing in the prior art are as follows:
1. in the prior art, because a quantum computer can quickly obtain a corresponding private key through a public key, a digital signature method based on the public and private keys is cracked by the quantum computer, so that an electronic seal based on the digital signature technology is also cracked by the quantum computer.
2. In the prior art, the input and the output of a digital signature based on a public and private key can be known by other parties, and the private key can be deduced under the condition that a quantum computer exists, so that the electronic seal is cracked by the quantum computer.
Disclosure of Invention
In order to further improve the security of the signature, the invention provides a method for carrying out the signature by using an electronic seal.
A quantum computation resistant signing method comprising:
respectively issuing key fobs to a seal server and each client in advance, wherein seal pictures are stored in the key fobs of the clients; an electronic seal and a public key pool are stored in the key fob of the seal server, and a random number generator is configured in each key fob;
the client of the signing party performs pre-signing on the file by using the seal picture in the key fob and sends the pre-signed file to a seal server to request for signing;
the seal server responds to the request of the client to sign the file to generate the file with the electronic signature;
the electronic signature at least comprises a seal signature generated by participation of a seal public key and an anti-quantum computation public key generated by combining the seal public key with a public key pool;
after obtaining the file with the electronic signature, the seal checking party forwards the file to the seal server to request for checking the seal;
the seal server obtains a seal public key by utilizing the quantum computation resistant public key and the public key pool, verifies the seal signature by utilizing the seal public key and then sends a verification result to a seal verifying party.
Several alternatives are provided below, but not as an additional limitation to the above general solution, but merely as a further addition or preference, each alternative being combinable individually for the above general solution or among several alternatives without technical or logical contradictions.
Optionally, the generation manner of the quantum computation resistant public key includes:
a random number generator in the seal server key fob generates a public key and a secret key random number rk;
a public key seed pointer function frkp acts on the public key random number rk to generate a public key seed pointer rkp;
let the pointer rkp point to the group key pool inside the corresponding key fob to obtain a public key seed krk;
acting a public key function fkk on the public key seed krk to obtain a public key kk;
using the public key kk to encrypt the seal public key to obtain an encrypted seal public key kk;
and (3) the combination { rk, kkk } of the random number rk of the public key secret key and the encrypted seal public key kkk is used as an anti-quantum computation public key to be disclosed.
Optionally, the pre-signing by the client of the signer includes:
signing the file inserted with the seal picture by using a private key to obtain an authentication signature;
generating an authentication random number by using a random number generator in the matched key fob, and encrypting an authentication signature by using the authentication random number to generate an authentication signature ciphertext;
encrypting the random number by using a private key to generate an authentication key ciphertext;
the authentication key ciphertext and the authentication signature ciphertext jointly form an authentication file signature;
sending the client ID, the file and the signature of the authentication file to a seal server for requesting to carry out signature; and the seal server performs signature verification on the received authentication file signature and then performs signature after the signature passes.
Optionally, the generation method of the seal signature includes:
the seal server signs a relevant part of the electronic seal at least containing a seal public key by using a private key to obtain a first signature;
the seal server generates a first random number, and encrypts a first signature by using the first random number to form a first signature ciphertext;
the seal server encrypts the first random number by using a private key to generate a first key ciphertext;
the first key ciphertext and the first signature ciphertext together form a seal signature.
Optionally, a public key of the seal server is further stored in the key fob, and the seal signature verification method includes:
the client side of the seal verifying party obtains a seal public key in a corresponding mode by utilizing the matched key fob and the quantum computation resistant public key;
decrypting a first key ciphertext part in the seal signature by using a seal server public key to obtain a first random number, and decrypting the first signature ciphertext by using the first random number to obtain a first signature;
the first signature is decrypted with the seal server public key and verified.
Optionally, the electronic signature further includes a signature, and the verification of the signature is also included during the verification; the generation mode of the signature comprises the following steps:
the seal server signs the relevant part in the electronic signature by using a private key to obtain a second signature;
a random number generator of a key fob of the seal server generates a second random number, and encrypts a second signature with the second random number to form a second signature ciphertext;
the seal server encrypts the second random number by using a private key to generate a second key ciphertext;
the second key ciphertext and the second signature ciphertext together form a signature.
Optionally, the verification method of the signature and signature includes:
the client of the seal verifier decrypts a second key ciphertext part in the signature by using a public key of the seal server to obtain a second random number;
and decrypting a second signature ciphertext in the signature by using a second random number to obtain a second signature, and verifying the second signature.
Optionally, the electronic signature further includes a file signature, and verification of the file signature is further included during verification; the generation mode of the file signature comprises the following steps:
the seal server signs the file by using a private key to obtain a third signature;
the third random number encrypts a third signature to form a third signature ciphertext;
the seal server encrypts the third random number by using a private key to generate a third key ciphertext;
the third key ciphertext and the third signature ciphertext jointly form a file signature;
optionally, the verification method of the file signature includes:
the client of the seal verifying party decrypts a third secret key ciphertext part in the file signature by using the public key of the seal server to obtain a third random number;
and decrypting a third signature ciphertext in the file signature by using a third random number to obtain a third signature, and verifying the third signature.
The invention also provides a quantum computation resistant signature system, which comprises a seal server and clients respectively serving as a signature party and a seal verification party, and comprises:
respectively issuing key fobs to a seal server and each client in advance, wherein seal pictures are stored in the key fobs of the clients; an electronic seal and a public key pool are stored in the key fob of the seal server, and a random number generator is configured in each key fob;
the client of the signing party performs pre-signing on the file by using the seal picture in the key fob and sends the pre-signed file to a seal server to request for signing;
the seal server responds to the request of the client to sign the file to generate the file with the electronic signature;
the electronic signature at least comprises a seal signature generated by participation of a seal public key and an anti-quantum computation public key generated by combining the seal public key with a public key pool;
after obtaining the file with the electronic signature, the seal checking party forwards the file to the seal server to request for checking the seal;
the seal server obtains a seal public key by utilizing the public key pool of the quantum computation resistant public key, verifies the seal signature by utilizing the seal public key and then sends a verification result to a seal verifying party.
In the invention, a key fob is used for storing a public key, a private key and an electronic seal picture; and the public keys issued to the outside are encrypted by a symmetric encryption algorithm. The key fob is a stand-alone hardware-isolated device, and the possibility of stealing keys or electronic stamp pictures by malware or malicious operations is greatly reduced. Because the quantum computer can not obtain the plaintext public key, and can not obtain the corresponding private key, the electronic seal of the scheme is not easy to be cracked by the quantum computer.
In the invention, the digital signature based on the public and private keys is further encrypted by the random number key, and the random number key is encrypted by the private key to form the encrypted digital signature. Even in the presence of quantum computers, it is difficult to derive the private key. Therefore, the electronic seal of the scheme is not easy to crack by a quantum computer.
Drawings
FIG. 1 is a diagram of different key fob relationships used in the present invention;
FIG. 2 is a diagram of the internal structure of a server key fob used in the present invention;
FIG. 3 is a diagram of the internal structure of a client key fob used in the present invention;
FIG. 4 is a diagram of the relationship of an electronic seal and an electronic signature in the present invention;
FIG. 5 is a view showing an internal structure of a disclosed part of the electronic seal according to the present invention;
FIG. 6 is a diagram illustrating an internal structure of an electronic signature according to the present invention;
FIG. 7 is a diagram of a method of encrypting a public key to a quantum computation resistant public key in accordance with the present invention;
FIG. 8 is a flow chart of the signature of the present invention;
FIG. 9 is a flow chart of the verification of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
For a better description and illustration of embodiments of the application, reference may be made to one or more of the drawings, but additional details or examples used in describing the drawings should not be construed as limiting the scope of any of the inventive concepts of the present application, the presently described embodiments, or the preferred versions.
Referring to fig. 1 to fig. 9, the procedure of the quantum electronic seal resisting method based on the symmetric key pool in this embodiment is as follows.
1. Issuing a key card by the seal server:
1.1 in the present invention, the seal server is responsible for issuing the server key fob and the client key fob and has its own public and private keys.
The seal server also processes the request from the client and signs the file sent by the client.
The electronic seal client can be a mobile terminal or a fixed terminal, and the terminals are equipped with key fobs.
The key fob and the server-side key fob issuer matched with each client belonging to a client group are stamp servers, and the server, i.e., the owner of the key fob, generally belongs to the management department of a certain enterprise or institution.
The client-side key fob is issued as a member managed by the key fob master, typically employees at all levels of a certain enterprise or institution, who use an electronic seal client to prepare for signing or verifying, and the client can be divided into a signer and a verifier according to roles.
The client first applies for an account opening to the owner of the key fob. When the client has been granted a registration login, it will get a key fob (with a unique ID).
Each key fob has a random number generator disposed therein.
The key fob is an independent hardware isolation device similar to a USBKey, an SDKey and a host key board card, and is internally divided into a plurality of areas.
The client key card stores a public key and a private key of the client, a public key of the seal server and a seal picture;
the server key card stores a seal server public key and a private key, a public part of the electronic seal, a private part of the electronic seal and a public key pool,
the server key fob stores electronic stamps corresponding to each of the plurality of clients, and thus may also be considered an electronic stamp pool.
The same function or algorithm, etc. is also stored in each key fob for performing the corresponding operation.
Due to the hardware isolation properties of the key fob, the likelihood that the key or electronic stamp image stored therein is stolen by malware or malicious operations is greatly reduced.
The electronic seal is a data structure containing digital signatures, it uses computer technology to simulate traditional physical seals, and the electronic document stamped by it has the same appearance, the same validity and similar usage as the paper document stamped by the physical seal. The electronic seal includes a public portion and a private portion, each stored in a different area of the key fob.
The private part of the electronic seal is the private key of the electronic seal, and the private part is an unknown part.
The public part of the electronic seal comprises seal basic information, a seal picture, a seal public key and a seal signature.
The seal basic information comprises an electronic seal issuer, an electronic seal user, an electronic seal unique item (equivalent to an ID identifier), electronic seal issuing time, an electronic seal name, a signature algorithm, an electronic seal effective date, an electronic seal invalid date, an expansion item and the like.
The generation mode of the seal signature comprises the following steps:
the seal server signs the seal basic information, the seal picture hash value and the seal public key by using a private key (corresponding to the seal server public key) to obtain a first signature;
the seal server generates a first random number, and encrypts a first signature by using the first random number to form a first signature ciphertext;
the seal server encrypts the first random number by using a private key to generate a first key ciphertext;
the first key ciphertext and the first signature ciphertext together form a seal signature.
The seal signature, the signature mentioned later, the document signature, etc. can be regarded as digital signature.
1.2 after the user registers and gets approval, the key fob issued by the seal server is obtained and used for signing or verifying the seal.
2. The client performs preparation work before signing and sends a request to the seal server.
2.1 the signer inserts the seal picture into the file to be signed and signs (namely pre-signature) by using the matched key fob, and then sends the file to the seal server to request for signature.
The method for inserting the seal picture into the file needing to be signed and signing the file comprises the following steps:
the signer signs the file inserted with the seal picture by using a private key to obtain an authentication signature;
the signer uses the random number generator in the matched key fob to generate an authentication random number, and encrypts an authentication signature by using the authentication random number to generate an authentication signature ciphertext;
the signer encrypts the random number by using a private key to generate an authentication key ciphertext;
the authentication key ciphertext and the authentication signature ciphertext jointly form an authentication file signature;
2.2 the signer sends the client ID (ID of the signing client), the file and the signature of the authentication file to the seal server to request for signature.
3. And the seal server performs signature on the file.
3.1 the seal server first carries out signature verification to the received authentication file signature.
3.1.1, firstly, decrypting the authentication key ciphertext part in the authentication file signature by using the public key corresponding to the signer to obtain an authentication random number, and then decrypting the authentication signature ciphertext by using the authentication random number to obtain an original authentication signature;
then, the public key corresponding to the signer is used for decrypting the authentication signature to obtain an original hash value.
3.1.2 the same hash function is used to calculate the file to obtain the result.
3.1.3 compares the result obtained in 3.1.2 with the original hash value calculated in 3.1.1, and if the same, indicates that the file originated from the correct client and was not tampered with, a further signature can be applied.
And 3.2, the seal server signs the file.
The server inserts the key fob into the mobile terminal or the fixed terminal interface, and signs the file to be signed at the picture insertion location in the file by using the electronic seal open part and the hidden part in the key fob.
The electronic signature is an electronic signature expression form realized by using an electronic seal, the electronic signature operation is converted into a visual effect which is the same as the signature and seal operation of a paper file by using an image processing technology, and meanwhile, the authenticity and the integrity of electronic information and the undeniability of a signer are guaranteed by using the electronic signature technology.
The electronic signature comprises seal basic information, a seal picture hash value, an anti-quantum computation public key, a seal signature, a file signature, signature equipment information, a signature timestamp, a signature and the like.
The signature device information is information for recording the current hardware device of the signature, such as host model, ip address, mac address, etc. The electronic signature may be written to the document or may form an independent signature file, the former being generally the default.
For the public part of the electronic seal (seal basic information, seal picture, seal public key and seal signature), the electronic signature mainly changes into:
converting the stamp picture into a stamp picture hash value;
converting the seal public key into an anti-quantum computation public key;
generating a file signature, signature equipment information, a signature timestamp and a signature;
the following is further described for resist quantum computing public keys, file signatures, and signature signatures.
The electronic seal, the electronic signature and the file can be verified whether the electronic seal, the electronic signature and the file are tampered, and the electronic seal, the electronic signature and the file are further described one by one in the subsequent steps.
In order to improve the security, when the electronic seal is used to sign a document to obtain an electronic signature, the public key of the seal is not disclosed, i.e. not directly displayed on the electronic signature,
but is disclosed in a way of resisting the quantum computation public key, and the generation way of the quantum computation public key comprises the following steps:
a random number generator in the key fob generates a public key random number rk (each random number referred to in this disclosure is preferably a quantum random number);
a public key seed pointer function frkp acts on the public key random number rk to generate a public key seed pointer rkp;
let the pointer rkp point to the group key pool inside the corresponding key fob to obtain a public key seed krk;
acting a public key function fkk on the public key seed krk to obtain a public key kk;
using the public key kk to encrypt the seal public key to obtain an encrypted seal public key kk;
and (3) the combination { rk, kkk } of the random number rk of the public key secret key and the encrypted seal public key kkk is used as an anti-quantum computation public key to be disclosed.
The quantum computation resistant public key can be replaced regularly, and for the same seal public key, a new encrypted seal public key kkk 'can be calculated by only replacing a new public key secret key random number rk' to obtain a group of new quantum computation resistant public keys { rk ', kkk' }.
Because the public key pool is in the key fob, the original seal public key can be obtained only by combining the anti-quantum computation public key and the public key pool in the key fob, so that the possibility of the seal public key being leaked and cracked is greatly reduced, and the safety is greatly improved.
The generation method of the signature in the electronic signature comprises the following steps:
the seal server signs the seal basic information, the seal picture hash value, the encrypted seal public key, the seal signature, the file signature, the signature equipment information and the signature timestamp by using a private key to obtain a second signature;
the key fob matched with the seal server generates a second random number, and encrypts a second signature by using the second random number to form a second signature ciphertext;
the seal server encrypts the second random number by using a private key to generate a second key ciphertext;
the second key ciphertext and the second signature ciphertext together form a signature.
The method for generating the file signature in the electronic signature comprises the following steps:
the seal server signs the file by using a private key to obtain a third signature;
the key fob matched with the seal server generates a third random number, and encrypts a third signature by using the third random number to form a third signature ciphertext;
the seal server encrypts the third random number by using a private key to generate a third key ciphertext;
and the third key ciphertext and the third signature ciphertext jointly form a file signature.
Other part of information in the electronic signature can be generated by referring to the prior art or directly obtained from the electronic seal.
And 3.3, the seal server sends the signed file to the signer or directly to the signer, namely the signature process is completed.
4. After signing, the signer requests that the signer can verify the signature of the signer server.
4.1 the seal checking client sends the seal checking client ID and the signature file to the seal server.
4.2 the seal server uses the electronic signature in the signed file to verify the source of the electronic seal.
4.2.1 the seal server takes out the seal basic information, the seal picture hash value, the anti-quantum computation public key and the seal signature in the electronic signature.
Client terminal
4.2.2 deciphering to obtain the seal public key.
Firstly, a public key random number rk in the quantum computation resistant public key is combined with a group key pool to obtain a public key kk through computation, and then the public key kk and the encrypted seal public key kkk are combined to calculate an original seal public key.
4.2.3, firstly, decrypting the first key ciphertext part in the stamp signature taken out of the 4.2.1 by using the stamp server public key to obtain a first random number, and then decrypting the first signature ciphertext by using the first random number to obtain a first signature;
and then, decrypting the first signature by using the seal server public key to obtain an original first hash value (which can be regarded as a message digest).
And 4.2.4, calculating the basic information of the stamp, the hash value of the stamp picture and the original stamp public key obtained in the step 4.2.1 by using the same hash function as the hash function used for generating the first signature to obtain a second hash value (which can be regarded as a message digest).
And 4.2.5 comparing the first hash value with the second hash value, and if the first hash value is the same as the second hash value, indicating that the electronic seal is originated from the seal server and is not tampered.
4.3. And the seal server verifies the electronic seal in the signed file.
4.3.1 the seal server takes out the seal basic information, the seal picture hash, the anti-quantum computation public key, the seal signature, the file signature, the signature equipment information, the signature time stamp and the signature of the electronic signature.
4.3.2, firstly, decrypting the second key ciphertext part in the signature taken out in the step 4.3.1 by using the public key of the signer to obtain a second random number;
and then, decrypting a second signature ciphertext in the signature by using a second random number to obtain a second signature, and then decrypting the second signature by using a public key of a signer to obtain an original hash value.
4.3.3, the same hash function as that used for generating the second signature is used for calculating the basic information of the seal, the image hash of the seal, the anti-quantum computation public key, the seal signature, the file signature, the signature equipment information and the signature timestamp which are taken out in the step 4.3.1 to obtain a result.
4.3.4 compares the result of step 4.3.3 with the original hash value calculated in step 4.3.2, and if the result is the same, it indicates that the electronic signature is from the signer and has not been tampered with.
4.4 the seal server uses the electronic signature in the signed file to verify the file, and the method for verifying the electronic signature is the same as the method for verifying the electronic signature.
4.4.1 the seal server extracts the file from the signed file.
4.4.2, firstly, decrypting a third secret key ciphertext part in the file signature taken out in the step 4.4.1 by using a public key of a signer to obtain a third random number;
and then, decrypting a third signature ciphertext in the file signature by using a third random number to obtain a third signature, and then decrypting the third signature by using a public key of a signer to obtain an original hash value.
4.4.3 the result is calculated for the file taken in step 4.4.1 using the same hash function as when the third signature was generated.
4.4.4 compares the result obtained in step 4.4.3 with the original hash value calculated in step 4.4.2, and if the same, indicates that the file originated from the signer and was not tampered with.
And 4.5, the seal server sends the verification result to a seal verifying party, and the seal verifying party verifies the result.
4.5.1 the seal server uses its own private key to sign the verification result, then uses the public key of the seal verifier to encrypt the verification result and the signature of the verification result, and sends the encrypted ciphertext to the seal verifier.
And 4.5.2 after the seal party receives the ciphertext, decrypting the ciphertext by using the private key of the seal party to obtain a verification result and a signature of the verification result.
And the signature verifying party verifies the correctness of the signature by using the public key of the seal server, and if the signature is verified to be successful, the ciphertext really comes from the seal server and is not tampered, namely, the verification result is credible.
The above disclosure is only an embodiment of the present invention, but the present invention is not limited thereto, and those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. It is to be understood that such changes and modifications are intended to be included within the scope of the appended claims. Furthermore, although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.
Claims (10)
1. A quantum computation resistant signing method, comprising:
respectively issuing key fobs to a seal server and each client in advance, wherein seal pictures are stored in the key fobs of the clients; an electronic seal and a public key pool are stored in the key fob of the seal server, and a random number generator is configured in each key fob;
the client of the signing party performs pre-signing on the file by using the seal picture in the key fob and sends the pre-signed file to a seal server to request for signing;
the seal server responds to the request of the client to sign the file to generate the file with the electronic signature;
the electronic signature at least comprises a seal signature generated by participation of a seal public key and an anti-quantum computation public key generated by combining the seal public key with a public key pool;
after obtaining the file with the electronic signature, the seal checking party forwards the file to the seal server to request for checking the seal;
the seal server obtains a seal public key by utilizing the quantum computation resistant public key and the public key pool, verifies the seal signature by utilizing the seal public key and then sends a verification result to a seal verifying party.
2. The quantum-computation-resistant signing method of claim 1, wherein the quantum-computation-resistant public key is generated in a manner comprising:
a random number generator in the seal server key fob generates a public key and a secret key random number rk;
a public key seed pointer function frkp acts on the public key random number rk to generate a public key seed pointer rkp;
let the pointer rkp point to the group key pool inside the corresponding key fob to obtain a public key seed krk;
acting a public key function fkk on the public key seed krk to obtain a public key kk;
using the public key kk to encrypt the seal public key to obtain an encrypted seal public key kk;
and (3) the combination { rk, kkk } of the random number rk of the public key secret key and the encrypted seal public key kkk is used as an anti-quantum computation public key to be disclosed.
3. The quantum-computation-resistant signing method of claim 2, wherein the pre-signing by the client of the signer comprises:
signing the file inserted with the seal picture by using a private key to obtain an authentication signature;
generating an authentication random number by using a random number generator in the matched key fob, and encrypting an authentication signature by using the authentication random number to generate an authentication signature ciphertext;
encrypting the random number by using a private key to generate an authentication key ciphertext;
the authentication key ciphertext and the authentication signature ciphertext jointly form an authentication file signature;
sending the client ID, the file and the signature of the authentication file to a seal server for requesting to carry out signature; and the seal server performs signature verification on the received authentication file signature and then performs signature after the signature passes.
4. The quantum computation resistant signing method of claim 3, wherein the generation of the seal signature comprises:
the seal server signs a relevant part of the electronic seal at least containing a seal public key by using a private key to obtain a first signature;
the seal server generates a first random number, and encrypts a first signature by using the first random number to form a first signature ciphertext;
the seal server encrypts the first random number by using a private key to generate a first key ciphertext;
the first key ciphertext and the first signature ciphertext together form a seal signature.
5. The quantum computation resistant signing method of claim 4, wherein the key fob further stores a public key of a seal server, and the seal signature verification method comprises:
the client side of the seal verifying party obtains a seal public key in a corresponding mode by utilizing the matched key fob and the quantum computation resistant public key;
decrypting a first key ciphertext part in the seal signature by using a seal server public key to obtain a first random number, and decrypting the first signature ciphertext by using the first random number to obtain a first signature;
the first signature is decrypted with the seal server public key and verified.
6. The quantum-computation-resistant signing method of claim 5, wherein the electronic signature further comprises a signature, and the signature verification further comprises verification of the signature; the generation mode of the signature comprises the following steps:
the seal server signs the relevant part in the electronic signature by using a private key to obtain a second signature;
a random number generator of a key fob of the seal server generates a second random number, and encrypts a second signature with the second random number to form a second signature ciphertext;
the seal server encrypts the second random number by using a private key to generate a second key ciphertext;
the second key ciphertext and the second signature ciphertext together form a signature.
7. The quantum-computation-resistant signing method of claim 6, wherein the means for verifying the signature comprises:
the client of the seal verifier decrypts a second key ciphertext part in the signature by using a public key of the seal server to obtain a second random number;
and decrypting a second signature ciphertext in the signature by using a second random number to obtain a second signature, and verifying the second signature.
8. The quantum-computation-resistant signing method of claim 7, wherein the electronic signature further comprises a document signature, and the verification of the document signature further comprises verification of the document signature; the generation mode of the file signature comprises the following steps:
the seal server signs the file by using a private key to obtain a third signature;
the key fob matched with the seal server generates a third random number, and encrypts a third signature by using the third random number to form a third signature ciphertext;
the seal server encrypts the third random number by using a private key to generate a third key ciphertext;
and the third key ciphertext and the third signature ciphertext jointly form a file signature.
9. The quantum-computation-resistant signing method of claim 8, wherein the document signature is verified in a manner comprising:
the client of the seal verifying party decrypts a third secret key ciphertext part in the file signature by using the public key of the seal server to obtain a third random number;
and decrypting a third signature ciphertext in the file signature by using a third random number to obtain a third signature, and verifying the third signature.
10. The utility model provides an anti quantum computation's system of signing a seal, includes seal server and is regarded as the client side of signing a seal party and checking a seal party respectively, its characterized in that includes:
respectively issuing key fobs to a seal server and each client in advance, wherein seal pictures are stored in the key fobs of the clients; an electronic seal and a public key pool are stored in the key fob of the seal server, and a random number generator is configured in each key fob;
the client of the signing party performs pre-signing on the file by using the seal picture in the key fob and sends the pre-signed file to a seal server to request for signing;
the seal server responds to the request of the client to sign the file to generate the file with the electronic signature;
the electronic signature at least comprises a seal signature generated by participation of a seal public key and an anti-quantum computation public key generated by combining the seal public key with a public key pool;
after obtaining the file with the electronic signature, the seal checking party forwards the file to the seal server to request for checking the seal;
the seal server obtains a seal public key by utilizing the quantum computation resistant public key and the public key pool, verifies the seal signature by utilizing the seal public key and then sends a verification result to a seal verifying party.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811286452.5A CN109614802B (en) | 2018-10-31 | 2018-10-31 | Anti-quantum-computation signature method and signature system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811286452.5A CN109614802B (en) | 2018-10-31 | 2018-10-31 | Anti-quantum-computation signature method and signature system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109614802A CN109614802A (en) | 2019-04-12 |
| CN109614802B true CN109614802B (en) | 2020-11-27 |
Family
ID=66002882
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811286452.5A Active CN109614802B (en) | 2018-10-31 | 2018-10-31 | Anti-quantum-computation signature method and signature system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109614802B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110837634B (en) * | 2019-10-24 | 2023-10-27 | 杭州安存网络科技有限公司 | Electronic signature method based on hardware encryption machine |
| CN111030825A (en) * | 2019-12-03 | 2020-04-17 | 南京如般量子科技有限公司 | Anti-quantum computation electronic seal system based on secret shared public key pool and signature and verification method thereof |
| CN110881048B (en) * | 2019-12-16 | 2021-11-09 | 苏宁云计算有限公司 | Safety communication method and device based on identity authentication |
| CN111291392B (en) * | 2020-01-22 | 2022-09-06 | 京东科技控股股份有限公司 | Electronic signature method and device, electronic equipment and storage medium |
| CN111666593B (en) * | 2020-06-23 | 2023-05-16 | 中信银行股份有限公司 | Electronic signature method, electronic signature device, electronic equipment and computer readable storage medium |
| CN114697038A (en) * | 2020-12-31 | 2022-07-01 | 科大国盾量子技术股份有限公司 | Quantum attack resistant electronic signature method and system |
| CN112749402B (en) * | 2021-01-07 | 2024-04-23 | 苍穹数码技术股份有限公司 | Electronic data processing method and device, electronic equipment and storage medium |
| CN117650898A (en) * | 2024-01-30 | 2024-03-05 | 北京格尔国信科技有限公司 | Method and system for combining quantum hybrid certificate and electronic equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105119941A (en) * | 2015-09-16 | 2015-12-02 | 浙江神州量子网络科技有限公司 | Quantum seal stamping and verifying system, and configuration, stamping process and verifying method thereof |
| CN106022035A (en) * | 2016-05-03 | 2016-10-12 | 识益生物科技(北京)有限公司 | Method and system for electronic signature |
| CN106100849A (en) * | 2016-06-16 | 2016-11-09 | 李论 | One is safely and effectively to e-file and paper document stamped signature scheme thereof |
| CN106452775A (en) * | 2015-08-07 | 2017-02-22 | 阿里巴巴集团控股有限公司 | Method and apparatus for accomplishing electronic signing and signing server |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9380048B2 (en) * | 2012-10-15 | 2016-06-28 | Saife, Inc. | Certificate authority server protection |
| CN105871538B (en) * | 2015-01-22 | 2019-04-12 | 阿里巴巴集团控股有限公司 | Quantum key distribution system, quantum key delivering method and device |
-
2018
- 2018-10-31 CN CN201811286452.5A patent/CN109614802B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106452775A (en) * | 2015-08-07 | 2017-02-22 | 阿里巴巴集团控股有限公司 | Method and apparatus for accomplishing electronic signing and signing server |
| CN105119941A (en) * | 2015-09-16 | 2015-12-02 | 浙江神州量子网络科技有限公司 | Quantum seal stamping and verifying system, and configuration, stamping process and verifying method thereof |
| CN106022035A (en) * | 2016-05-03 | 2016-10-12 | 识益生物科技(北京)有限公司 | Method and system for electronic signature |
| CN106100849A (en) * | 2016-06-16 | 2016-11-09 | 李论 | One is safely and effectively to e-file and paper document stamped signature scheme thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109614802A (en) | 2019-04-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109614802B (en) | Anti-quantum-computation signature method and signature system | |
| CN109600228B (en) | Anti-quantum-computation signature method and system based on public key pool | |
| CN109560935B (en) | Anti-quantum-computation signature method and signature system based on public asymmetric key pool | |
| CN107483212B (en) | Method for generating digital signature by cooperation of two parties | |
| CN108229188B (en) | Method for signing file and verifying file by using identification key | |
| US8108678B1 (en) | Identity-based signcryption system | |
| US8433897B2 (en) | Group signature system, apparatus and storage medium | |
| CN102647461B (en) | Communication means based on HTTP, server, terminal | |
| US8145718B1 (en) | Secure messaging system with personalization information | |
| WO2019052286A1 (en) | User identity verification method, apparatus and system based on blockchain | |
| US20050132201A1 (en) | Server-based digital signature | |
| CN109257180A (en) | A kind of method and device for depositing card based on the intellectual property file of block chain | |
| CN106713336B (en) | Electronic data safeguard system and method based on double, asymmetrical encryption technology | |
| CN109672530A (en) | Anti- quantum calculation digital signature method and anti-quantum calculation digital signature system based on unsymmetrical key pond | |
| CN105681470A (en) | Communication method, server and terminal based on hypertext transfer protocol | |
| CN108022194A (en) | Law-enforcing recorder and its data safety processing method, server and system | |
| Qureshi et al. | SeVEP: Secure and verifiable electronic polling system | |
| CN109586918B (en) | Anti-quantum-computation signature method and signature system based on symmetric key pool | |
| CN105554018A (en) | Network real name verification method | |
| CN109687977A (en) | Anti- quantum calculation digital signature method and anti-quantum calculation digital signature system based on multiple pool of keys | |
| CN113051540A (en) | Application program interface safety grading treatment method | |
| CN109586917B (en) | Anti-quantum-computation signature method and system based on asymmetric key pool | |
| CN113761578A (en) | Document true checking method based on block chain | |
| CN110519040B (en) | Anti-quantum computation digital signature method and system based on identity | |
| CN117335989A (en) | Safety application method in internet system based on national cryptographic algorithm |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |