CN109842490B

CN109842490B - Digital signature generating/transmitting/verifying method, terminal and computer storage medium

Info

Publication number: CN109842490B
Application number: CN201711216443.4A
Authority: CN
Inventors: 王宽; 翟广华; 游耀祥; 李杰宏
Original assignee: Quantumctek Guangdong Co ltd
Current assignee: Quantumctek Guangdong Co ltd
Priority date: 2017-11-28
Filing date: 2017-11-28
Publication date: 2022-03-08
Anticipated expiration: 2037-11-28
Also published as: CN109842490A

Abstract

The invention provides a digital signature generating/transmitting/verifying method, a terminal and a computer storage medium, wherein the digital signature generating method comprises the following steps: the signature sender calculates the corresponding signature information to obtain corresponding codes by using keys respectively shared with the multi-party authentication center and algorithms respectively corresponding to the multi-party authentication center; the multi-party authentication center comprises two parties and more than two parties; the corresponding signature information comprises signature data; and combining the identification number of the signature sender, the signature data, the serial number of the secret key shared by the multiparty authentication center, the identification number of the multiparty authentication center and the corresponding code to generate the digital signature of the signature sender. The invention can further improve the security of the digital signature.

Description

Digital signature generating/transmitting/verifying method, terminal and computer storage medium

Technical Field

The invention belongs to the technical field of network security, relates to a digital signature, and particularly relates to a digital signature generating/transmitting/verifying method, a terminal and a computer storage medium.

Background

The existing digital signature technology is the application of asymmetric key encryption technology and digital digest technology. Existing digital signatures encrypt digest information with the sender's private key, which is transmitted to the recipient along with the original text. The receiver can decrypt the encrypted digest information only by using the public key of the sender, and then generates a digest information for the received original text by using the HASH function, and compares the digest information with the decrypted digest information. If the two information are the same, the received information is complete and is not modified in the transmission process, otherwise, the received information is modified, so that the digital signature can verify the integrity of the information.

The existing digital signature is established based on a public key cryptosystem, but the security of the public key cryptosystem depends on the complexity of calculation, and the unconditional security is theoretically absent. As the computing power of the computer is continuously improved, the probability of being cracked is very high, and the potential safety hazard is great.

Disclosure of Invention

In view of the above-mentioned shortcomings of the prior art, an object of the present invention is to provide a digital signature generation/transmission/verification method, a terminal and a computer storage medium, which are used to solve the problem that as the computing capability of a computer is continuously improved, the probability of the existing digital signature technology being cracked is increased, and a large potential safety hazard exists.

To achieve the above and other related objects, the present invention provides a digital signature generation method, including: the signature sender calculates the corresponding signature information to obtain corresponding codes by using keys respectively shared with the multi-party authentication center and algorithms respectively corresponding to the multi-party authentication center; the multi-party authentication center comprises two parties and more than two parties; the corresponding signature information comprises signature data; and combining the identification number of the signature sender, the signature data, the serial number of the secret key shared by the multiparty authentication center, the identification number of the multiparty authentication center and the corresponding code to generate the digital signature of the signature sender.

In an embodiment of the present invention, the corresponding algorithm is incorporated in the digital signature.

In one embodiment of the present invention, the corresponding algorithm is pre-agreed and is not incorporated in the digital signature.

In an embodiment of the present invention, an implementation procedure of the digital signature generation method includes: the signature sender calculates first signature information by using a first shared key and a first algorithm to obtain a first code; the signature sender calculates second signature information by using a second shared secret key and a second algorithm to obtain a second code; combining the identification number of the signature sender, the signature data, the serial number of the first shared key, the provider identification number of the first shared key, the first code, the serial number of the second shared key, the provider identification number of the second shared key and the second code to generate a digital signature of the signature sender; if the first algorithm or/and the second algorithm is/are predetermined, merging or not merging in the digital signature; if the first algorithm or/and the second algorithm is/are not agreed in advance, merging the first algorithm and/or the second algorithm into the digital signature; wherein the provider of the first shared key is a first authentication center of the multi-party authentication centers; the provider of the second shared key is a second one of the multi-party authentication centers.

In an embodiment of the present invention, the first signature information includes first signature area data, and the first signature area data includes an identifier of the signature sender, the signature data, a serial number of the first shared key, a provider identifier of the first shared key, and the first algorithm; the second signature information includes second signature area data, and the second signature area data includes an identifier of the signature sender, the signature data, a serial number of the second shared key, a provider identifier of the second shared key, and the second algorithm.

In an embodiment of the present invention, the first signature information includes first digest information; the first abstract information is obtained by carrying out abstract calculation on the first signature area data by utilizing a first abstract algorithm; the second signature information comprises second digest information; the second abstract information is obtained by carrying out abstract calculation on the second signature area data by using a second abstract algorithm; if the first abstract algorithm or/and the second abstract algorithm is/are predetermined, merging or not merging in the digital signature; if the first digest algorithm or/and the second digest algorithm is not agreed in advance, the first digest algorithm or/and the second digest algorithm are combined in the digital signature.

In an embodiment of the present invention, the first signature information and the second signature information are the same and are both signature information; the signature information comprises summary information; the abstract information is obtained by carrying out abstract calculation on the signature area data by using an abstract algorithm; the signature area data includes an identifier of the sender of the signature, the signature data, the digest algorithm, a serial number of the first shared key, a provider identifier of the first shared key, the first algorithm, a serial number of the second shared key, a provider identifier of the second shared key, and the second algorithm; if the abstract algorithm is predetermined, merging or not merging in the digital signature; if the digest algorithm is not agreed in advance, the digest algorithm is merged into the digital signature.

In an embodiment of the invention, at least one of the first shared key and the second shared key is a quantum key.

In an embodiment of the invention, a provider of the first shared key is different from a provider of the second shared key.

In an embodiment of the present invention, the first shared key is selected from a first shared key set; the first shared key set is a key set shared by the first shared key provider and the signature sender; or/and the second shared key is selected from a second set of shared keys; the second shared key set is a key set shared by the second shared key provider and the signing sender.

In an embodiment of the present invention, an implementation procedure of the digital signature generation method further includes: the signature sender calculates third signature information by using a third shared key and a third algorithm to obtain a third code; the digital signature of the signature sender further comprises a serial number of the third shared key, a provider identification number of the third shared key and the third code; if the third algorithm is predetermined, merging or not merging in the digital signature; if the third algorithm is not agreed in advance, merging the third algorithm into the digital signature; the provider of the third shared key is a third one of the multi-party authentication centers.

In an embodiment of the invention, the third signature information includes third signature area data, and the third signature area data includes an identifier of the signature sender, the signature data, a serial number of the third shared key, a provider identifier of the third shared key, and the third algorithm.

In an embodiment of the invention, the third signature information includes third digest information; the third abstract information is obtained by performing abstract calculation on the third signature area data by using a third abstract algorithm; if the third digest algorithm is pre-agreed, merging or not merging in the digital signature; and if the third digest algorithm is not agreed in advance, merging the third digest algorithm into the digital signature.

In an embodiment of the present invention, the third signature information is the same as the first signature information and the second signature information, and both the third signature information and the second signature information are signature information; the signature information comprises summary information; the abstract information is obtained by carrying out abstract calculation on the signature area data by using an abstract algorithm; the signature area data includes an identifier of the sender of the signature, the signature data, the digest algorithm, a serial number of the first shared key, a provider identifier of the first shared key, the first algorithm, a serial number of the second shared key, a provider identifier of the second shared key, the second algorithm, a serial number of the third shared key, a provider identifier of the third shared key, and the third algorithm; if the abstract algorithm is predetermined, merging or not merging in the digital signature; if the digest algorithm is not agreed in advance, the digest algorithm is merged into the digital signature.

In an embodiment of the invention, at least one of the first shared secret key, the second shared secret key and the third shared secret key is a quantum secret key.

In an embodiment of the present invention, at least 2 providers of the first shared key, the second shared key, and the third shared key are different.

In an embodiment of the present invention, the first shared key is selected from a first shared key set; the first shared key set is a key set shared by the first shared key provider and the signature sender; the second shared key is selected from a second set of shared keys; the second shared key set is a key set shared by the second shared key provider and the signature sender; or/and the third shared key is selected from a third set of shared keys; the third shared key set is a key set shared by the third shared key provider and the signing sender.

The present invention also provides a computer storage medium having a first computer program stored thereon; the first computer program executes the digital signature generation method when called by a processor.

The present invention also provides a digital signature generation terminal, including: a first input for inputting digital signature related parameters; a first memory for storing a first computer program and the digital signature related parameters; and the first processor is in communication connection with the first memory, and executes the digital signature generation method to generate a digital signature when calling the first computer program and the parameters related to the digital signature.

The invention also provides a digital signature sending method, which comprises the following steps: the signature sender sends the digital signature generated by the digital signature generation method to a signature receiver; or the signature sender utilizes a shared secret key K_abEncrypting the digital signature generated by the digital signature generation method and then sending the encrypted digital signature to a signature receiver; the shared secret key K_abIs a key shared by the signature sender and the signature receiver.

The invention also provides a digital signature verification method, which comprises the following steps: the signature receiver acquires a digital signature of the signature sender; the digital signature of the signature sender comprises: the identification number of the signature sender, the signature data, the serial number of a secret key shared by the multiparty authentication center, the identification number of the multiparty authentication center and a corresponding code; the signature sender calculates corresponding signature information by using keys respectively shared with the multi-party authentication center and algorithms respectively corresponding to the multi-party authentication center to obtain the corresponding codes; the multi-party authentication center comprises two parties and more than two parties; the corresponding signature information includes the signature data; the signature receiver sends the digital signatures to the multiparty authentication center for verification respectively according to the identification numbers of the multiparty authentication center in the digital signatures, and receives the verification results fed back by the multiparty authentication center; when the verification results fed back by the multi-party authentication center are all passed, the signature receiver confirms that the digital signature is valid; otherwise, the signature receiver confirms that the digital signature is invalid.

The present invention also provides a computer storage medium having a second computer program stored thereon; the second computer program, when invoked by a processor, performs the digital signature verification method.

The present invention also provides a digital signature verification terminal, including: a second input end for inputting digital signature related parameters; a second memory for storing a second computer program and the digital signature related parameters; and the second processor is in communication connection with the second memory, and executes the digital signature verification method when calling the second computer program and the digital signature related parameters to verify whether the digital signature is valid or not.

The invention also provides a digital signature verification method, which comprises the following steps: the signature receiver acquires a digital signature of the signature sender; the digital signature includes: an identification number of a signature sender, signature data, a serial number of a first shared key, a provider identification number of the first shared key, a first code, a serial number of a second shared key, a provider identification number of the second shared key, and a second code; the signature sender utilizes the first shared key and a first algorithm to calculate first signature information to obtain the first code; the signature sender utilizes the second shared secret key and a second algorithm to calculate second signature information to obtain the second code; the first signature information and the second signature information each include the signature data; if the first algorithm or/and the second algorithm is/are predetermined, merging or not merging in the digital signature; if the first algorithm or/and the second algorithm is/are not agreed in advance, merging the first algorithm and/or the second algorithm into the digital signature; wherein the provider of the first shared key is a first authentication center of a multi-party authentication center; the provider of the second shared key is a second authentication center in the multi-party authentication center; the signature receiving party sends the digital signature to a provider of the first shared key for verification according to the provider identification number of the first shared key in the digital signature, and receives a first verification result fed back by the provider of the first shared key; the signature receiving party sends the digital signature to a provider of a second shared key for verification according to the provider identification number of the second shared key in the digital signature, and receives a second verification result fed back by the provider of the second shared key; when the first verification result and the second verification result both pass, the signature receiver confirms that the digital signature is valid; otherwise, the signature receiver confirms that the digital signature is invalid.

In an embodiment of the present invention, an implementation process of the signature receiver obtaining the digital signature of the signature sender includes: the signature receiver receives the digital signature sent by the signature sender; or the signature receiver utilizes a shared secret key K_abDecrypting to obtain the digital signature sent by the signature sender; the shared secret key K_abIs a key shared by the signature sender and the signature receiver.

In an embodiment of the present invention, an implementation process of the signature receiving party sending the digital signature to a provider of a first shared key or a provider of a second shared key for verification includes: the signature receiver sends all the data of the digital signature to a provider of the first shared secret key or a provider of the second shared secret key for verification; or the signature receiver sends the data related to the provider of the first shared key in the digital signature to the provider of the first shared key for verification, or sends the data related to the provider of the second shared key in the digital signature to the provider of the second shared key for verification.

In an embodiment of the present invention, an implementation process of the provider of the first shared key to verify the digital signature includes: the provider of the first shared key obtains the corresponding first shared key according to the identification number of the signature sender in the digital signature and the serial number of the first shared key, and calculates and obtains a first verification code according to the first algorithm, the first signature information and the first shared key; and the provider of the first shared key compares the first verification code with the first code in the digital signature, if the first verification code is identical with the first code in the digital signature, the provider feeds back a first verification result which passes the verification, and otherwise, the provider feeds back a first verification result which does not pass the verification.

In an embodiment of the present invention, an implementation process of the provider of the second shared secret key to verify the digital signature includes: the provider of the second shared secret key obtains a corresponding second shared secret key according to the identification number of the signature sender in the digital signature and the serial number of the second shared secret key, and calculates and obtains a second verification code according to the second algorithm, the second signature information and the second shared secret key; and the provider of the second shared secret key compares the second verification code with the second code in the digital signature, if the second verification code is the same as the second code in the digital signature, the provider feeds back a second verification result which passes the verification, and otherwise, the provider feeds back a second verification result which does not pass the verification.

The present invention also provides a computer storage medium having a third computer program stored thereon; the third computer program, when invoked by a processor, performs the digital signature verification method.

The present invention also provides a digital signature verification terminal, including: a third input end for inputting digital signature related parameters; a third memory for storing a third computer program and the digital signature related parameters; and the third processor is in communication connection with the third memory, and executes the digital signature verification method when calling the third computer program and the digital signature related parameters to verify whether the digital signature is valid.

The invention also provides a digital signature verification method, which comprises the following steps: the signature receiver acquires a digital signature of the signature sender; the digital signature of the signature sender comprises: an identification number of a signature sender, signature data, a serial number of a first shared key, a provider identification number of the first shared key, a first code, a serial number of a second shared key, a provider identification number of the second shared key, a second code, a serial number of a third shared key, a provider identification number of the third shared key, and a third code; the signature sender utilizes the first shared key and a first algorithm to calculate first signature information to obtain the first code; the signature sender utilizes the second shared secret key and a second algorithm to calculate second signature information to obtain the second code; the signature sender utilizes the third shared secret key and a third algorithm to calculate third signature information to obtain the third code; the first signature information, the second signature information, and the third signature information each include the signature data; if the first algorithm, the second algorithm or/and the third algorithm are predetermined, merging or not merging in the digital signature; if the first algorithm, the second algorithm or/and the third algorithm are not agreed in advance, merging the first algorithm, the second algorithm or/and the third algorithm into the digital signature; wherein the provider of the first shared key is a first authentication center of the multi-party authentication centers; the provider of the second shared key is a second one of the multi-party authentication centers; the provider of the third shared key is a third authentication center in the multi-party authentication center; the signature receiving party sends the digital signature to a provider of the first shared key for verification according to the provider identification number of the first shared key in the digital signature, and receives a first verification result fed back by the provider of the first shared key; the signature receiving party sends the digital signature to a provider of a second shared key for verification according to the provider identification number of the second shared key in the digital signature, and receives a second verification result fed back by the provider of the second shared key; the signature receiving party sends the digital signature to a provider of a third shared key for verification according to the provider identification number of the third shared key in the digital signature, and receives a third verification result fed back by the provider of the third shared key; when the first verification result, the second verification result and the third verification result are both passed, the signature receiver confirms that the digital signature is valid; otherwise, the signature receiver confirms that the digital signature is invalid.

In an embodiment of the present invention, an implementation procedure of the signature receiving side sending the digital signature to a provider of a first shared key, and the provider of a second shared key or/and the provider of a third shared key performing verification includes: the signature receiver sends all the data of the digital signature to a provider of the first shared key, and the provider of the second shared key or/and the provider of the third shared key carry out verification; or the signature receiver sends the data related to the provider of the first shared key in the digital signature to the provider of the first shared key for verification, or sends the data related to the provider of the second shared key in the digital signature to the provider of the second shared key for verification, or sends the data related to the provider of the third shared key in the digital signature to the provider of the third shared key for verification.

In an embodiment of the present invention, an implementation process of the third shared key provider verifying the digital signature includes: the provider of the third shared key obtains a corresponding third shared key according to the identification number of the signature sender in the digital signature and the serial number of the third shared key, and calculates and obtains a third verification code according to the third algorithm, the third signature information and the third shared key; and the provider of the third shared key compares the third verification code with the third code in the digital signature, if the third verification code is the same as the third code in the digital signature, the third verification result which passes the verification is fed back, and otherwise, the third verification result which does not pass the verification is fed back.

The present invention also provides a computer storage medium having a fourth computer program stored thereon; said fourth computer program, when invoked by a processor, executes said digital signature verification method.

The present invention also provides a digital signature verification terminal, including: a fourth input end for inputting digital signature related parameters; a fourth memory for storing a fourth computer program and the digital signature related parameters; and the fourth processor is in communication connection with the fourth memory, and executes the digital signature verification method when calling the fourth computer program and the digital signature related parameters to verify whether the digital signature is valid.

As described above, the digital signature generation/transmission/verification method, terminal and computer storage medium of the present invention have the following advantageous effects:

the invention realizes digital signature by using a countersigning mode or a quantum key or a mode of combining the countersigning mode and the quantum key; the countersigning mode can ensure that only a signing party has a complete digital signature key, a single authentication center only has a partial digital signature key, and the authentication center cannot forge the digital signature of the signing party, so that the safety of the digital signature is further improved; the quantum key is based on quantum mechanics, the safety of the quantum key is established on the physical characteristics of the inaccurate measurement principle, quantum unclonable, quantum coherence and the like, and the quantum key is proved to be unconditionally safe, so that the safety of the digital signature is further improved; the combination of the countersigning mode and the quantum key can fundamentally solve the potential safety hazard of the digital signature based on the public key cryptosystem.

Drawings

Fig. 1A is a schematic flow chart illustrating an implementation of the digital signature generation method according to the embodiment of the present invention.

Fig. 1B is a schematic flowchart illustrating a specific implementation of the digital signature generation method according to the embodiment of the present invention.

Fig. 1C is a schematic flow chart illustrating another specific implementation of the digital signature generation method according to the embodiment of the present invention.

Fig. 1D is a schematic view of an application scenario of the digital signature generation method according to the embodiment of the present invention.

Fig. 1E is a schematic diagram illustrating an implementation structure of a digital signature generation terminal according to an embodiment of the present invention.

Fig. 2A is a schematic flow chart illustrating an implementation process of the digital signature sending method according to the embodiment of the present invention.

Fig. 2B is a schematic flow chart illustrating another implementation of the digital signature sending method according to the embodiment of the present invention.

Fig. 2C is a schematic view of an application scenario of the digital signature sending method according to the embodiment of the present invention.

Fig. 3A is a schematic flow chart illustrating an implementation of the digital signature verification method according to the embodiment of the present invention.

Fig. 3B is a schematic flowchart illustrating an implementation of the digital signature verification method according to the embodiment of the present invention.

Fig. 3C is a schematic flow chart illustrating another specific implementation of the digital signature verification method according to the embodiment of the present invention.

Fig. 3D is a schematic view of an application scenario of the digital signature verification method according to the embodiment of the present invention.

Fig. 3E is a schematic view illustrating another application scenario of the digital signature verification method according to the embodiment of the present invention.

Fig. 4 is a schematic structural diagram illustrating an implementation of the digital signature verification terminal according to an embodiment of the present invention.

Fig. 5 is a schematic structural diagram illustrating another implementation of the digital signature verification terminal according to the embodiment of the present invention.

Fig. 6 is a schematic structural diagram of another implementation of the digital signature verification terminal according to the embodiment of the present invention.

Description of the element reference numerals

100 digital signature generation terminal

110 first input terminal

120 first memory

130 first processor

300 digital signature verification terminal

410 second input terminal

420 second memory

430 second processor

510 third input terminal

520 third memory

530 third processor

610 fourth input terminal

620 fourth memory

630 fourth processor

S101 to S102

S111 to S113

S121 to S124

S301 to S302

S311 to S316

S321 to S327 steps

Detailed Description

The embodiments of the present invention are described below with reference to specific embodiments, and other advantages and effects of the present invention will be easily understood by those skilled in the art from the disclosure of the present specification. The invention is capable of other and different embodiments and of being practiced or of being carried out in various ways, and its several details are capable of modification in various respects, all without departing from the spirit and scope of the present invention. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict.

It should be noted that the drawings provided in the following embodiments are only for illustrating the basic idea of the present invention, and the drawings only show the components related to the present invention rather than the number, shape and size of the components in actual implementation, and the type, quantity and proportion of the components in actual implementation may be changed freely, and the layout of the components may be more complicated.

Referring to fig. 1A, an embodiment of the present invention provides a digital signature generation method, where the digital signature generation method includes:

s101, a signature sender calculates corresponding signature information to obtain corresponding codes by utilizing keys respectively shared with a multi-party authentication center and algorithms respectively corresponding to the multi-party authentication center; the multi-party authentication center comprises two or more authentication centers, namely the multi-party authentication center comprises at least 2 authentication centers, such as a first authentication center, a second authentication center, a third authentication center, a fourth authentication center, a fifth authentication center and the like; the corresponding signature information includes signature data.

S102, combining the identification number of the signature sender, the signature data, the serial number of the secret key shared by the multiparty authentication center, the identification number of the multiparty authentication center and the corresponding code, and generating the digital signature of the signature sender.

If the corresponding algorithm is not agreed in advance, the corresponding algorithm is merged into the digital signature; if the corresponding algorithm is pre-agreed, the corresponding algorithm may not be incorporated in the digital signature, or the corresponding algorithm may also be incorporated in the digital signature.

Referring to fig. 1B, an embodiment of the present invention provides a digital signature generation method, where an implementation process of the digital signature generation method includes:

and S111, the signature sender calculates the first signature information by using the first shared key and the first algorithm to obtain a first code.

And S112, the signature sender calculates the second signature information by using a second shared secret key and a second algorithm to obtain a second code.

S113, combining the identification number of the signature sender, the signature data, the serial number of the first shared key, the provider identification number of the first shared key, the first code, the serial number of the second shared key, the provider identification number of the second shared key and the second code to generate a digital signature of the signature sender; if the first algorithm or/and the second algorithm is/are predetermined, not combining or combining in the digital signature; and if the first algorithm or/and the second algorithm is not agreed in advance, combining the first algorithm and/or the second algorithm in the digital signature. Wherein the provider of the first shared key is a first authentication center of the multi-party authentication centers; the provider of the second shared key is a second one of the multi-party authentication centers.

At least one of the first shared secret key and the second shared secret key is a quantum secret key, so that the unconditional security of the quantum secret key is achieved. Preferably, the first shared key and the second shared key are both quantum keys.

In an embodiment of the present invention, the first signature information includes first signature area data, and the first signature area data includes an identifier of the signature sender, the signature data, a serial number of the first shared key, a provider identifier of the first shared key, and the first algorithm; the second signature information includes second signature area data, and the second signature area data includes an identifier of the signature sender, the signature data, a serial number of the second shared key, a provider identifier of the second shared key, and the second algorithm. Wherein, if the first algorithm is pre-agreed, the first algorithm may or may not be included in the first signature region data; if the second algorithm is pre-agreed, the second algorithm may or may not be included in the second signature region data.

In an embodiment of the present invention, the first signature information includes first digest information; the first abstract information is obtained by carrying out abstract calculation on the first signature area data by utilizing a first abstract algorithm; the second signature information comprises second digest information; the second abstract information is obtained by carrying out abstract calculation on the second signature area data by using a second abstract algorithm; if the first abstract algorithm or/and the second abstract algorithm is/are predetermined, merging or not merging in the digital signature; if the first digest algorithm or/and the second digest algorithm is not agreed in advance, the first digest algorithm or/and the second digest algorithm are combined in the digital signature. If the first digest algorithm is pre-agreed, the first digest algorithm may or may not be included in the first signature region data; if the second digest algorithm is pre-agreed, the second digest algorithm may or may not be included in the second signature region data.

In an embodiment of the present invention, the first signature information and the second signature information are the same and are both signature information; the signature information comprises summary information; the abstract information is obtained by carrying out abstract calculation on the signature area data by using an abstract algorithm; the signature area data includes an identifier of the sender of the signature, the signature data, the digest algorithm, a serial number of the first shared key, a provider identifier of the first shared key, the first algorithm, a serial number of the second shared key, a provider identifier of the second shared key, and the second algorithm; if the abstract algorithm is predetermined, merging or not merging in the digital signature; if the digest algorithm is not agreed in advance, the digest algorithm is merged into the digital signature. Wherein, if the digest algorithm is pre-agreed, the digest algorithm may or may not be included in the signature region data.

Furthermore, the provider of the first shared key is different from the provider of the second shared key, so that the countersigning mode is realized, the problem of unsafe signature caused by the problem of one authentication center is avoided, and the safety of the digital signature is further improved.

Further, the first algorithm comprises a message authentication code algorithm or/and a key encryption algorithm; or/and the second algorithm comprises a message authentication code algorithm or/and a key encryption algorithm. The message authentication code algorithm comprises a Hash operation message authentication code algorithm; the key encryption algorithm comprises a symmetric key encryption algorithm.

Further, the first shared key is selected from a first set of shared keys; the first shared key set is a key set shared by the first shared key provider and the signature sender; or/and the second shared key is selected from a second set of shared keys; the second shared key set is a key set shared by the second shared key provider and the signing sender.

Referring to fig. 1C, an embodiment of the present invention further provides a digital signature generation method, where the digital signature generation method includes:

and S121, the signature sender calculates the first signature information by using the first shared key and the first algorithm to obtain a first code.

And S122, the signature sender calculates the second signature information by using a second shared secret key and a second algorithm to obtain a second code.

And S123, the signature sender calculates third signature information by using a third shared key and a third algorithm to obtain a third code.

S124, combining the identification number of the sender of the signature, the signature data, the serial number of the first shared key, the provider identification number of the first shared key, the first code, the serial number of the second shared key, the provider identification number of the second shared key, the second code, the serial number of the third shared key, the provider identification number of the third shared key, and the third code, and generating a digital signature of the sender of the signature; if the first algorithm, the second algorithm, or/and the third algorithm are pre-agreed, merging or not merging in the digital signature; if the first algorithm, the second algorithm, or/and the third algorithm are not pre-agreed, then the first algorithm, the second algorithm, or/and the third algorithm are merged into the digital signature. Wherein the provider of the first shared key is a first authentication center of the multi-party authentication centers; the provider of the second shared key is a second one of the multi-party authentication centers; the provider of the third shared key is a third one of the multi-party authentication centers.

By analogy, the signature sender may also calculate a fourth signature information by using a fourth shared key and a fourth algorithm to obtain a fourth code, and obtain a fifth code, a sixth code, a seventh code, an eighth code, and the like, which are not listed here, but the implementation manner is similar to the second code and the third code.

At least one of the first shared secret key, the second shared secret key and the third shared secret key is a quantum secret key, so that the unconditional security of the quantum secret key is achieved. Preferably, the first shared key, the second shared key and the third shared key are quantum keys.

In an embodiment of the present invention, the first signature information includes first signature area data, and the first signature area data includes an identifier of the signature sender, the signature data, a serial number of the first shared key, a provider identifier of the first shared key, and the first algorithm; the second signature information includes second signature area data, which includes an identifier of the signature sender, the signature data, a serial number of the second shared key, a provider identifier of the second shared key, and the second algorithm; the third signature information includes third signature area data, and the third signature area data includes an identifier of the signature sender, the signature data, a serial number of the third shared key, a provider identifier of the third shared key, and the third algorithm.

In an embodiment of the present invention, the first signature information includes first digest information; the first abstract information is obtained by carrying out abstract calculation on the first signature area data by utilizing a first abstract algorithm; the second signature information comprises second digest information; the second abstract information is obtained by carrying out abstract calculation on the second signature area data by using a second abstract algorithm; the third signature information includes third digest information; the third abstract information is obtained by performing abstract calculation on the third signature area data by using a third abstract algorithm; if the first digest algorithm, the second digest algorithm or/and the third digest algorithm are predetermined, merging or not merging in the digital signature; if the first digest algorithm, the second digest algorithm or/and the third digest algorithm are not agreed in advance, the first digest algorithm, the second digest algorithm or/and the third digest algorithm are combined in the digital signature.

In an embodiment of the present invention, the third signature information is the same as the first signature information or/and the second signature information, and both are signature information; the signature information comprises summary information; the abstract information is obtained by carrying out abstract calculation on the signature area data by using an abstract algorithm; the signature area data includes an identifier of the sender of the signature, the signature data, the digest algorithm, a serial number of the third shared key, a provider identifier of the third shared key, the third algorithm, a serial number of the second shared key, a provider identifier of the second shared key, the second algorithm, or/and a serial number of the first shared key, a provider identifier of the first shared key, and the first algorithm; if the abstract algorithm is predetermined, merging or not merging in the digital signature; if the digest algorithm is not agreed in advance, the digest algorithm is merged into the digital signature.

The summary information in the signature information is obtained by performing summary calculation on signature area data by using a summary algorithm, wherein the signature area data may be the combination of first signature area data and second signature area data, the combination of the first signature area data and third signature area data, the combination of the second signature area data and third signature area data, or the combination of the first signature area data, the second signature area data and the third signature area data; that is, the signature region data may be a combination of any two or more signature region data.

Furthermore, at least 2 providers of the first shared key, the second shared key and the third shared key are different, so that the countersigning mode is realized, the problem of unsafe signature caused by the problem of one authentication center is avoided, and the security of the digital signature is further improved. Preferably, the provider of the first shared key, the provider of the second shared key, and the provider of the third shared key are different in pairs.

Further, the first algorithm comprises a message authentication code algorithm or/and a key encryption algorithm; the second algorithm comprises a message authentication code algorithm or/and a key encryption algorithm; or/and said third algorithm comprises a message authentication code algorithm or/and a key encryption algorithm. The message authentication code algorithm comprises a Hash operation message authentication code algorithm; the key encryption algorithm comprises a symmetric key encryption algorithm.

Further, the first shared key is selected from a first set of shared keys; the first shared key set is a key set shared by the first shared key provider and the signature sender; the second shared key is selected from a second set of shared keys; the second shared key set is a key set shared by the second shared key provider and the signature sender; or/and the third shared key is selected from a third set of shared keys; the third shared key set is a key set shared by the third shared key provider and the signing sender.

The protection scope of the digital signature generation method according to the present invention is not limited to the execution sequence of the steps listed in this embodiment, and all the schemes of adding or subtracting steps and replacing steps in the prior art according to the principle of the present invention are included in the protection scope of the present invention.

The following embodiments are provided as further illustrations of the technical solutions of the present invention, but the scope of the present invention is not limited to the illustrated embodiments of the present invention, and all modifications made according to the principles of the present invention are included in the scope of the present invention.

Referring to fig. 1D, an application scenario diagram of a digital signature generation method is provided in the embodiment of the present invention, wherein a quantum key Distribution center kdc (key Distribution center) distributes a batch of shared keys (or shared key set 1) to a certificate authority CA₁And a signature sender Alice; quantum key distribution center KDC distributes a batch of shared keys (or shared key set 2)) To a certification centre CA₂And a signature sender Alice; the quantum key distribution center KDC distributes a batch of shared keys (or shared key set n) to the certification center CA_nAnd a signature sender Alice. The signature sender Alice may select 2 or more than 2 certificate authorities' shared secret keys to generate the signature, for example, select CA₁And CA₂Generating signatures, or selecting CAs₁，CA₂And CA_nGenerating a signature, wherein n represents a number of authentication centers of 3 and above, such as: selection of CA₁，CA₂And CA₃Generating signatures, or selecting CAs₁，CA₂，CA₃And CA₄Generating signatures, or selecting CAs₁，CA₂，CA₃，CA₄And CA₅Generate signatures, etc.

Example 1:

1.1 signature sender Alice Slave and Authentication center CA₁Selects a shared key from the shared key set, records the serial number IDXK of the shared key_ac1Using IDXK_ac1Corresponding shared secret key K_ac1Selecting a Hash operation message authentication code algorithm HMAC_ac1For signature region DATA DATA₁＝(ID_Alice，P，IDXK_ac1，S_CA1，HMAC_ac1) Computing a hash message authentication code HMAC (DATA)₁，K_ac1) (ii) a Wherein, ID_AliceFor signing the identification number of the sender, P is the signature data, S_CA1As a certification centre CA₁An identification number of (a).

1.2 signature sender Alice selects a shared key from a shared key set with a certificate authority CA2, records the key sequence number IDXK_ac2Using IDXK_ac2Corresponding key K_ac2Selecting a Hash operation message authentication code algorithm HMAC_ac2For signature region DATA DATA₂＝(ID_Alice，P，IDXK_ac2,，S_CA2，HMAC_ac2) Computing a hash message authentication code HMAC (DATA)₂，K_ac2) (ii) a Wherein S is_CA2As a certification centre CA₂An identification number of (a).

1.3 merging signatures of sender AliceIdentification number ID_AliceSignature data P, key sequence number IDXK_ac1And a certification center CA₁Identification number S_CA1Hash operation message authentication code algorithm HMAC_ac1Hash operation message authentication code HMAC (DATA)₁，K_ac1) Key sequence number IDXK_ac2And a certification center CA₂Identification number S_CA2Hash operation message authentication code algorithm HMAC_ac2Hash operation message authentication code HMAC (DATA)₂，K_ac2) As Alice signature: SIG_Alice＝(ID_Alice，P，IDXK_ac1，S_CA1，HMAC_ac1，HMAC(DATA₁，K_ac1)，IDXK_ac2，S_CA2，HMAC_ac2，HMAC(DATA₂，K_ac2))。

Hash operation message authentication code algorithm HMAC in the embodiment_ac1Message authentication code algorithm HMAC (hybrid message Access control) with Hash operation_ac2May be the same or different.

Optionally, a hash operation message authentication code algorithm HMAC_ac1And HMAC_ac2May be predetermined without being incorporated into the signature SIG_AliceIn (1).

Example 2:

2.1 signature sender Alice Slave and Authentication center CA₁Selects a shared key from the shared key set, records the serial number IDXK of the shared key_ac1For IDXK_ac1Corresponding key K_ac1Selecting a symmetric key encryption algorithm ENCRP_ac1(ii) a Then the slave and the authentication center CA₂Selects a shared key from the shared key set, records the serial number IDXK of the shared key_ac2For IDXK_ac2Corresponding key K_ac2Selecting a symmetric key encryption algorithm ENCRP_ac2(ii) a Then selecting a summary algorithm HASH; finally, the ID of the signature data P, Alice is combined_AliceAnd a certification center CA₁Identification number S of_CA1And a certification center CA₂Identification number S of_CA2Generating signature area DATA (DATA ═ ID)_Alice，P，HASH，IDXK_ac1，S_CA1，ENCRP_ac1，IDXK_ac2，S_CA2，ENCRP_ac2) Carrying out abstract operation on the DATA DATA in the signature area to obtain abstract information MAC (DATA);

2.2 signature sender Alice uses secret Key K_ac1And a corresponding symmetric key encryption algorithm ENCRP_ac1Encrypting the digest information MAC (DATA)_ac1(MAC(DATA))；

2.3 signing sender Alice uses secret Key K_ac2And a corresponding symmetric key encryption algorithm ENCRP_ac2Encrypting the digest information MAC (DATA)_ac2(MAC(DATA))；

2.4 merging the ID of the sender Alice of the signature_AliceSignature data P, summary algorithm HASH and key sequence number IDXK_ac1And a certification center CA₁Identification number S_CA1Symmetric key encryption algorithm ENCRP_ac1Encrypted summary information K_ac1(MAC (DATA)), Key Serial number IDXK_ac2And a certification center CA₂Identification number S_CA2Symmetric key encryption algorithm ENCRP_ac2Encrypted summary information K_ac2(MAC (DATA)) as Alice signature: SIG_Alice＝(ID_Alice，P，HASH，IDXK_ac1，S_CA1，ENCRP_ac1，K_ac1(MAC(DATA))，IDXK_ac2，S_CA2，ENCRP_ac2，K_ac2(MAC(DATA)))。

Symmetric key encryption algorithm ENCRP in the embodiment_ac1Symmetric key encryption algorithm ENCRP_ac2May be the same or different.

Optionally, a digest algorithm HASH and a symmetric key encryption algorithm ENCRP_ac1、ENCRP_ac2May be predetermined without being incorporated into the signature SIG_AliceIn (1).

Example 3:

3.1 signature sender Alice Slave and Authentication center CA₁Selects a shared key from the shared key set, records the serial number IDXK of the shared key_ac1For IDXK_ac1Corresponding key K_ac1Selecting a symmetric key encryption algorithm ENCRP_ac1(ii) a Then selects a summary calculatorMethod HASH_ac1(ii) a Finally, the ID of the signature data P, Alice is combined_AliceAnd a certification center CA₁Identification number S_CA1Generating signature region DATA DATA₁＝(ID_Alice，P，HASH_ac1，IDXK_ac1，S_CA1，ENCRP_ac1) For signature region DATA DATA₁Abstract operation is carried out to obtain abstract information MAC_ac1(DATA₁)；

3.2 signature sender Alice uses secret Key K_ac1And a corresponding symmetric key encryption algorithm ENCRP_ac1For abstract information MAC_ac1(DATA₁) Carry out encryption K_ac1(MAC_ac1(DATA₁))；

3.3 signature sender Alice Slave and Authentication center CA₂Selects a shared key from the shared key set, records the serial number IDXK of the shared key_ac2For IDXK_ac2Corresponding key K_ac2Selecting a symmetric key encryption algorithm ENCRP_ac2(ii) a Then selects a summary algorithm HASH_ac2(ii) a Finally, the ID of the signature data P, Alice is combined_AliceAnd a certification center CA₂Identification number S_CA2Generating signature region DATA DATA₂＝(ID_Alice，P，HASH_ac2，IDXK_ac2，S_CA2，ENCRP_ac2) For signature region DATA DATA₂Abstract operation is carried out to obtain abstract information MAC_ac2(DATA₂)；

3.4 signature sender Alice uses secret Key K_ac2And a corresponding symmetric key encryption algorithm ENCRP_ac2For abstract information MAC_ac2(DATA₂) Carry out encryption K_ac2(MAC_ac2(DATA₂))；

3.5 merging the ID of the sender Alice of the signature_AliceSignature data P and summary algorithm HASH_ac1Key sequence number IDXK_ac1And a certification center CA₁Identification number S_CA1Symmetric key encryption algorithm ENCRP_ac1Encrypted summary information K_ac1(MAC_ac1(DATA₁) HASH algorithm, summary algorithm_ac2Key sequence number IDXK_ac2And a certification center CA₂Identification number S_CA2Symmetric key encryption algorithm ENCRP_ac2Encrypted summary information K_ac2(MAC_ac2(DATA₂) As Alice signature: SIG_Alice＝(ID_Alice，P，HASH_ac1，IDXK_ac1，S_CA1，ENCRP_ac1，K_ac1(MAC_ac1(DATA₁))，HASH_ac2，IDXK_ac2，S_CA2，ENCRP_ac2，K_ac2(MAC_ac2(DATA₂)))。

Summary algorithm HASH in this embodiment_ac1And abstract algorithm HASH_ac2The symmetric key encryption algorithm ENCRP can be the same or different_ac1Symmetric key encryption algorithm ENCRP_ac2May be the same or different.

Alternatively, the digest algorithm HASH_ac1、HASH_ac2And a symmetric key encryption algorithm ENCRP_ac1、ENCRP_ac2May be predetermined without being incorporated into the signature SIG_AliceIn (1).

The embodiment of the invention also provides a computer storage medium, wherein the computer storage medium stores a first computer program; the first computer program, when called by the processor, executes the digital signature generation method of the present invention.

Referring to fig. 1E, an embodiment of the present invention further provides a digital signature generation terminal, where the digital signature generation terminal 100 includes: a first input 110, a first memory 120, a first processor 130; the first input terminal 110 is used for inputting digital signature related parameters; the first memory 120 is used for storing a first computer program and the digital signature related parameters; the first processor 130 is communicatively connected to the first memory 120, and executes the digital signature generation method according to the present invention when the first computer program and the parameter related to the digital signature are called, so as to generate the digital signature.

The digital signature generating terminal according to the present invention can implement the digital signature generating method according to the present invention, but the implementation apparatus of the digital signature generating method according to the present invention includes, but is not limited to, the structure of the digital signature generating terminal described in this embodiment, and all structural modifications and substitutions in the prior art made according to the principle of the present invention are included in the scope of the present invention.

Referring to fig. 2A, an embodiment of the present invention further provides a digital signature sending method, including: the signature sender sends the digital signature generated by the digital signature generation method to the signature receiver.

Referring to fig. 2B, an embodiment of the present invention further provides a digital signature sending method, including: signature sender using shared secret key K_abEncrypting the digital signature generated by the digital signature generation method of the invention and then sending the encrypted digital signature to a signature receiver; the shared secret key K_abIs a key shared by the signature sender and the signature receiver.

Referring to fig. 2C, an application scenario diagram of a digital signature sending method is provided in an embodiment of the present invention, where a quantum key distribution center KDC distributes a shared key K_abSending the signature to a signature sender Alice; quantum key distribution center KDC distributes shared key K_abTo the signature receiver Bob; signature sender Alice uses K_abSign SIG to Alice_AliceCarry out encryption K_ab(SIG_Alice) And sent to Bob. The signature sender Alice can also send the signature SIG directly_AliceTo the signature receiver Bob.

The protection scope of the digital signature sending method according to the present invention is not limited to the execution sequence of the steps listed in this embodiment, and all the schemes of adding or subtracting steps and replacing steps in the prior art according to the principle of the present invention are included in the protection scope of the present invention.

Referring to fig. 3A, an embodiment of the present invention further provides a digital signature verification method, where the digital signature verification method includes:

s301, the signature receiver acquires the digital signature of the signature sender; the digital signature is generated by the digital signature generation method;

s302, the signature receiver sends the digital signatures to a multiparty authentication center for verification respectively according to the identification numbers of the multiparty authentication center in the digital signatures, and receives the verification results fed back by the multiparty authentication center; when the verification results fed back by the multi-party authentication center are all passed, the signature receiver confirms that the digital signature is valid; otherwise, the signature receiver confirms that the digital signature is invalid.

Referring to fig. 3B, an embodiment of the present invention further provides a digital signature verification method, where the digital signature verification method includes:

s311, the signature receiver acquires the digital signature of the signature sender; the digital signature is generated by the digital signature generation method;

s312, the signature receiving party sends the digital signature to a provider of the first shared key for verification according to the provider identification number of the first shared key in the digital signature, and receives a first verification result fed back by the provider of the first shared key; the provider of the first shared key is a first authentication center of the multi-party authentication centers;

s313, the signature receiving party sends the digital signature to a provider of a second shared key for verification according to the provider identification number of the second shared key in the digital signature, and receives a second verification result fed back by the provider of the second shared key; the provider of the second shared key is a second one of the multi-party authentication centers;

s314, the signature receiver judges whether the first verification result and the second verification result both pass;

s315, if yes, the signature receiver confirms that the digital signature is valid;

s316, otherwise, the signature receiver confirms that the digital signature is invalid.

In an embodiment of the present invention, an implementation procedure of the signature receiver acquiring the digital signature of the signature sender includes: the signature receiver receives the digital signature sent by the signature sender; or the signature receiver utilizes a shared secret key K_abDecrypting to obtain the digital signature sent by the signature sender; the shared secret key K_abIs a key shared by the signature sender and the signature receiver.

In an embodiment of the present invention, an implementation procedure of the signature receiving side sending the digital signature to the provider of the first shared key or the provider of the second shared key for verification includes: the signature receiver sends all the data of the digital signature to a provider of the first shared secret key or a provider of the second shared secret key for verification; or the signature receiver sends the data related to the provider of the first shared key in the digital signature to the provider of the first shared key for verification, or sends the data related to the provider of the second shared key in the digital signature to the provider of the second shared key for verification.

In an embodiment of the present invention, one implementation procedure of the provider of the first shared key to verify the digital signature includes: the provider of the first shared key obtains the corresponding first shared key according to the identification number of the signature sender in the digital signature and the serial number of the first shared key, and calculates and obtains a first verification code according to a first algorithm, first signature information and the first shared key in the digital signature; and the provider of the first shared key compares the first verification code with the first code in the digital signature, if the first verification code is identical with the first code in the digital signature, the provider feeds back a first verification result which passes the verification, and otherwise, the provider feeds back a first verification result which does not pass the verification. If the first algorithm is predetermined, merging or not merging in the digital signature; if the first algorithm is not pre-agreed, it is incorporated into the digital signature.

One implementation of the second shared key provider to verify the digital signature includes: the provider of the second shared secret key obtains a corresponding second shared secret key according to the identification number of the signature sender in the digital signature and the serial number of the second shared secret key, and calculates and obtains a second verification code according to a second algorithm, second signature information and the second shared secret key in the digital signature; and the provider of the second shared secret key compares the second verification code with the second code in the digital signature, if the second verification code is the same as the second code in the digital signature, the provider feeds back a second verification result which passes the verification, and otherwise, the provider feeds back a second verification result which does not pass the verification. If the second algorithm is predetermined, merging or not merging in the digital signature; if the second algorithm is not pre-agreed, it is incorporated into the digital signature.

In an embodiment of the present invention, the first signature information includes first signature area data, and the first signature area data includes an identifier of a signature sender, signature data, a serial number of the first shared key, a provider identifier of the first shared key, and the first algorithm; the second signature information includes second signature area data, and the second signature area data includes an identifier of a signature sender, the signature data, a serial number of the second shared key, a provider identifier of the second shared key, and the second algorithm. Wherein, if the first algorithm is pre-agreed, the first algorithm may or may not be included in the first signature region data; if the second algorithm is pre-agreed, the second algorithm may or may not be included in the second signature region data.

In an embodiment of the present invention, the first signature information includes first digest information; the first abstract information is obtained by carrying out abstract calculation on the first signature area data by utilizing a first abstract algorithm; the second signature information comprises second digest information; and the second abstract information is obtained by carrying out abstract calculation on the second signature area data by using a second abstract algorithm. If the first abstract algorithm or/and the second abstract algorithm is/are predetermined, not combining or combining in the digital signature; if the first digest algorithm or/and the second digest algorithm is not agreed in advance, the first digest algorithm or/and the second digest algorithm are combined in the digital signature. If the first digest algorithm is pre-agreed, the first digest algorithm may or may not be included in the first signature region data; if the second digest algorithm is pre-agreed, the second digest algorithm may or may not be included in the second signature region data.

In an embodiment of the present invention, the first signature information and the second signature information are the same and are both signature information; the signature information comprises summary information; the abstract information is obtained by carrying out abstract calculation on the signature area data by using an abstract algorithm; the signature area data includes an identifier of the sender of the signature, the signature data, the digest algorithm, a serial number of the first shared key, a provider identifier of the first shared key, the first algorithm, a serial number of the second shared key, a provider identifier of the second shared key, and the second algorithm. If the abstract algorithm is predetermined, merging or not merging in the digital signature; if the digest algorithm is not agreed in advance, the digest algorithm is merged into the digital signature. Wherein, if the digest algorithm is pre-agreed, the digest algorithm may or may not be included in the signature region data.

Referring to fig. 3C, an embodiment of the present invention further provides a digital signature verification method, where the digital signature verification method includes:

s321, the signature receiver acquires the digital signature of the signature sender; the digital signature is generated by the digital signature generation method;

s322, the signature receiving party sends the digital signature to a provider of the first shared key for verification according to the provider identification number of the first shared key in the digital signature, and receives a first verification result fed back by the provider of the first shared key; the provider of the first shared key is a first authentication center of the multi-party authentication centers;

s323, the signature receiving party sends the digital signature to a provider of a second shared key for verification according to the provider identification number of the second shared key in the digital signature, and receives a second verification result fed back by the provider of the second shared key; the provider of the second shared key is a second one of the multi-party authentication centers;

s324, the signature receiving party sends the digital signature to a provider of a third shared key for verification according to the provider identification number of the third shared key in the digital signature, and receives a third verification result fed back by the provider of the third shared key; the provider of the third shared key is a third one of the multi-party authentication centers;

s325, the signature receiver judges whether the first verification result, the second verification result and the third verification result are both passed;

s326, if yes, the signature receiver confirms that the digital signature is valid;

s327, otherwise, the signature receiver confirms that the digital signature is invalid.

If the digital signature needs to be verified by a fourth shared key provider, a fifth shared key provider, a sixth shared key provider, a seventh shared key provider, an eighth shared key provider, and the like, multi-party verification can be realized by analogy according to the verification principle of the digital signature verification method of the present invention, which is not listed in the present invention.

One implementation of the third shared key provider to verify the digital signature includes: the provider of the third shared key obtains a corresponding third shared key according to the identification number of the signature sender in the digital signature and the serial number of the third shared key, and calculates and obtains a third verification code according to a third algorithm, third signature information and the third shared key in the digital signature; and the provider of the third shared key compares the third verification code with the third code in the digital signature, if the third verification code is the same as the third code in the digital signature, the third verification result which passes the verification is fed back, and otherwise, the third verification result which does not pass the verification is fed back. If the third algorithm is predetermined, merging or not merging in the digital signature; if the third algorithm is not pre-agreed, it is incorporated into the digital signature.

In an embodiment of the present invention, the first signature information includes first signature area data, and the first signature area data includes an identifier of a signature sender, signature data, a serial number of the first shared key, a provider identifier of the first shared key, and the first algorithm; the second signature information includes second signature area data, and the second signature area data includes an identifier of a signature sender, the signature data, a serial number of the second shared key, a provider identifier of the second shared key, and the second algorithm; the third signature information includes third signature area data, and the third signature area data includes an identifier of a signature sender, signature data, a serial number of the third shared key, a provider identifier of the third shared key, and the third algorithm. Wherein, if the first algorithm is pre-agreed, the first algorithm may or may not be included in the first signature region data; if the second algorithm is pre-agreed, the second algorithm may or may not be included in the second signature region data; if the third algorithm is pre-agreed, the third algorithm may or may not be included in the third signature region data.

In an embodiment of the present invention, the first signature information includes first digest information; the first abstract information is obtained by carrying out abstract calculation on the first signature area data by utilizing a first abstract algorithm; the second signature information comprises second digest information; the second abstract information is obtained by carrying out abstract calculation on the second signature area data by using a second abstract algorithm; the third signature information includes third digest information; and the third abstract information is obtained by performing abstract calculation on the third signature area data by using a third abstract algorithm. If the first digest algorithm, the second digest algorithm or/and the third digest algorithm are predetermined, merging or not merging in the digital signature; if the first digest algorithm, the second digest algorithm or/and the third digest algorithm are not agreed in advance, the first digest algorithm, the second digest algorithm or/and the third digest algorithm are combined in the digital signature. If the first digest algorithm is pre-agreed, the first digest algorithm may or may not be included in the first signature region data; if the second digest algorithm is pre-agreed, the second digest algorithm may or may not be included in the second signature region data; if the third digest algorithm is pre-agreed, the third digest algorithm may or may not be included in the third signature region data.

In an embodiment of the present invention, the first signature information and the second signature information are the same and are both signature information; the signature information comprises summary information; the abstract information is obtained by carrying out abstract calculation on the signature area data by using an abstract algorithm; the signature area data includes an identifier of the sender of the signature, the signature data, the digest algorithm, a serial number of the first shared key, a provider identifier of the first shared key, the first algorithm, a serial number of the second shared key, a provider identifier of the second shared key, and the second algorithm.

In an embodiment of the present invention, the third signature information is the same as the first signature information or/and the second signature information, and both are signature information; the signature information comprises summary information; the abstract information is obtained by carrying out abstract calculation on the signature area data by using an abstract algorithm; the signature area data includes an identifier of the signature sender, the signature data, the digest algorithm, a serial number of the third shared key, a provider identifier of the third shared key, the third algorithm, a serial number of the second shared key, a provider identifier of the second shared key, the second algorithm, or/and a serial number of the first shared key, a provider identifier of the first shared key, and the first algorithm.

The summary information in the signature information is obtained by performing summary calculation on signature area data by using a summary algorithm, wherein the signature area data may be the combination of first signature area data and second signature area data, the combination of the first signature area data and third signature area data, the combination of the second signature area data and third signature area data, or the combination of the first signature area data, the second signature area data and the third signature area data; that is, the signature region data may be a combination of any two or more signature region data. If the abstract algorithm is predetermined, not combining or combining in the digital signature; if the digest algorithm is not agreed in advance, the digest algorithm is merged into the digital signature. Wherein, if the digest algorithm is pre-agreed, the digest algorithm may or may not be included in the signature region data.

The protection scope of the digital signature verification method according to the present invention is not limited to the execution sequence of the steps listed in this embodiment, and all the schemes of adding or subtracting steps and replacing steps in the prior art according to the principles of the present invention are included in the protection scope of the present invention.

Referring to fig. 3D, an application scenario diagram of a digital signature verification method is provided in the embodiments of the present invention, wherein a signature receiver Bob obtains a signature of a signature sender Alice and verifies the signature.

Example 4:

4.1 the signature receiver Bob gets the signature sender Alice signature.

For example: signature receiver Bob uses shared secret key K_abDecrypting K the received Alice signature_ab-(K_ab(SIG_Alice) Obtain the Alice signature SIG before encryption)_Alice。

For example: signature receiver Bob directly obtains Alice signature SIG_AliceNo decryption is required.

4.2 signature receiver Bob according to authentication center identification number S_CA1Sending Alice signature data to a Certificate Authority (CA)₁And carrying out signature verification.

For example: the signature receiver Bob identifies the number S according to the authentication center_CA1Sending all data of Alice signature to a certification center CA₁And carrying out signature verification.

For example: the signature receiver Bob identifies the number S according to the authentication center_CA1The Alice signature is compared with the CA₁The relevant data is sent to the certification center CA₁And carrying out signature verification.

If the above-described embodiment 1 of digital signature generation is adopted, then Bob will be (ID)_Alice，P，IDXK_ac1，HMAC_ac1，HMAC(DATA₁，K_ac1) To a certificate authority CA₁And carrying out signature verification.

If the above-described embodiment 2 of digital signature generation is adopted, then Bob will be (ID)_Alice，P，HASH，IDXK_ac1，ENCRP_ac1K_ac1(MAC (DATA)) to the authentication center CA₁And carrying out signature verification.

If the above-described embodiment 3 of digital signature generation is adopted, then Bob will be (ID)_Alice，P，HASH_ac1，IDXK_ac1，ENCRP_ac1，K_ac1(MAC_ac1(DATA₁) ) to the certification authority CA₁And carrying out signature verification.

4.3 authentication center CA₁And verifying the Alice signature.

For example: the signature verification process of embodiment 1 corresponding to the above digital signature generation is: authentication center CA₁According to the Alice identification number ID_AliceAnd key sequence number IDXK_ac1Obtaining a corresponding key K_ac1According to the Hash operation message authentication code algorithm HMAC_ac1Using K_ac1For signature region DATA DATA₁Computing a hash message authentication code HMAC (DATA)₁，K_ac1) And HMAC (DATA) in Alice signature₁，K_ac1) And comparing, if the two are the same, the verification is passed, otherwise, the verification is not passed. Authentication center CA₁And returning the verification result to Bob.

For example: the signature verification process of embodiment 2 corresponding to the above digital signature generation is: authentication center CA₁Performing HASH operation on the DATA in the signature area according to a HASH algorithm HASH to obtain digest information mac (DATA); authentication center CA₁According to the Alice identification number ID_AliceAnd key sequence number IDXK_ac1Obtaining a corresponding key K_ac1According to a symmetric key encryption algorithm ENCRP_ac1Encrypting the digest information MAC (DATA) by K_ac1(MAC (DATA)); authentication center CA₁The encryption result K_ac1(MAC (DATA)) and K in Alice signature_ac1(MAC (DATA)) comparing, if the two are same, the verification is passed, otherwise, the verification is not passed. Authentication center CA₁And returning the verification result to Bob.

For example: the signature verification process of embodiment 3 corresponding to the above digital signature generation is: authentication center CA₁HASH according to a summary algorithm_ac1For signature region DATA DATA₁HASH operation is carried out to obtain summary information MAC_ac1(DATA₁) (ii) a Authentication center CA₁According to Alice identificationNumber ID_AliceAnd key sequence number IDXK_ac1Obtaining a corresponding key K_ac1According to a symmetric key encryption algorithm ENCRP_ac1For summary information MAC_ac1(DATA₁) Carry out encryption K_ac1(MAC_ac1(DATA₁) ); authentication center CA₁The obtained encryption result K_ac1(MAC_ac1(DATA₁) K in Alice signature_ac1(MAC_ac1(DATA₁) Compare, if the two are the same, the verification is passed, otherwise the verification is not passed. Authentication center CA₁And returning the verification result to Bob.

4.4 signature receiver Bob according to authentication center identification number S_CA2Sending Alice signature data to a Certificate Authority (CA)₂And carrying out signature verification.

For example: the signature receiver Bob identifies the number S according to the authentication center_CA2Sending all data of Alice signature to a certification center CA₂And carrying out signature verification.

For example: the signature receiver Bob identifies the number S according to the authentication center_CA2The Alice signature is compared with the CA₂The related data is sent to the certification center CA₂And carrying out signature verification.

If the above-described embodiment 1 of digital signature generation is adopted, then Bob will be (ID)_Alice，P，IDXK_ac2，HMAC_ac2，HMAC(DATA₂，K_ac2) To a certificate authority CA₂And carrying out signature verification.

If the above-described embodiment 2 of digital signature generation is adopted, then Bob will be (ID)_Alice，P，HASH，IDXK_ac2，ENCRP_ac2，K_ac2(MAC (DATA)) to the authentication center CA₂And carrying out signature verification.

If the above-described embodiment 3 of digital signature generation is adopted, then Bob will be (ID)_Alice，P，HASH_ac2，IDXK_ac2，ENCRP_ac2，K_ac2(MAC_ac2(DATA₂) ) to the certification authority CA₂And carrying out signature verification.

4.5 authentication center CA₂And verifying the Alice signature.

For example: the signature verification process of embodiment 1 corresponding to the above digital signature generation is: authentication center CA₂According to the Alice identification number ID_AliceAnd key sequence number IDXK_ac2Obtaining a corresponding key K_ac2According to the Hash operation message authentication code algorithm HMAC_ac2Using K_ac2For signature region DATA DATA₂Computing a hash message authentication code HMAC (DATA)₂，K_ac2) And HMAC (DATA) in Alice signature₂，K_ac2) And comparing, if the two are the same, the verification is passed, otherwise, the verification is not passed. Authentication center CA₂And returning the verification result to Bob.

For example: the signature verification process of embodiment 2 corresponding to the above digital signature generation is: authentication center CA₂Performing HASH operation on the DATA in the signature area according to a HASH algorithm HASH to obtain digest information mac (DATA); authentication center CA₂According to the Alice identification number ID_AliceAnd key sequence number IDXK_ac2Obtaining a corresponding key K_ac2According to a symmetric key encryption algorithm ENCRP_ac2Encrypting the digest information MAC (DATA) by K_ac2(MAC (DATA)); authentication center CA₂The obtained encryption result K_ac2(MAC (DATA)) and K in Alice signature_ac2(MAC (DATA)) comparing, if the two are same, the verification is passed, otherwise, the verification is not passed. Authentication center CA₂And returning the verification result to Bob.

For example: the signature verification process of embodiment 3 corresponding to the above digital signature generation is: authentication center CA₂HASH according to a summary algorithm_ac2For signature region DATA DATA₂HASH operation is carried out to obtain summary information MAC_ac2(DATA₂) (ii) a Authentication center CA₂According to the Alice identification number ID_AliceAnd key sequence number IDXK_ac2Obtaining a corresponding key K_ac2According to a symmetric key encryption algorithm ENCRP_ac2For summary information MAC_ac2(DATA₂) Carry out encryption K_ac2(MAC_ac2(DATA₂) ); authentication center CA₂The obtained encryption result K_ac2(MAC_ac2(DATA₂) K in Alice signature_ac2(MAC_ac2(DATA₂) Compare, if the two are the same, the verification is passed, otherwise the verification is not passed. Authentication center CA₂And returning the verification result to Bob.

Referring to fig. 3E, an application scenario diagram of another digital signature verification method is provided in the embodiments of the present invention, wherein a signature receiver Bob obtains an Alice signature, performs digest calculation on data in a signature area, and sends the digest calculation result and the signature to a CA respectively₁And CA₂And (6) verifying.

Example 5:

5.1 the signing receiver Bob obtains the signature of the signing sender Alice.

For example: signature receiver Bob uses K_abDecrypting Alice signatures K_ab-(K_ab(SIG_Alice))；

5.2 the signature receiver Bob calculates the digest of the signature area data according to a digest algorithm.

For example: the signature verification process of embodiment 2 corresponding to the above digital signature generation is: and the signature receiver Bob performs HASH operation on the signature area data according to the digest algorithm HASH to obtain digest information MAC (DATA).

For example: the signature verification process of embodiment 3 corresponding to the above digital signature generation is: signature receiver Bob according to the digest algorithm HASH_ac1For signature region DATA DATA₁HASH operation is carried out to obtain summary information MAC_ac1(DATA₁) (ii) a Signature receiver Bob according to the digest algorithm HASH_ac2For signature region DATA DATA₂HASH operation is carried out to obtain summary information MAC_ac2(DATA₂)。

5.3 signature receiver Bob according to authentication center identification number S_CA1Sending the digest calculation result and the Alice signature data in the step 5.2 to a Certificate Authority (CA)₁And carrying out signature verification.

For example: the signature receiver Bob identifies the number S according to the authentication center_CA1All data of the abstract calculation result and the Alice signature in the step 5.2 are processedSending to a certificate authority CA₁And carrying out signature verification.

For example: the signature receiver Bob identifies the number S according to the authentication center_CA1The abstract calculation result in the step 5.2 and the Alice signature are compared with CA₁The related data is sent to the certification center CA₁And carrying out signature verification.

For example: if the above digital signature generation embodiment 2 is adopted, Bob will calculate the digest mac (data) and Alice signature part data (ID)_Alice，IDXK_ac1，ENCRP_ac1，K_ac1(MAC (DATA)) to the authentication center CA₁And carrying out signature verification.

If the above embodiment 3 of digital signature generation is adopted, Bob calculates the digest result MAC_ac1(DATA₁) And Alice signature part data (ID)_Alice，IDXK_ac1，ENCRP_ac1，K_ac1(MAC _ac1(DATA₁) ) to the certification authority CA₁And carrying out signature verification.

5.4 authentication center CA1 verifies the Alice signature.

For example: the signature verification process of embodiment 2 corresponding to the above digital signature generation is: authentication center CA₁According to the Alice identification number ID_AliceAnd key sequence number IDXK_ac1Obtaining a corresponding key K_ac1According to a symmetric key encryption algorithm ENCRP_ac1Encrypting the digest information MAC (DATA) by K_ac1(MAC(DATA))；

Authentication center CA₁The obtained encryption result K_ac1(MAC (DATA)) and K in Alice signature_ac1(MAC (DATA)) comparing, if the two are same, the verification is passed, otherwise, the verification is not passed. Authentication center CA₁And returning the verification result to Bob.

For example: the signature verification process of embodiment 3 corresponding to the above digital signature generation is: authentication center CA₁According to the Alice identification number ID_AliceAnd key sequence number IDXK_ac1Obtaining a corresponding key K_ac1According to a symmetric key encryption algorithm ENCRP_ac1For summary information MAC_ac1(DATA₁) Carry out encryption K_ac1(MAC_ac1(DATA₁) ); authentication center CA₁The obtained encryption result K_ac1(MAC_ac1(DATA₁) K in Alice signature_ac1(MAC_ac1(DATA₁) Compare, if the two are the same, the verification is passed, otherwise the verification is not passed. Authentication center CA₁And returning the verification result to Bob.

5.5 signature receiver Bob according to authentication center identification number S_CA2Sending the digest calculation result and the Alice signature data in the step 5.2 to a Certificate Authority (CA)₂And carrying out signature verification.

For example: the signature receiver Bob identifies the number S according to the authentication center_CA2All data of the abstract calculation result and the Alice signature are sent to a certification center CA₂And carrying out signature verification.

For example: the signature receiver Bob identifies the number S according to the authentication center_CA2The abstract calculation result and the Alice signature are compared with CA₂The related data is sent to the certification center CA₂And carrying out signature verification.

For example: if the above digital signature generation embodiment 2 is adopted, Bob will calculate the digest mac (data) and Alice signature part data (ID)_Alice，IDXK_ac2，ENCRP_ac2，K_ac2(MAC (DATA)) to the authentication center CA₂And carrying out signature verification.

If the above embodiment 3 of digital signature generation is adopted, Bob calculates the digest result MAC_ac2(DATA₂) And Alice signature part data (ID)_Alice，IDXK_ac2，ENCRP_ac2，K_ac2(MAC_ac2(DATA₂) ) to the certification authority CA₂And carrying out signature verification.

5.6 certificate Authority CA₂And verifying the Alice signature.

For example: the signature verification process of embodiment 2 corresponding to the above digital signature generation is: authentication center CA₂According to the Alice identification number ID_AliceAnd key sequence number IDXK_ac2Obtaining a corresponding key K_ac2According to a symmetric key encryption algorithm ENCRP_ac2To summary informationMAC (DATA) performs encryption K_ac2(MAC (DATA)); authentication center CA₂The obtained encryption result K_ac2(MAC (DATA)) and K in Alice signature_ac2(MAC (DATA)) comparing, if the two are same, the verification is passed, otherwise, the verification is not passed. Authentication center CA₂And returning the verification result to Bob.

For example: the signature verification process of embodiment 3 corresponding to the above digital signature generation is: authentication center CA₂According to the Alice identification number ID_AliceAnd key sequence number IDXK_ac2Obtaining a corresponding key K_ac2According to a symmetric key encryption algorithm ENCRP_ac2For summary information MAC_ac2(DATA₂) Carry out encryption K_ac2(MAC_ac2(DATA₂) ); authentication center CA₂The obtained encryption result K_ac2(MAC_ac2(DATA₂) K in Alice signature_ac2(MAC_ac2(DATA₂) Compare, if the two are the same, the verification is passed, otherwise the verification is not passed. Authentication center CA₂And returning the verification result to Bob.

The embodiment of the invention also provides a computer storage medium, wherein the computer storage medium stores a second computer program; the second computer program, when invoked by the processor, performs the digital signature verification method of the present invention as described in fig. 3A.

The embodiment of the invention also provides a computer storage medium, wherein the computer storage medium stores a third computer program; the third computer program, when invoked by the processor, performs the digital signature verification method of the present invention as described in fig. 3B.

The embodiment of the invention also provides a computer storage medium, wherein the computer storage medium stores a fourth computer program; the fourth computer program, when invoked by the processor, performs the digital signature verification method of the present invention as described in fig. 3C.

Referring to fig. 4, an embodiment of the present invention further provides a digital signature verification terminal, where the digital signature verification terminal 400 includes: a second input 410, a second memory 420, and a second processor 430. The second input terminal 410 is used for inputting digital signature related parameters; the second memory 420 is used for storing a second computer program and the digital signature related parameters; the second processor 430 is communicatively connected to the second memory 420, and executes the digital signature verification method according to the present invention as shown in fig. 3A when the second computer program and the parameters related to the digital signature are called, so as to verify whether the digital signature is valid.

Referring to fig. 5, an embodiment of the present invention further provides a digital signature verification terminal, where the digital signature verification terminal 500 includes: a third input 510, a third memory 520, and a third processor 530. The third input 510 is used for inputting digital signature related parameters; the third memory 520 is used for storing a third computer program and the digital signature related parameters; the third processor 530 is communicatively connected to the third memory 520, and executes the digital signature verification method according to the present invention as shown in fig. 3B when the third computer program and the parameters related to the digital signature are called, so as to verify whether the digital signature is valid.

Referring to fig. 6, an embodiment of the present invention further provides a digital signature verification terminal, where the digital signature verification terminal 600 includes: a fourth input 610, a fourth memory 620, and a fourth processor 630. The fourth input terminal 610 is used for inputting digital signature related parameters; the fourth memory 620 is used for storing a fourth computer program and the digital signature related parameters; the fourth processor 630 is communicatively connected to the fourth memory 620, and executes the digital signature verification method according to fig. 3C when the fourth computer program and the digital signature related parameter are called, so as to verify whether the digital signature is valid.

The digital signature verification terminal of the present invention can implement the digital signature verification method of the present invention, but the implementation apparatus of the digital signature verification method of the present invention includes, but is not limited to, the structure of the digital signature verification terminal described in this embodiment, and all structural modifications and substitutions in the prior art made according to the principle of the present invention are included in the scope of protection of the present invention.

The invention realizes digital signature by using a countersigning mode or a quantum key or a combination mode of the countersigning mode and the quantum key.

The countersigning mode can ensure that only a signing party has a complete digital signature key, a single authentication center only has a partial digital signature key, and the authentication center cannot forge the digital signature of the signing party, so that the safety of the digital signature is further improved.

The quantum key is based on quantum mechanics, the safety of the quantum key is established on the physical characteristics of the inaccurate measurement principle, quantum non-clonable, quantum coherence and the like, and the quantum key is proved to be unconditionally safe, so that the safety of the digital signature is further improved.

The combination of the countersigning mode and the quantum key can fundamentally solve the potential safety hazard of the digital signature based on the public key cryptosystem.

In conclusion, the present invention effectively overcomes various disadvantages of the prior art and has high industrial utilization value.

The foregoing embodiments are merely illustrative of the principles and utilities of the present invention and are not intended to limit the invention. Any person skilled in the art can modify or change the above-mentioned embodiments without departing from the spirit and scope of the present invention. Accordingly, it is intended that all equivalent modifications or changes which can be made by those skilled in the art without departing from the spirit and technical spirit of the present invention be covered by the claims of the present invention.

Claims

1. A digital signature generation method, characterized by comprising:

the signature sender calculates the corresponding signature information to obtain corresponding codes by using keys respectively shared with the multi-party authentication center and algorithms respectively corresponding to the multi-party authentication center; the multi-party authentication center comprises two parties and more than two parties; the corresponding signature information comprises signature data;

and combining the identification number of the signature sender, the signature data, the serial number of the secret key shared by the multiparty authentication center, the identification number of the multiparty authentication center and the corresponding code to generate the digital signature of the signature sender.

2. The digital signature generation method according to claim 1, wherein: the corresponding algorithm is incorporated in the digital signature.

3. The digital signature generation method according to claim 1, wherein: the corresponding algorithm is pre-agreed and is not incorporated in the digital signature.

4. The digital signature generation method according to claim 1, wherein one implementation procedure of the digital signature generation method includes:

the signature sender calculates first signature information by using a first shared key and a first algorithm to obtain a first code;

the signature sender calculates second signature information by using a second shared secret key and a second algorithm to obtain a second code;

combining the identification number of the signature sender, the signature data, the serial number of the first shared key, the provider identification number of the first shared key, the first code, the serial number of the second shared key, the provider identification number of the second shared key and the second code to generate a digital signature of the signature sender; if the first algorithm or/and the second algorithm is/are predetermined, merging or not merging in the digital signature; if the first algorithm or/and the second algorithm is/are not agreed in advance, merging the first algorithm and/or the second algorithm into the digital signature; wherein the provider of the first shared key is a first authentication center of the multi-party authentication centers; the provider of the second shared key is a second one of the multi-party authentication centers.

5. The digital signature generation method according to claim 4, wherein: the first signature information includes first signature area data including an identification number of the signature sender, the signature data, a serial number of the first shared key, a provider identification number of the first shared key, and the first algorithm; the second signature information includes second signature area data, and the second signature area data includes an identifier of the signature sender, the signature data, a serial number of the second shared key, a provider identifier of the second shared key, and the second algorithm.

6. The digital signature generation method according to claim 5, wherein: the first signature information comprises first digest information; the first abstract information is obtained by carrying out abstract calculation on the first signature area data by utilizing a first abstract algorithm; the second signature information comprises second digest information; the second abstract information is obtained by carrying out abstract calculation on the second signature area data by using a second abstract algorithm; if the first abstract algorithm or/and the second abstract algorithm is/are predetermined, merging or not merging in the digital signature; if the first digest algorithm or/and the second digest algorithm is not agreed in advance, the first digest algorithm or/and the second digest algorithm are combined in the digital signature.

7. The digital signature generation method according to claim 4, wherein: the first signature information is the same as the second signature information and is signature information; the signature information comprises summary information; the abstract information is obtained by carrying out abstract calculation on the signature area data by using an abstract algorithm; the signature area data includes an identifier of the sender of the signature, the signature data, the digest algorithm, a serial number of the first shared key, a provider identifier of the first shared key, the first algorithm, a serial number of the second shared key, a provider identifier of the second shared key, and the second algorithm; if the abstract algorithm is predetermined, merging or not merging in the digital signature; if the digest algorithm is not agreed in advance, the digest algorithm is merged into the digital signature.

8. The digital signature generation method according to claim 4, wherein: at least one of the first shared key and the second shared key is a quantum key.

9. The digital signature generation method according to claim 4, wherein: a provider of the first shared key is different from a provider of the second shared key.

10. The digital signature generation method according to claim 4, wherein:

the first shared key is selected from a first set of shared keys; the first shared key set is a key set shared by the first shared key provider and the signature sender; or/and

the second shared key is selected from a second set of shared keys; the second shared key set is a key set shared by the second shared key provider and the signing sender.

11. The digital signature generation method according to any one of claims 4 to 7, wherein an implementation procedure of the digital signature generation method further comprises:

the signature sender calculates third signature information by using a third shared key and a third algorithm to obtain a third code;

the digital signature of the signature sender further comprises a serial number of the third shared key, a provider identification number of the third shared key and the third code; if the third algorithm is predetermined, merging or not merging in the digital signature; if the third algorithm is not agreed in advance, merging the third algorithm into the digital signature; the provider of the third shared key is a third one of the multi-party authentication centers.

12. The digital signature generation method according to claim 11, wherein: the third signature information includes third signature area data, and the third signature area data includes an identifier of the signature sender, the signature data, a serial number of the third shared key, a provider identifier of the third shared key, and the third algorithm.

13. The digital signature generation method according to claim 12, wherein: the third signature information includes third digest information; the third abstract information is obtained by performing abstract calculation on the third signature area data by using a third abstract algorithm; if the third digest algorithm is pre-agreed, merging or not merging in the digital signature; and if the third digest algorithm is not agreed in advance, merging the third digest algorithm into the digital signature.

14. The digital signature generation method according to claim 11, wherein: the third signature information is the same as the first signature information or/and the second signature information and is signature information; the signature information comprises summary information; the abstract information is obtained by carrying out abstract calculation on the signature area data by using an abstract algorithm; the signature area data includes an identifier of the sender of the signature, the signature data, the digest algorithm, a serial number of the third shared key, a provider identifier of the third shared key, the third algorithm, a serial number of the second shared key, a provider identifier of the second shared key, the second algorithm, or/and a serial number of the first shared key, a provider identifier of the first shared key, and the first algorithm; if the abstract algorithm is predetermined, not combining or combining in the digital signature; if the digest algorithm is not agreed in advance, the digest algorithm is merged into the digital signature.

15. The digital signature generation method according to claim 11, wherein: at least one of the first shared secret key, the second shared secret key and the third shared secret key is a quantum secret key.

16. The digital signature generation method according to claim 11, wherein: at least 2 providers of the first shared key, the second shared key, and the third shared key are different.

17. The digital signature generation method according to claim 11, wherein:

the first shared key is selected from a first set of shared keys; the first shared key set is a key set shared by the first shared key provider and the signature sender;

the second shared key is selected from a second set of shared keys; the second shared key set is a key set shared by the second shared key provider and the signature sender; or/and

the third shared key is selected from a third set of shared keys; the third shared key set is a key set shared by the third shared key provider and the signing sender.

18. A computer storage medium, characterized in that: the computer storage medium stores a first computer program; the first computer program, when invoked by a processor, performs a digital signature generation method as claimed in any one of claims 1 to 17.

19. A digital signature generation terminal, comprising:

a first input for inputting digital signature related parameters;

a first memory for storing a first computer program and the digital signature related parameters;

a first processor, communicatively connected to the first memory, for executing the digital signature generation method according to any one of claims 1 to 17 when the first computer program and the digital signature related parameter are invoked, thereby generating a digital signature.

20. A digital signature transmission method, comprising:

a signature sender sends a digital signature generated by the digital signature generation method of any one of claims 1 to 17 to a signature receiver; or

Signature sender using shared secret key K_abTransmitting the encrypted digital signature generated by the digital signature generation method according to any one of claims 1 to 17 to a signature receiver; the shared secret key K_abIs a key shared by the signature sender and the signature receiver.

21. A digital signature verification method, characterized in that the digital signature verification method comprises:

the signature receiver acquires a digital signature of the signature sender; the digital signature of the signature sender comprises: the identification number of the signature sender, the signature data, the serial number of a secret key shared by the multiparty authentication center, the identification number of the multiparty authentication center and a corresponding code; the signature sender calculates corresponding signature information by using keys respectively shared with the multi-party authentication center and algorithms respectively corresponding to the multi-party authentication center to obtain the corresponding codes; the multi-party authentication center comprises two parties and more than two parties; the corresponding signature information includes the signature data;

the signature receiver sends the digital signatures to the multiparty authentication center for verification respectively according to the identification numbers of the multiparty authentication center in the digital signatures, and receives the verification results fed back by the multiparty authentication center;

when the verification results fed back by the multi-party authentication center are all passed, the signature receiver confirms that the digital signature is valid; otherwise, the signature receiver confirms that the digital signature is invalid.

22. A computer storage medium, characterized in that: the computer storage medium stores a second computer program; the second computer program, when invoked by a processor, performs the digital signature verification method of claim 21.

23. A digital signature verification terminal, comprising:

a second input end for inputting digital signature related parameters;

a second memory for storing a second computer program and the digital signature related parameters;

a second processor, communicatively coupled to the second memory, for executing the digital signature verification method of claim 21 when the second computer program and the digital signature related parameter are invoked, to verify whether the digital signature is valid.

24. A digital signature verification method, wherein one implementation of the digital signature verification method comprises:

the signature receiver acquires a digital signature of the signature sender; the digital signature includes: an identification number of a signature sender, signature data, a serial number of a first shared key, a provider identification number of the first shared key, a first code, a serial number of a second shared key, a provider identification number of the second shared key, and a second code; the signature sender utilizes the first shared key and a first algorithm to calculate first signature information to obtain the first code; the signature sender utilizes the second shared secret key and a second algorithm to calculate second signature information to obtain the second code; the first signature information and the second signature information each include the signature data; if the first algorithm or/and the second algorithm is/are predetermined, merging or not merging in the digital signature; if the first algorithm or/and the second algorithm is/are not agreed in advance, merging the first algorithm and/or the second algorithm into the digital signature; wherein the provider of the first shared key is a first authentication center of a multi-party authentication center; the provider of the second shared key is a second authentication center in the multi-party authentication center;

the signature receiving party sends the digital signature to a provider of the first shared key for verification according to the provider identification number of the first shared key in the digital signature, and receives a first verification result fed back by the provider of the first shared key;

the signature receiving party sends the digital signature to a provider of a second shared key for verification according to the provider identification number of the second shared key in the digital signature, and receives a second verification result fed back by the provider of the second shared key;

when the first verification result and the second verification result both pass, the signature receiver confirms that the digital signature is valid; otherwise, the signature receiver confirms that the digital signature is invalid.

25. The digital signature verification method of claim 24, wherein the signature receiver obtains the digital signature of the signature sender by a realization process comprising:

the signature receiver receives the digital signature sent by the signature sender; or

The signature receiver utilizes a shared secret key K_abDecrypting to obtain the digital signature sent by the signature sender; the shared secret key K_abIs a key shared by the signature sender and the signature receiver.

26. The digital signature verification method of claim 24, wherein: one implementation process of the signature receiver sending the digital signature to the provider of the first shared key or the provider of the second shared key for verification includes:

the signature receiver sends all the data of the digital signature to a provider of the first shared secret key or a provider of the second shared secret key for verification; or

And the signature receiver sends the data related to the provider of the first shared key in the digital signature to the provider of the first shared key for verification, or sends the data related to the provider of the second shared key in the digital signature to the provider of the second shared key for verification.

27. The digital signature verification method of claim 24, wherein: one implementation of the first shared key provider to verify the digital signature includes:

the provider of the first shared key obtains the corresponding first shared key according to the identification number of the signature sender in the digital signature and the serial number of the first shared key, and calculates and obtains a first verification code according to the first algorithm, the first signature information and the first shared key;

and the provider of the first shared key compares the first verification code with the first code in the digital signature, if the first verification code is identical with the first code in the digital signature, the provider feeds back a first verification result which passes the verification, and otherwise, the provider feeds back a first verification result which does not pass the verification.

28. The digital signature verification method of claim 24, wherein: one implementation of the second shared key provider to verify the digital signature includes:

the provider of the second shared secret key obtains a corresponding second shared secret key according to the identification number of the signature sender in the digital signature and the serial number of the second shared secret key, and calculates and obtains a second verification code according to the second algorithm, the second signature information and the second shared secret key;

and the provider of the second shared secret key compares the second verification code with the second code in the digital signature, if the second verification code is the same as the second code in the digital signature, the provider feeds back a second verification result which passes the verification, and otherwise, the provider feeds back a second verification result which does not pass the verification.

29. A computer storage medium, characterized in that: the computer storage medium stores a third computer program; the third computer program, when invoked by a processor, performs a digital signature verification method as claimed in any one of claims 24 to 28.

30. A digital signature verification terminal, comprising:

a third input end for inputting digital signature related parameters;

a third memory for storing a third computer program and the digital signature related parameters;

a third processor, communicatively coupled to the third memory, for executing the digital signature verification method according to any one of claims 24 to 28 when the third computer program and the digital signature related parameter are invoked, and verifying whether the digital signature is valid.

31. A digital signature verification method, characterized in that the digital signature verification method comprises:

the signature receiver acquires a digital signature of the signature sender; the digital signature of the signature sender comprises: an identification number of a signature sender, signature data, a serial number of a first shared key, a provider identification number of the first shared key, a first code, a serial number of a second shared key, a provider identification number of the second shared key, a second code, a serial number of a third shared key, a provider identification number of the third shared key, and a third code; the signature sender utilizes the first shared key and a first algorithm to calculate first signature information to obtain the first code; the signature sender utilizes the second shared secret key and a second algorithm to calculate second signature information to obtain the second code; the signature sender utilizes the third shared secret key and a third algorithm to calculate third signature information to obtain the third code; the first signature information, the second signature information, and the third signature information each include the signature data; if the first algorithm, the second algorithm or/and the third algorithm are predetermined, merging or not merging in the digital signature; if the first algorithm, the second algorithm or/and the third algorithm are not agreed in advance, merging the first algorithm, the second algorithm or/and the third algorithm into the digital signature; wherein the provider of the first shared key is a first authentication center of a multi-party authentication center; the provider of the second shared key is a second authentication center in the multi-party authentication center; the provider of the third shared key is a third authentication center in the multi-party authentication center;

the signature receiving party sends the digital signature to a provider of a third shared key for verification according to the provider identification number of the third shared key in the digital signature, and receives a third verification result fed back by the provider of the third shared key;

when the first verification result, the second verification result and the third verification result are both passed, the signature receiver confirms that the digital signature is valid; otherwise, the signature receiver confirms that the digital signature is invalid.

32. The digital signature verification method of claim 31, wherein the signature receiver obtains the digital signature of the signature sender by a process comprising:

33. The digital signature verification method of claim 31, wherein: one implementation process of the signature receiver sending the digital signature to the provider of the first shared key, and the provider of the second shared key or/and the provider of the third shared key performing verification includes:

the signature receiver sends all the data of the digital signature to a provider of the first shared key, and the provider of the second shared key or/and the provider of the third shared key carry out verification; or

And the signature receiver sends the data related to the provider of the first shared key in the digital signature to the provider of the first shared key for verification, or sends the data related to the provider of the second shared key in the digital signature to the provider of the second shared key for verification, or sends the data related to the provider of the third shared key in the digital signature to the provider of the third shared key for verification.

34. The digital signature verification method of claim 31, wherein: one implementation of the first shared key provider to verify the digital signature includes:

35. The digital signature verification method of claim 31, wherein: one implementation of the second shared key provider to verify the digital signature includes:

36. The digital signature verification method of claim 31, wherein: one implementation of the third shared key provider to verify the digital signature includes:

the provider of the third shared key obtains a corresponding third shared key according to the identification number of the signature sender in the digital signature and the serial number of the third shared key, and calculates and obtains a third verification code according to the third algorithm, the third signature information and the third shared key;

and the provider of the third shared key compares the third verification code with the third code in the digital signature, if the third verification code is the same as the third code in the digital signature, the third verification result which passes the verification is fed back, and otherwise, the third verification result which does not pass the verification is fed back.

37. A computer storage medium, characterized in that: the computer storage medium stores a fourth computer program; the fourth computer program, when invoked by a processor, performs the digital signature verification method of any one of claims 31 to 36.

38. A digital signature verification terminal, comprising:

a fourth input end for inputting digital signature related parameters;

a fourth memory for storing a fourth computer program and the digital signature related parameters;

a fourth processor, communicatively coupled to the fourth memory, for executing the digital signature verification method according to any one of claims 31 to 36 when the fourth computer program and the digital signature related parameter are invoked, and verifying whether the digital signature is valid.