CN110247759A - A kind of SM9 private key generates and application method and system - Google Patents

A kind of SM9 private key generates and application method and system Download PDF

Info

Publication number
CN110247759A
CN110247759A CN201910478593.5A CN201910478593A CN110247759A CN 110247759 A CN110247759 A CN 110247759A CN 201910478593 A CN201910478593 A CN 201910478593A CN 110247759 A CN110247759 A CN 110247759A
Authority
CN
China
Prior art keywords
private key
signature
random bytes
mark
bytes string
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910478593.5A
Other languages
Chinese (zh)
Other versions
CN110247759B (en
Inventor
龙毅宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan University of Technology WUT
Original Assignee
Wuhan University of Technology WUT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University of Technology WUT filed Critical Wuhan University of Technology WUT
Priority to CN201910478593.5A priority Critical patent/CN110247759B/en
Publication of CN110247759A publication Critical patent/CN110247759A/en
Application granted granted Critical
Publication of CN110247759B publication Critical patent/CN110247759B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

Invention is the generation of SM9 private key and application method: for user identifier IDAWhen generating corresponding SM9 signature private key, private key generator generates a random bytes string, is incorporated into IDAObtain IDAE;Calculate t1=(H1(IDAE| | hid, n)+s) mod n, n is SM9 bilinear map order of a group, and hid is private key generating function identifier;If t1=0, then random bytes string is regenerated, merging obtains IDAE, calculate t1=(H1(IDAE| | hid, n)+s) mod n, until t1≠0;Then, t is calculated2=s (t1)‑1Mod n, dA=[t2]P1, s is main private key, P1It is crowd G1Generation member;Code component uses the SM9 private key d according to said method generatedAMessage is digitally signed, the ID for incorporating random bytes string is usedAEThe digital signature of message is verified.

Description

A kind of SM9 private key generates and application method and system
Technical field
The invention belongs to field of information security technology, especially a kind of SM9 private key generates and application method and system.
Background technique
SM9 is the id password calculation that bilinear map (pairing operation) is based on by one kind that national Password Management office promulgates Method, bilinear map (pairing operation) therein are as follows:
E:G1×G2→GTWhen, wherein G1、G2It is addition cyclic group, GTIt is a multiplicative cyclic group, G1、G2、GTRank be element Number n (note: in SM9 specification, G1、G2、GTRank be capital N, present patent application uses small letter n), even P, Q, R Respectively G1、G2In member, then e (P, Q) be GTIn member, and:
E (P+R, Q)=e (P, Q) e (R, Q),
E (P, Q+R)=e (P, Q) e (P, R),
E (aP, bQ)=e (P, Q)ab
Digital signature, key exchange and data encryption based on mark are able to achieve based on SM9 cryptographic algorithm.
In SM9 cryptographic algorithm, a user identifier IDAThe corresponding private key for signature is by key generation centre (Key Generation Center, KGC) or private key generate system private key generator (Private Key Generator, PKG it) is calculated as follows to obtain:
Calculate t1=(H1(IDA| | hid, n)+s) mod n, wherein H1It is hashing algorithm specified in SM9 specification, s is main Private key or master key, n G1、G2、GTRank, hid be with the private key generating function identifier of a byte representation, | | indicate word Section string merges, and mod n indicates that (note: the symbol that main private key or master key use in SM9 specification is ks, group to modulus n remainder operation G1、G2、GTThe symbol of rank be N, be slightly different with patent application document);
If t1=0, then it needs to regenerate main private key, calculates and announce Your Majesty's key, and update the private key of existing subscriber;It is no Then, t is calculated2=s (t1)-1Mod n, dA=[t2]P1, wherein (t1)-1It is t1Mould n multiplication it is inverse, P1For group G1Generation member, symbol Number [] indicating multiple members (point) plus operation (scale multiplication is standardized referring to SM9), then dAIt is user identifier IDACorresponding label Name private key.
Here work as t1When=0, if calculating and announcing Your Majesty's key by needing to regenerate main private key described in specification, update user Private key, then, the identity private key of existing user must all be replaced, this will generate very big expense, the time for spending user very much, It is most fearful, once this occurs, from the mark ID that can not generate user's SM9 private keyAIt can easily derive The main private key or master key s used before id password system;If being utilized by malicious person, malicious person can generate it is any he need The identity private key wanted is possible to the signed data for occurring largely forging in this way, than occurring the label of various forgeries if possible Order, contract etc. after name, this harm will be huge.
Although there is t1=0 probability is minimum, and still, in the case where user volume is big, the minimum event of this probability is Entirely possible generation, be minimum, but this pole from the angle of probability just as the thing much got huge rewards in the world Small minimum event but has occurred really.
It should be pointed out that for data deciphering identity private key generation equally will appear the above user identifier private key without Method leads to the problem of and main private key or master key is thus caused surprisingly to be revealed, and still, harm is less than private for signature The case where key, because at this moment, even if malicious person can generate his desired identity private key, but he possibly can not obtain encrypted number According to, therefore, also can not just decrypt acquisition clear data, even and if malicious person obtain encrypted data, and pass through generation Corresponding identity private key decrypted data, this also only causes information leakage, without the order after the signature of forgery, conjunction On an equal basis, damage to property, financial dispute will not be generated.
Summary of the invention
The purpose of the present invention is to propose to a kind of generation of SM9 signature private key, application method and corresponding system, to avoid There is t1Generated various problems when=0, including avoid that main private key need to be regenerated, need to recalculate and disclose Your Majesty Key, needs to update the private key of existing subscriber, and avoids thus revealing various potential problems caused by main private key.
SM9 signature private key generation method proposed by the present invention is specific as follows.
When user terminal private key obtain private key generator from client to server-side (Private Key Generator, PKG) application obtains user identifier IDAWhen corresponding SM9 signature private key, private key generator generates user identifier as follows IDACorresponding signature private key:
A random bytes string E is generated, mark ID is incorporated intoAIn obtain IDAE
Calculate t1=(H1(IDAE| | hid, n)+s) mod n, wherein H1It is (the hash letter of hash function specified in SM9 algorithm Number), s is main private key or master key, and n is group G in SM9 algorithm1、G2、GTRank, hid is generated with the private key of byte representation Function identifier, | | indicate that the byte serial of data merges;
If t1=0, then random bytes string E is regenerated, ID is incorporated intoAIn obtain IDAE, calculate t1=(H1(IDAE|| Hid, n)+s) mod n, until t1≠0;
If t1≠ 0, then calculate t2=S (t1)-1Mod n, dA=[t2]P1, wherein P1It is group G in SM91Generation member;
Private key generator is by the SM9 signature private key d of generationA(or incorporate random bytes string E's with random bytes string E IDAE) return to user terminal private key obtain client;
The private key of user terminal obtains client and saves the SM9 signature private key d returnedA, save the random bytes string E of return (or incorporate the ID of random bytes string EAE), or (or the mark of random bytes string E is incorporated in the random bytes string E of return IDAE) on the basis of form new data;The new data are the data (ratios verified for signature verification or assisted signature It such as, include random bytes string E or IDAEDigital certificate, obtain random bytes string E index information);
The private key acquisition client is one of user terminal for obtaining the program of user's SM9 private key;The private key is raw Growing up to be a useful person is the service system that SM9 identity private key is generated for user;
The random bytes string E, which is known as identifying, limits random bytes string;The ID for incorporating random bytes string EAEReferred to as The mark that random bytes string E is limited;The User IDAItself it is one and does not include (except random bytes string E) other restriction letters The user identifier (such as cell-phone number, E-mail address) of breath or one include (except random bytes string E) other restrictions The user identifier (for example, attached the cell-phone number of time limit, E-mail address) of information.
For above-described SM9 signature private key generation method, the random bytes string E of generation is merged by private key generator Identify IDAIn obtain IDAEMode includes: that random bytes string E is attached to ID by scheduled formatAIn (for example, by random bytes String E is attached to ID in such a way that byte serial mergesAAfterwards, or before random bytes string E plus the bound symbol arranged or divide After symbol, the random bytes string E that added bound symbol or separator is attached to ID in such a way that byte serial mergesAAfterwards etc. Deng).
Based on SM9 signature private key generation method described above, corresponding SM9 private key can be constructed and generate system, system includes The private key generator of server-side and the private key of user terminal obtain client;It is generated when the private key of user terminal obtains client to private key Device request user identifier IDAWhen corresponding SM9 signature private key, private key generator presses SM9 signature private key generation side Method generates user identifier IDACorresponding SM9 signature private key, and client is obtained by private key and is saved.
Application method by the SM9 signature private key of SM9 signature private key generation method described above generation is as follows.
When being digitally signed to message, (signer) code component, which uses, presses SM9 signature private key generation side The SM9 signature private key d that method generatesAMessage is digitally signed;
When the digital signature to message is verified, (authentication) code component using it is described incorporate (or comprising Have) the mark ID of random bytes string EAE(with IDAEAs public key) digital signature of message is verified.
It is used by SM9 signature private key application method described above and presses the above SM9 private key generation method SM9 generated Signature private key is digitally signed message, needs to solve the problems, such as one, the code component for how allowing to carry out signature verification obtains Obtain the mark ID that random bytes string E is incorporated needed for signature verificationAEIt is three kinds of possible modes (being not all of) below.
Mode one:
Code component uses SM9 signature private key dAThe data of rear signature generated are digitally signed to message Include mark restriction random bytes string E in (Signed Data), or includes the mark ID that random bytes string E is limitedAE (being put by code component or other assemblies);And the signature value (Signature in data of the code component to signature Value, signature value are most basic digital signature data, i.e., usually said digital signature) verified before, code component or The mark that other assemblies are inserted before first obtaining out from the data of signature limits random bytes string E, then marks it with user Know IDAMerge and obtains the mark ID of random bytes string E restrictionAEOr code component or other assemblies elder generation are from the data of signature The mark ID that the random bytes string E inserted before directly obtaining is limitedAE;ID is identified obtainingAEAfterwards, code component uses IDAEIt is right Signature value (i.e. digital signature) in the data of signature is verified (data SignedData and signature value about signature Relationship between Signature Value, can refer to PKCS#7);The other assemblies refer to the program except code component.
This usage mode is accomplished consistent with the usage mode of existing SM9 signature private key in the data plane of signature.
Mode two:
When being digitally signed to message, mark is limited random bytes string E as filling or additional number by code component According to filling or be attached to using user's SM9 signature private key dACarry out (i.e. signature operation in obtained signature value after signature operation In obtained most basic digital signature data);And when the digital signature to message is verified, code component is from signature value Filling or additional data in obtain mark and limit random bytes string E, the mark of acquisition is then limited into random bytes string E and is merged To user identifier IDAIn, obtain the mark ID of random bytes string E restrictionAE, then use IDAETo having removed filling or additional number According to signature value (i.e. digital signature) verified;The other assemblies refer to the program except code component.
This usage mode accomplishes signature value level, i.e., most basic crypto module level (for example, WindowS CSP, PKCS#11 module), it is consistent with the usage mode of existing SM9 signature private key.
Mode three:
When being digitally signed to message, code component or other assemblies will acquire the mark that random bytes string E is limited IDAEIndex information be put into using SM9 signature private key dAMessage sign the data (Signed of signature generated Data) or in signature value (Signature Value), and when the digital signature to message carries out signature verification, code component Or other assemblies first obtain ID from the data or signature value of signatureAEIndex information, then obtained using index information random The ID that byte serial E is limitedAE(such as from an information database, medium from the data information published), then using obtaining IDAEThe digital signature of message is verified;The other assemblies refer to the program except code component.
This usage mode accomplishes data or signature value or application and existing SM9 signature private key in signature Usage mode is consistent.
Based on SM9 signature private key generation method described above and SM9 signature private key application method, corresponding SM9 can be constructed Cryptographic system, system include that SM9 private key generates system and code component, and SM9 private key generates the private that system includes server-side The private key of key generator and user terminal obtains client;
When the private key of user terminal obtains client to private key generator request user identifier IDACorresponding SM9 label When name private key, private key generator generates user identifier ID by aforementioned SM9 signature private key generation methodACorresponding SM9 signs private Key obtains client by private key and saves;
When being digitally signed to message, (signer) code component presses the SM9 signature private key application method pair Message is digitally signed;
When the digital signature to message is verified, (authentication) code component is used by the SM9 signature private key Signature verification mode described in method verifies the digital signature of message.
It can be seen that, based on SM9 signature private key generation method of the invention and system, generating user's mark from the above description Know private key IDACorresponding private key dADuring, even if there is t1=0 the case where, without regenerating main private key, nothing Your Majesty's key need to be recalculated and announce, without updating the private key of existing subscriber, and the external world does not know to have said such case yet, from And it avoids said before working as and t occurs1Generated various problems when=0 the case where;And it establishes and signs in SM9 of the invention SM9 signature private key application method on the basis of private key generation method, the usage mode of SM9 signature private key and common SM9 sign The usage mode of private key does not have the difference of essence, and generates and application method institute according to based on SM9 signature private key of the invention The cryptographic system of building, digital signature applications program can carry out number to message as the mode usually using SM9 signature private key Signature carries out signature verification to the digital signature of message.
Detailed description of the invention
Fig. 1 is SM9 signature private key acquisition of the invention, product process
Fig. 2 is to generate system using the SM9 signature private key of SM9 signature private key generation method of the present invention
Fig. 3 is the SM9 cryptographic system using SM9 signature private key of the present invention generation, application method
Specific embodiment
The present invention will be further described with reference to the examples below.Following embodiment does not represent all possible implementation Example, it is not as a limitation of the invention.
Embodiment 1,
In the present embodiment, as shown in Figure 1, obtaining use to private key generator application when the private key of user terminal obtains client Family identifies IDAWhen corresponding SM9 signature private key, private key generator generates a random bytes string E, is incorporated into mark IDA In obtain IDAE;Calculate t1=(H1(IDAE| | hid, n)+s) mod n, wherein n is group G in SM9 algorithm1、G2、GTRank, hid is With the private key generating function identifier (being standardized referring to SM9) of a byte representation;If t1=0, then regenerate random bytes string E is incorporated into IDAIn obtain mark IDAE, calculate t1=(H1(IDAE| | hid, n)+s) mod n, until t1≠ 0, wherein s be Main private key or master key;If t1≠ 0, calculate t2=s (t1)-1Mod n, dA=[t2]P1, wherein P1It is group G in SM91Generation Member;Private key generator is by the signature private key d of generationAWith random bytes string E (or random bytes string E limit mark IDAE) return Client is obtained to the private key of user terminal;The private key of user terminal obtains client and saves the SM9 signature private key d returnedA, preservation returns Return random bytes string E (or random bytes string E limit mark IDAE), or in random bytes string E (or the random words of return The mark ID that section string E is limitedAE) on the basis of form new data, for example, including random bytes string E or IDAEDigital certificate, Obtain the index information of random bytes string E.
In this embodiment, the random bytes string E of generation is merged into mark ID by private key generatorAIn obtain by random words The ID that section string E is limitedAEMode it is as follows:
Random bytes string E is attached to ID by scheduled formatAIn, for example, directly random bytes string E is closed by byte serial And mode be attached to IDAAfterwards, or before random bytes string E the bound symbol or separator of agreement are added, for example is accorded with Number ' # ' or, | ' or ' % ' then will added the random bytes string E of bound symbol or separator in such a way that byte serial merges It is attached to IDAAfterwards, if for example, user identifier IDAIt is user@example.com, and the random bytes generated when private key generation The E that goes here and there is 3Ayu75Xy8, then IDAEIt may is that
User@example.com#3Ayu75Xy8,
Or, user@example.com | 3Ayu75Xy8,
Or, user@example.com%3Ayu75Xy8.
For another example, if user identifier IDAIt is the mark limited plus Time Validity: user@example.com | [2019:05:01-2019:0801],
And private key when generating the random bytes string E that generates be 3Ayu75Xy8, then IDAEIt may is that
User@example.com | [2019:05:01-2019:0801] #3Ayu75Xy8,
Or, user@example.com | [2019:05:01-2019:0801] | 3Ayu75Xy8,
Or, user@example.com | [2019:05:01-2019:0801] %3Ayu75Xy8.
Embodiment 2
This embodiment is that the SM9 private key based on SM9 signature private key generation method of the invention generates system, such as Fig. 2 Shown, this private key generates the private key generator that system includes server-side and the private key of user terminal obtains client;When user terminal Private key obtains client to private key generator request user identifier IDAWhen corresponding SM9 signature private key, private key generator User identifier ID is generated by SM9 signature private key generation method of the inventionACorresponding SM9 signature private key obtains visitor by private key Family end saves.
A key for implementing SM9 signature private key application method of the invention how is readily obtained in signature verification The mark ID that random word string limitsEA, the following examples 3,4,5 give the three of SM9 signature private key application method of the invention Kind possible embodiment (but being not all of).
Embodiment 3
This embodiment is to be counted using the SM9 signature private key generated by aforementioned SM9 signature private key generation method to message The application of word signature, specifically:
When being digitally signed to message, (signer) code component, which uses, presses SM9 signature private key generation side The SM9 signature private key d that method generatesAMessage is digitally signed;
When the digital signature to message is verified, (authentication) code component using it is described incorporate (or comprising Have) the mark ID of random bytes string EAE(with IDAEAs public key) digital signature of message is verified.
In order to enable the code component for carrying out signature verification obtains the mark for incorporating random bytes string E needed for signature verification Know IDAE, code component use SM9 signature private key dAData (the Signed of rear signature generated is digitally signed to message It Data include that mark limits the mark ID that random bytes string E or random bytes string E is limited in)AE(by code component or other groups Part is put into);And (Signature Value, signature value are most basic numbers to the signature value in data of the code component to signature Word signed data, i.e., usually said digital signature) verified before, code component or other assemblies are first from the data of signature The mark inserted before obtaining out limits random bytes string E, then by itself and user identifier IDAMerging obtains random bytes string E The mark ID of restrictionAEOr code component or other assemblies first directly obtain the random words inserted before from the data of signature The mark ID that section string E is limitedAE;ID is identified obtainingAEAfterwards, code component uses IDAE(i.e. to the signature value in the data of signature Digital signature) verified (about the data of signature, SignedData and signature value, Signature Value, between pass System, can refer to PKCS#7);The other assemblies refer to the program except code component.
Embodiment 4,
This embodiment is also to be carried out using the SM9 signature private key generated by aforementioned SM9 signature private key generation method to message The application of digital signature, specifically:
When being digitally signed to message, (signer) code component, which uses, presses SM9 signature private key generation side The SM9 signature private key d that method generatesAMessage is digitally signed;
When the digital signature to message is verified, (authentication) code component using it is described incorporate (or comprising Have) the mark ID of random bytes string EAE(with IDAEAs public key) digital signature of message is verified.
In order to enable the code component for carrying out signature verification obtains the mark for incorporating random bytes string E needed for signature verification Know IDAE, when being digitally signed to message, mark is limited random bytes string E as filling or additional data by code component It fills or is attached to using user's SM9 signature private key dACarry out after signature operation (i.e. signature operation shape in obtained signature value At most basic digital signature data in);And when the digital signature to message is verified, code component is from signature value Mark is obtained in filling or additional data and limits random bytes string E, and the mark of acquisition is then limited into random bytes string E and is merged into User identifier IDAIn, obtain the mark ID of random bytes string E restrictionAE, then use IDAETo having removed filling or additional data Signature value (i.e. digital signature) verified;The other assemblies refer to the program except code component.
Embodiment 5,
This embodiment is also to be carried out using the SM9 signature private key generated by aforementioned SM9 signature private key generation method to message The application of digital signature, specifically:
When being digitally signed to message, (signer) code component, which uses, presses SM9 signature private key generation side The SM9 signature private key d that method generatesAMessage is digitally signed;
When the digital signature to message is verified, (authentication) code component using it is described incorporate (or comprising Have) the mark ID of random bytes string EAE(with IDAEAs public key) digital signature of message is verified.
In order to enable the code component for carrying out signature verification obtains the mark for incorporating random bytes string E needed for signature verification Know IDAE, when being digitally signed to message, code component or other assemblies will acquire the mark that random bytes string E is limited IDAEIndex information be put into using SM9 signature private key dAMessage sign the data of signature generated (SignedData) close or in signature value (Signature Value), and when the digital signature to message carries out signature verification Code character part or other assemblies obtain ID from the data or signature value of signatureAEIndex information, then using index information obtain The ID that random bytes string E is limitedAE(such as from an information database, medium from the data information published), then utilizes The ID of acquisitionAESignature verification is carried out to the digital signature of message;The other assemblies refer to the program except code component.
Embodiment 6,
This embodiment is one based on SM9 signature private key generation method of the invention, SM9 signature private key application method SM9 cryptographic system, as shown in figure 3, system includes that SM9 private key generates system and code component, and SM9 private key generates system packet The private key of the private key generator and user terminal that include server-side obtains client;Digital signature applications program is by calling code component It is digitally signed and signature verification operations;It is marked when the private key of user terminal obtains client to private key generator request user Know IDAWhen corresponding SM9 signature private key, private key generator generates user identifier ID by aforementioned SM9 signature private key generation methodA Corresponding SM9 signature private key obtains client by private key and saves;When being digitally signed to message, (signer) is close Code character part is digitally signed message by aforementioned SM9 signature private key application method;When the digital signature to message is verified When, (authentication) code component is by signature verification mode described in aforementioned SM9 signature private key application method to the number of message Word signature is verified.
Other unaccounted particular techniques are implemented, and are it is well known that not saying certainly for those skilled in the relevant art Bright.

Claims (8)

1. a kind of SM9 signature private key generation method, it is characterized in that:
User identifier ID is obtained to the private key generator application of server-side when the private key of user terminal obtains clientACorresponding SM9 When signature private key, private key generator generates user identifier ID as followsACorresponding signature private key:
A random bytes string E is generated, mark ID is incorporated intoAIn obtain IDAE
Calculate t1=(H1(IDAE| | hid, n)+s) mod n, wherein H1It is hash function specified in SM9 algorithm, s is main private key Or master key, n are group G in SM9 algorithm1、G2、GTRank, hid be with the private key generating function identifier of a byte representation, | | Indicate that the byte serial of data merges;
If t1=0, then random bytes string E is regenerated, ID is incorporated intoAIn obtain IDAE, calculate t1=(H1(IDAE| | hid, N)+s) mod n, until t1≠0;
If t1≠ 0, then calculate t2=s (t1)-1Mod n, dA=[t2]P1, wherein P1It is group G in SM91Generation member;
Private key generator is by the SM9 signature private key d of generationAClient is obtained with the random bytes string E private key for returning to user terminal;
The private key of user terminal obtains client and saves the SM9 signature private key d returnedA, save random bytes the string E, Huo Zhe of return New data are formed on the basis of the random bytes string E of return;The new data are for signature verification or assisted signature The data of verifying;
The private key acquisition client is one of user terminal for obtaining the program of user's SM9 private key;The private key generator It is the service system that SM9 identity private key is generated for user;
The random bytes string E, which is known as identifying, limits random bytes string;The ID for incorporating random bytes string EAEIt is referred to as random The mark that byte serial E is limited;The User IDAIt itself is the user identifier or one for not including other prescribed informations A user identifier comprising other prescribed informations.
2. SM9 signature private key generation method according to claim 1, it is characterized in that:
The random bytes string E of generation is merged into mark ID by private key generatorAIn obtain IDAEMode includes: by scheduled format Random bytes string E is attached to IDAIn.
3. a kind of SM9 private key based on SM9 signature private key generation method as claimed in claim 1 or 2 generates system, it is characterized in that:
The private key generates the private key generator that system includes server-side and the private key of user terminal obtains client;When user terminal Private key obtains client to private key generator request user identifier IDAWhen corresponding SM9 signature private key, private key generator User identifier ID is generated by the SM9 signature private key generation methodACorresponding SM9 signature private key, and client is obtained by private key End saves.
4. a kind of SM9 signature private key application method based on SM9 signature private key generation method described in claim 1, it is characterized in that:
When being digitally signed to message, code component is used signs by the SM9 that the SM9 signature private key generation method generates Private key dAMessage is digitally signed;
When the digital signature to message is verified, code component uses the mark ID for incorporating random bytes string EAEIt is right The digital signature of message is verified.
5. SM9 signature private key application method according to claim 4, it is characterized in that: allowing to carry out the password of signature verification Component obtains the mark ID that random bytes string E is incorporated needed for signature verificationAEA kind of method it is as follows:
Code component uses SM9 signature private key dABeing digitally signed in the data of rear signature generated to message includes mark Know and limit random bytes string E, or includes the mark ID that random bytes string E is limitedAE;And in code component to the data of signature In signature value verified before, mark limit that code component or other assemblies are inserted before first obtaining out from the data of signature Random bytes string E is determined, then by itself and user identifier IDAMerge and obtains the mark ID of random bytes string E restrictionAEOr password The mark ID that the random bytes string E that component or other assemblies are inserted before first directly obtaining from the data of signature is limitedAE;It is obtaining ID must be identifiedAEAfterwards, code component uses IDAESignature value in the data of signature is verified;The other assemblies refer to close Program except code character part.
6. SM9 signature private key application method according to claim 4, it is characterized in that: allowing to carry out the password of signature verification Component obtains the mark ID that random bytes string E is incorporated needed for signature verificationAEA kind of method it is as follows:
When being digitally signed to message, mark is limited random bytes string E as filling or additional data and filled out by code component It fills or is attached to using user's SM9 signature private key dAIt carries out after signature operation in obtained signature value;And in the number to message When word signature is verified, code component obtains mark from the filling of signature value or additional data and limits random bytes string E, so The mark of acquisition is limited into random bytes string E afterwards and is merged into user identifier IDAIn, obtain the mark of random bytes string E restriction IDAE, then use IDAEThe signature value for having removed filling or additional data is verified;The other assemblies refer to cipher code set Program except part.
7. SM9 signature private key application method according to claim 4, it is characterized in that: allowing to carry out the password of signature verification Component obtains the mark ID that random bytes string E is incorporated needed for signature verificationAEA kind of method it is as follows:
When being digitally signed to message, code component or other assemblies will acquire the mark ID that random bytes string E is limitedAE's Index information is put into using SM9 signature private key dAMessage sign signature generated data or signature value in, and When carrying out signature verification to the digital signature of message, code component or other assemblies are first obtained from the data or signature value of signature IDAEIndex information, then using index information obtain random bytes string E limit IDAE, then utilize the ID obtainedAEIt offsets The digital signature of breath is verified;The other assemblies refer to the program except code component.
8. a kind of SM9 cryptographic system based on SM9 signature private key application method described in any one of claim 4-7, feature It is:
The SM9 cryptographic system includes that SM9 private key generates system and code component, and it includes service that SM9 private key, which generates system, The private key generator at end and the private key of user terminal obtain client;
When the private key of user terminal obtains client to private key generator request user identifier IDACorresponding SM9 signature private key When, private key generator generates user identifier ID by aforementioned SM9 signature private key generation methodACorresponding SM9 signature private key, by private Key obtains client and saves;
When being digitally signed to message, code component carries out digital label to message by the SM9 signature private key application method Name;
When the digital signature to message is verified, code component is by label described in the SM9 signature private key application method Name verification mode verifies the digital signature of message.
CN201910478593.5A 2019-06-03 2019-06-03 SM9 private key generation and use method and system Active CN110247759B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910478593.5A CN110247759B (en) 2019-06-03 2019-06-03 SM9 private key generation and use method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910478593.5A CN110247759B (en) 2019-06-03 2019-06-03 SM9 private key generation and use method and system

Publications (2)

Publication Number Publication Date
CN110247759A true CN110247759A (en) 2019-09-17
CN110247759B CN110247759B (en) 2020-07-10

Family

ID=67885881

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910478593.5A Active CN110247759B (en) 2019-06-03 2019-06-03 SM9 private key generation and use method and system

Country Status (1)

Country Link
CN (1) CN110247759B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111064564A (en) * 2019-12-31 2020-04-24 武汉理工大学 SM9 signature private key generation and digital signature method, system and device
CN111082932A (en) * 2019-12-25 2020-04-28 武汉理工大学 Anti-repudiation identification private key generation and digital signature method, system and device
CN111262691A (en) * 2020-01-07 2020-06-09 武汉理工大学 Identification private key generation and use method, system and device based on hybrid master key
CN111866547A (en) * 2020-07-30 2020-10-30 北京万协通信息技术有限公司 Novel video tamper-proofing method
CN115174100A (en) * 2022-06-21 2022-10-11 武汉理工大学 Password processing method and system for gPRC data

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR914757A (en) * 1944-11-10 1946-10-17 Ericsson Telefon Ab L M Device for disconnecting false calls in automatic telephony
CN104753917A (en) * 2013-12-30 2015-07-01 三星Sds株式会社 System and method for identity-based key management
CN107395368A (en) * 2017-08-18 2017-11-24 北京无字天书科技有限公司 Without the digital signature method in media environment and solution encapsulating method and decryption method
CN107566128A (en) * 2017-10-10 2018-01-09 武汉大学 A kind of two side's distribution SM9 digital signature generation methods and system
CN107579819A (en) * 2017-09-13 2018-01-12 何德彪 A kind of SM9 digital signature generation method and system
CN107819585A (en) * 2017-11-17 2018-03-20 武汉理工大学 SM9 digital signature cooperates with generation method and system
CN107864037A (en) * 2017-10-25 2018-03-30 深圳奥联信息安全技术有限公司 SM9 Combination with Digital endorsement method and device
CN108259179A (en) * 2016-12-29 2018-07-06 航天信息股份有限公司 A kind of encryption-decryption coprocessor and its operation method based on SM9 id password algorithms
CN108418686A (en) * 2017-11-23 2018-08-17 矩阵元技术(深圳)有限公司 A kind of how distributed SM9 decryption methods and medium and key generation method
CN108551392A (en) * 2018-04-13 2018-09-18 武汉大学 A kind of Proxy Signature generation method and system based on SM9 digital signature
CN109361519A (en) * 2018-12-07 2019-02-19 武汉理工大学 A kind of improved generation method and system comprising secret number

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR914757A (en) * 1944-11-10 1946-10-17 Ericsson Telefon Ab L M Device for disconnecting false calls in automatic telephony
CN104753917A (en) * 2013-12-30 2015-07-01 三星Sds株式会社 System and method for identity-based key management
CN108259179A (en) * 2016-12-29 2018-07-06 航天信息股份有限公司 A kind of encryption-decryption coprocessor and its operation method based on SM9 id password algorithms
CN107395368A (en) * 2017-08-18 2017-11-24 北京无字天书科技有限公司 Without the digital signature method in media environment and solution encapsulating method and decryption method
CN107579819A (en) * 2017-09-13 2018-01-12 何德彪 A kind of SM9 digital signature generation method and system
CN107566128A (en) * 2017-10-10 2018-01-09 武汉大学 A kind of two side's distribution SM9 digital signature generation methods and system
CN107864037A (en) * 2017-10-25 2018-03-30 深圳奥联信息安全技术有限公司 SM9 Combination with Digital endorsement method and device
CN107819585A (en) * 2017-11-17 2018-03-20 武汉理工大学 SM9 digital signature cooperates with generation method and system
CN108418686A (en) * 2017-11-23 2018-08-17 矩阵元技术(深圳)有限公司 A kind of how distributed SM9 decryption methods and medium and key generation method
CN108551392A (en) * 2018-04-13 2018-09-18 武汉大学 A kind of Proxy Signature generation method and system based on SM9 digital signature
CN109361519A (en) * 2018-12-07 2019-02-19 武汉理工大学 A kind of improved generation method and system comprising secret number

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
袁峰: ""SM9标识密码算法综述"", 《信息安全研究》 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111082932A (en) * 2019-12-25 2020-04-28 武汉理工大学 Anti-repudiation identification private key generation and digital signature method, system and device
CN111082932B (en) * 2019-12-25 2023-03-28 武汉理工大学 Anti-repudiation identification private key generation and digital signature method, system and device
CN111064564A (en) * 2019-12-31 2020-04-24 武汉理工大学 SM9 signature private key generation and digital signature method, system and device
CN111064564B (en) * 2019-12-31 2023-03-28 武汉理工大学 SM9 signature private key generation and digital signature method, system and device
CN111262691A (en) * 2020-01-07 2020-06-09 武汉理工大学 Identification private key generation and use method, system and device based on hybrid master key
CN111262691B (en) * 2020-01-07 2023-04-25 武汉理工大学 Identification private key generation and use method, system and device based on mixed master key
CN111866547A (en) * 2020-07-30 2020-10-30 北京万协通信息技术有限公司 Novel video tamper-proofing method
CN115174100A (en) * 2022-06-21 2022-10-11 武汉理工大学 Password processing method and system for gPRC data
CN115174100B (en) * 2022-06-21 2024-04-12 武汉理工大学 Password processing method and system for gRPC data

Also Published As

Publication number Publication date
CN110247759B (en) 2020-07-10

Similar Documents

Publication Publication Date Title
CN110247759A (en) A kind of SM9 private key generates and application method and system
CN107579819B (en) A kind of SM9 digital signature generation method and system
CN103490901B (en) Key based on combination key system generates and distribution method
CN108809658A (en) A kind of digital signature method and system of the identity base based on SM2
CN107196966A (en) The identity identifying method and system of multi-party trust based on block chain
EP2372948A1 (en) Method, device, and system for an identity-based forward-secure digital signature
CN111010272B (en) Identification private key generation and digital signature method, system and device
CN109003083A (en) A kind of ca authentication method, apparatus and electronic equipment based on block chain
EP2285040A1 (en) Two-factor combined public key generation and authentication method
CN112311538B (en) Identity verification method, device, storage medium and equipment
CN107707358A (en) A kind of EC KCDSA digital signature generation method and system
CN113067823B (en) Mail user identity authentication and key distribution method, system, device and medium
CN106899413B (en) Digital signature verification method and system
CN105978695A (en) Batch self-auditing method for cloud storage data
CN108881279B (en) Mobile health medical sensor data privacy protection method
CN104753680A (en) Privacy protection and authentication method in vehicle-mounted self-organizing network
CN108551435B (en) Verifiable encryption group signature method with anonymity
CN110138567A (en) A kind of collaboration endorsement method based on ECDSA
CN111984959B (en) Anonymous information publishing and verifying method and device
JP2015501110A (en) Group encryption method and device
CN108768975A (en) Support the data integrity verification method of key updating and third party's secret protection
CN116566626B (en) Ring signature method and apparatus
CN103634788A (en) Certificateless multi-proxy signcryption method with forward secrecy
CN109245899A (en) One kind being based on the novel trust chain design method of SM9 cryptographic algorithm
CN111541666A (en) Certificateless cloud end data integrity auditing method with privacy protection function

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant