CN110247759B - SM9 private key generation and use method and system - Google Patents

SM9 private key generation and use method and system Download PDF

Info

Publication number
CN110247759B
CN110247759B CN201910478593.5A CN201910478593A CN110247759B CN 110247759 B CN110247759 B CN 110247759B CN 201910478593 A CN201910478593 A CN 201910478593A CN 110247759 B CN110247759 B CN 110247759B
Authority
CN
China
Prior art keywords
private key
signature
identification
byte string
random byte
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910478593.5A
Other languages
Chinese (zh)
Other versions
CN110247759A (en
Inventor
龙毅宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan University of Technology WUT
Original Assignee
Wuhan University of Technology WUT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University of Technology WUT filed Critical Wuhan University of Technology WUT
Priority to CN201910478593.5A priority Critical patent/CN110247759B/en
Publication of CN110247759A publication Critical patent/CN110247759A/en
Application granted granted Critical
Publication of CN110247759B publication Critical patent/CN110247759B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a method for generating and using an SM9 private key, which comprises the following steps: identify ID for userAWhen generating the corresponding SM9 signature private key, the private key generator generates a random byte string that is incorporated into the IDAGet IDAE(ii) a Calculating t1=(H1(IDAE| hid, n) + s) mod n, n being the order of the SM9 bilinear mapping group, hid being the private key generating function identifier; if t1When the value is 0, the random byte string is regenerated and combined to obtain IDAECalculating t1=(H1(IDAE| hid, n) + s) mod n until t1Not equal to 0; then, t is calculated2=s(t1)‑1mod n,dA=[t2]P1S is the master private key, P1Is a group G1A generator of (2); the cryptographic component uses the SM9 private key d generated in this wayADigitally signing the message using the ID incorporating the random byte stringAEThe digital signature of the message is verified.

Description

SM9 private key generation and use method and system
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a method and a system for generating and using an SM9 private key.
Background
SM9 is an identification cryptographic algorithm issued by the national crypto authority based on bilinear mapping (pairing operation), wherein the bilinear mapping (pairing operation) is:
e:G1×G2→GTin which G is1、G2Is an additive cyclic group, GTIs a multiplication loop group, G1、G2、GTIs a prime number n (note: in the SM9 specification, G1、G2、GTThe order of (A) is given by the capital letter N, and the present application uses the lower case N), i.e. if P, Q, R are each G1、G2In (b), e (P, Q) is GTAnd:
e(P+R,Q)=e(P,Q)e(R,Q),
e(P,Q+R)=e(P,Q)e(P,R),
e(aP,bQ)=e(P,Q)ab
the SM 9-based cryptographic algorithm can realize digital signature based on identification, key exchange and data encryption.
In the SM9 cryptographic algorithm, a user identification IDAThe corresponding Private Key for signature is calculated by a Key Generation Center (KGC) or a Private Key Generator (Private Key Generator, PKG) of a Private Key Generation system as follows:
calculating t1=(H1(IDA||hid,n)+s) mod n, where H1Is the hashing algorithm specified in the SM9 specification, s is the master private or master key, and n is G1、G2、GTThe order of (1), hid, is the private key generating function identifier expressed in terms of one byte, | | represents the byte string merging, mod n represents the modulo n remainder operation (note: the notation used by the master private key or master key in the SM9 specification is ks, group G1、G2、GTThe order of (a) is denoted by the symbol N, which is slightly different from the present patent application);
if t1If 0, the main private key needs to be regenerated, the main public key is calculated and published, and the existing private key of the user is updated; otherwise, calculate t2=s(t1)-1mod n,dA=[t2]P1Wherein (t)1)-1Is t1Modulo n multiplication inverse of, P1Is a group G1The generator of (1), symbol [, ]]An addition operation (multiplication of numbers, see SM9 specification) representing a plurality of elements (points), then dAIs a user identification IDAThe corresponding private signature key.
Here when t is1When the private key is 0, if the master private key needs to be regenerated according to the specification, the master public key is calculated and published, and the private key of the user is updated, the identification private key of the existing user needs to be replaced, which causes great expense, takes much time for the user, and most terrible, once the situation occurs, the identification ID of the private key of the user SM9 cannot be generatedAA master private or master key s, which identifies the previous use of the cryptosystem, can be easily derived; if the signature is utilized by a malicious person, the malicious person can generate any identification private key required by the malicious person, so that a large amount of forged signature data, such as various forged signed orders, contracts and the like, can appear, and the harm is huge.
Although t appears1The probability of 0 is extremely small, but in the case of a large number of users, the event with extremely small probability is quite likely to occur, like many huge prizes in the world, and is extremely small from the viewpoint of probability, but the event with extremely small probability does occur.
It should be noted that, the generation of the identification private key for data decryption also has the problem that the user identification private key cannot be generated and the main private key or the main secret key is accidentally revealed, but the harm is less than that of the signature private key, because even though a malicious person can generate the identification private key desired by the malicious person, the malicious person may not obtain the encrypted data, and thus, the malicious person cannot decrypt and obtain the plaintext data, and even though the malicious person obtains the encrypted data and decrypts the data by generating the corresponding identification private key, only information is revealed, and forged signed orders, contracts and the like cannot be generated, and property loss and financial dispute cannot be generated.
Disclosure of Invention
The invention aims to provide a method for generating and using an SM9 signature private key and a corresponding system, so as to avoid the occurrence of t1Various problems arise when 0, including avoiding the need to recreate the master private key, the need to recalculate and publish the master public key, the need to update the existing user's private key, and the potential problems that arise from revealing the master private key.
The method for generating the SM9 signature private key provided by the invention is concretely as follows.
When a Private Key acquisition client of a user side applies for acquiring a user Identification (ID) from a Private Key Generator (PKG) of a server sideAWhen the corresponding SM9 signs the private key, the private key generator generates the user identification ID as followsAThe corresponding signature private key:
a random byte string E is generated and incorporated into the identification IDATo obtain IDAE
Calculating t1=(H1(IDAE| hid, n) + s) mod n, where H1Is a hash function (hash function) specified in the SM9 algorithm, s is the master private or master key, and n is the group G in the SM9 algorithm1、G2、GTThe order of (1), hid, is a private key generation function identifier expressed by one byte, | | | represents the byte string combination of data;
if t1If 0, the random byte string E is regenerated and incorporated into the IDATo obtain IDAECalculating t1=(H1(IDAE| hid, n) + s) mod n until t1≠0;
If t1Not equal to 0, then t is calculated2=s(t1)-1mod n,dA=[t2]P1In which P is1Is group G in SM91A generator of (2);
the private key generator signs the generated SM9 with the private key dAAnd a random byte string E (or an ID incorporating the random byte string E)AE) The private key returned to the user side is obtained by the client side;
private key acquisition client of user side saves returned SM9 signature private key dAThe returned random byte string E (or the ID incorporating the random byte string E) is savedAE) Or in the returned random byte string E (or the ID combined with the random byte string E)AE) Forming new data on the basis of the data; the new data is data used for signature verification or for assisting signature verification (e.g. containing a random byte string E or ID)AEThe index information of the random byte string E is obtained);
the private key obtaining client is a program of a user side for obtaining a private key of a user SM 9; the private key generator is a service system that generates an SM9 identification private key for a user;
the random byte string E is called an identification limited random byte string; the ID incorporating the random byte string EAEAn identity defined by a string of bytes referred to as random E; the user IDAThe user identification (such as a mobile phone number and an email address) which does not contain other limited information (except the random byte string E) or the user identification (such as a mobile phone number and an email address which are added with time limit) which contains other limited information (except the random byte string E).
For the SM9 signature private key generation method described above, the private key generator incorporates the generated random byte string E into the identification IDATo obtain IDAEThe method comprises the following steps: appending a random byte string E to the ID in a predetermined formatAE.g. random byte string E is appended to I in a byte string merging mannerDAThereafter, or after adding a predetermined connection symbol or a predetermined separator to the front of the random byte string E, the random byte string E to which the connection symbol or the separator is added to the ID in a byte-string-merging mannerAPost, etc.).
Based on the SM9 signature private key generation method, a corresponding SM9 private key generation system can be constructed, and the system comprises a private key generator at a server side and a private key acquisition client side at a user side; when a private key acquisition client of a user side requests a private key generator to acquire a user identification IDAWhen the corresponding SM9 signs the private key, the private key generator generates the user identification ID according to the SM9 signature private key generation methodAThe corresponding SM9 signs the private key and is stored by the private key acquisition client.
The SM9 signed private key generated by the SM9 signed private key generation method described above is used as follows.
When digitally signing a message, the cryptographic component (of the signer) uses the SM9 signed private key d generated according to the SM9 signed private key generation methodADigitally signing the message;
when verifying the digital signature of a message, the cryptographic component (of the verifier) uses the identification ID incorporating (or containing) the random byte string EAE(by ID)AEAs a public key) verifies the digital signature of the message.
The method for using the SM9 signature private key to digitally sign the message by using the SM9 signature private key generated by the SM9 private key generation method needs to solve a problem of how to make the cryptographic component for signature verification obtain the identification ID combined with the random byte string E required by signature verificationAEIs there a The following are three possible ways (not all).
The first method is as follows:
the cryptographic component signs private key d using SM9AThe signed data (SignedData) generated by digitally signing the message contains an identification-restricted random byte string E or an identification ID restricted by the random byte string EAE(by a password component or other component); and a signature value in the data signed by the cryptographic component: (Signature Value, the Signature Value being the most basic digital Signature data, known as a digital Signature), the cryptographic component or other component first obtains the previously filled-in identification-restricted random byte string E from the signed data, and then combines it with the user identification IDAMerging to obtain the identification ID limited by the random byte string EAEOr the cryptographic component or other component first obtains the identification ID defined by the previously filled-in random byte string E directly from the signed dataAE(ii) a In obtaining the identification IDAEThereafter, the password component uses the IDAEVerifying the signature value (i.e., digital signature) in the signed data (with respect to the relationship between the signed data SignedData and the signature value SignatureValue, refer to PKCS # 7); the other components refer to programs other than password components.
The use mode is consistent with the use mode of the existing SM9 signature private key at the data level of signature.
The second method comprises the following steps:
in digitally signing a message, the cryptographic component populates or appends an identification-defining random byte string E as padding or appended data to a private key d signed using a user SM9AIn the signature value obtained after signature operation (namely in the most basic digital signature data obtained by signature operation); and when the digital signature of the message is verified, the password component obtains the identification limited random byte string E from the filling or additional data of the signature value and then combines the obtained identification limited random byte string E with the user identification IDAIn the method, the identification ID defined by the random byte string E is obtainedAEThen use the IDAEThe signature value (i.e., digital signature) stripped of the padding or additional data is verified.
The use mode is consistent with the use mode of the existing SM9 signature private key, namely the signature value layer, namely the most basic crypto module layer (such as Windows CSP and PKCS #11 modules).
The third method comprises the following steps:
when digitally signing a message, a cryptographic component or other component will obtain an identification ID defined by a random byte string EAEPut to signature privacy using SM9Key dAIn the signed data (SignedData) or Signature Value (Signature Value) generated by signing a message, when the digital Signature of the message is verified, a cryptographic component or other components firstly obtain an ID from the signed data or Signature ValueAEThen using the index information to obtain the ID defined by the random byte string EAE(e.g., from an information database, from publicly-published data information, etc.) and then using the obtained IDAEVerifying a digital signature of the message; the other components refer to programs other than password components.
The usage mode is consistent with the usage mode of the existing SM9 signature private key at the signed data, or signature value, or application level.
Based on the SM9 signature private key generation method and the SM9 signature private key using method, a corresponding SM9 cryptosystem can be constructed, the system comprises an SM9 private key generation system and a crypto component, and the SM9 private key generation system comprises a private key generator at a server side and a private key acquisition client at a user side;
when a private key acquisition client of a user side requests a private key generator to acquire a user identification IDAWhen the corresponding SM9 signs the private key, the private key generator generates the user identification ID according to the SM9 signature private key generation methodAThe corresponding SM9 signature private key is stored by the private key acquisition client;
when digitally signing a message, a cryptographic component (of the signer) digitally signs the message according to the SM9 signature private key usage method;
when verifying the digital signature of a message, the cryptographic component (of the verifier) verifies the digital signature of the message in the signature verification manner described in said SM9 signature private key usage method.
From the above description, it can be seen that, based on the SM9 signature private key generation method and system of the present invention, the user identification private key ID is generatedACorresponding private key dAEven if t appears in the process of (1)1In the case of 0, there is no need to regenerate the master private key, recalculate and publish the master public key, update the private key of the existing user, andand the situation is not known outside, thereby avoiding the occurrence of t1Various problems that arise when the case is 0; the SM9 signature private key using method based on the SM9 signature private key generating method has no fundamental difference from the using mode of the SM9 signature private key of the common SM9 signature private key, and according to the cryptosystem constructed based on the SM9 signature private key generating and using method, the digital signature application program can digitally sign the message in the mode of normally using the SM9 signature private key and verify the signature of the digital signature of the message.
Drawings
FIG. 1 is a flow of obtaining and generating SM9 signature private key
FIG. 2 is a SM9 signature private key generation system using the SM9 signature private key generation method of the present invention
FIG. 3 is an SM9 cryptographic system employing the SM9 signature private key generation and use method of the present invention
Detailed Description
The present invention will be further described with reference to the following examples. The following examples do not represent all possible embodiments and are not intended to limit the invention.
Examples 1,
In this embodiment, as shown in fig. 1, when the private key obtaining client of the user side applies to the private key generator for obtaining the user identifier IDAWhen the corresponding SM9 signs the private key, the private key generator generates a random byte string E, which is merged into the identification IDATo obtain IDAE(ii) a Calculating t1=(H1(IDAE| hid, n) + s) mod n, where n is the group G in the SM9 algorithm1、G2、GTHid is the private key generating function identifier expressed in one byte (see SM9 specification); if t1If 0, the random byte string E is regenerated and incorporated into the IDATo obtain the identification IDAECalculating t1=(H1(IDAE| hid, n) + s) mod n until t1≠ 0, where s is the master private or master key; if t1Not equal to 0, calculating t2=s(t1)-1mod n,dA=[t2]P1In which P is1Is group G in SM91A generator of (2); the private key generator will generate the signature private key dAAnd a random byte string E (or an identification ID defined by the random byte string E)AE) The private key returned to the user side is obtained by the client side; private key acquisition client of user side saves returned SM9 signature private key dASaving the returned random byte string E (or the identification ID defined by the random byte string E)AE) Or in the returned random byte string E (or the identification ID defined by the random byte string E)AE) On the basis of new data, e.g. containing random byte strings E or IDAEAnd obtaining the index information of the random byte string E.
In this embodiment, the private key generator incorporates the generated random byte string E into the identification IDAGet the ID limited by the random byte string EAEThe method of (1) is as follows:
appending a random byte string E to the ID in a predetermined formatAFor example, the random byte string E is directly attached to the ID in a byte string combination mannerAThereafter, either a predetermined connection symbol or a delimiter, such as the symbol '#' or '|' or '%' is added in front of the random byte string E, and then the random byte string E to which the connection symbol or delimiter is added is attached to the ID in a byte string combination mannerAThen, for example, suppose the user identifies IDACom, and the random byte string E generated when the private key is generated is 3Ayu75Xy8, then IDAECan be as follows:
user@example.com#3Ayu75Xy8,
or, user @ example. com |3Ayu75Xy8,
com% 3Ayu75Xy 8.
As another example, suppose a user identification IDAIs a mark added with a time validity period:
user@example.com|[2019:05:01-2019:0801],
and the random byte string E generated when the private key is generated is 3Ayu75Xy8, then IDAECan be as follows:
user@example.com|[2019:05:01-2019:0801]#3Ayu75Xy8,
or, user @ example. com | [2019:05:01-2019:0801] |3Ayu75Xy8,
or, user @ example. com | [2019:05:01-2019:0801 ]% 3Ayu75Xy 8.
Example 2
This embodiment is an SM9 private key generation system based on the SM9 signature private key generation method of the present invention, as shown in fig. 2, the private key generation system includes a private key generator at a server side and a private key obtaining client at a user side; when a private key acquisition client of a user side requests a private key generator to acquire a user identification IDAWhen the corresponding SM9 signs the private key, the private key generator generates the user identification ID according to the SM9 signature private key generation method of the inventionAThe corresponding SM9 signs the private key, which is stored by the private key acquisition client.
One key of the SM9 signature private key using method for implementing the invention is how to conveniently obtain the identification ID defined by the random string during signature verificationEAExamples 3, 4, 5 below show three possible (but not all) implementations of the SM9 private signature key usage method of the present invention.
Example 3
This embodiment is an application of digitally signing a message using the SM9 signed private key generated by the SM9 signed private key generation method described previously, specifically:
when digitally signing a message, the cryptographic component (of the signer) uses the SM9 signed private key d generated according to the SM9 signed private key generation methodADigitally signing the message;
when verifying the digital signature of a message, the cryptographic component (of the verifier) uses the identification ID incorporating (or containing) the random byte string EAE(by ID)AEAs a public key) verifies the digital signature of the message.
Identification ID incorporating a random byte string E required for signature verification in order to enable a cryptographic component performing signature verification to obtain a signature verificationAEThe cryptographic component signs the private key d using SM9ADigital signature of message to generate signed data (SignedData)Containing an identification ID identifying a defined random byte string E or a random byte string E definitionAE(by a password component or other component); before the cryptographic component verifies the Signature Value (Signature Value, which is the most basic digital Signature data, so-called digital Signature) in the signed data, the cryptographic component or other components first obtain the previously filled identification-restricted random byte string E from the signed data, and then connect it with the user identification IDAMerging to obtain the identification ID limited by the random byte string EAEOr the cryptographic component or other component first obtains the identification ID defined by the previously filled-in random byte string E directly from the signed dataAE(ii) a In obtaining the identification IDAEThereafter, the password component uses the IDAEVerifying the Signature Value (i.e., digital Signature) in the signed data (referring to PKCS #7 regarding the relationship between signed data, SignedData, and Signature Value); the other components refer to programs other than password components.
Examples 4,
This embodiment is also an application of digitally signing a message using the SM9 signed private key generated by the SM9 signed private key generation method described above, specifically:
when digitally signing a message, the cryptographic component (of the signer) uses the SM9 signed private key d generated according to the SM9 signed private key generation methodADigitally signing the message;
when verifying the digital signature of a message, the cryptographic component (of the verifier) uses the identification ID incorporating (or containing) the random byte string EAE(by ID)AEAs a public key) verifies the digital signature of the message.
Identification ID incorporating a random byte string E required for signature verification in order to enable a cryptographic component performing signature verification to obtain a signature verificationAEWhen digitally signing a message, the cryptographic component populates or appends an identification-defining random byte string E as padding or appended data to a private key d signed using the user SM9AIn the signature value obtained after signature operation (namely in the most basic digital signature data formed by signature operation); while on the messageWhen the digital signature is verified, the password component obtains an identification limited random byte string E from the padding or additional data of the signature value, and then combines the obtained identification limited random byte string E with the user identification IDAIn the method, the identification ID defined by the random byte string E is obtainedAEThen use the IDAEThe signature value (i.e., digital signature) stripped of the padding or additional data is verified.
Examples 5,
This embodiment is also an application of digitally signing a message using the SM9 signed private key generated by the SM9 signed private key generation method described above, specifically:
when digitally signing a message, the cryptographic component (of the signer) uses the SM9 signed private key d generated according to the SM9 signed private key generation methodADigitally signing the message;
when verifying the digital signature of a message, the cryptographic component (of the verifier) uses the identification ID incorporating (or containing) the random byte string EAE(by ID)AEAs a public key) verifies the digital signature of the message.
Identification ID incorporating a random byte string E required for signature verification in order to enable a cryptographic component performing signature verification to obtain a signature verificationAEWhen digitally signing a message, the cryptographic component or other component will obtain an identification ID defined by a random byte string EAEIs put to the signature private key d using SM9AIn signed data (SignedData) or a Signature Value (Signature Value) generated by signing a message, when a digital Signature of a message is verified, a cryptographic component or other component obtains an ID from the signed data or Signature ValueAEThen using the index information to obtain the ID defined by the random byte string EAE(e.g., from an information database, from publicly-published data information, etc.) and then using the obtained IDAEPerforming signature verification on the digital signature of the message; the other components refer to programs other than password components.
Examples 6,
This embodiment is based on the SM9 signature private key generation of the present inventionThe SM9 cryptosystem of the method and the SM9 signature private key using method is shown in FIG. 3, the system comprises an SM9 private key generating system and a crypto component, and the SM9 private key generating system comprises a private key generator at a server side and a private key obtaining client at a user side; the digital signature application program carries out digital signature and signature verification operation by calling the password component; when a private key acquisition client of a user side requests a private key generator to acquire a user identification IDAWhen the corresponding SM9 signs the private key, the private key generator generates the user identification ID according to the SM9 signature private key generation methodAThe corresponding SM9 signature private key is stored by the private key acquisition client; when digitally signing a message, the cryptographic component (of the signer) digitally signs the message in the aforementioned SM9 signature private key usage method; when verifying the digital signature of a message, the cryptographic component (of the verifier) verifies the digital signature of the message in the signature verification manner described in the aforementioned SM9 signature private key usage method.
Other specific technical implementations not described are well known to those skilled in the relevant art and will be apparent to those skilled in the relevant art.

Claims (8)

1. An SM9 signature private key generation method is characterized in that:
when the private key acquisition client of the user side applies to the private key generator of the server side for acquiring the user identification IDAWhen the corresponding SM9 signs the private key, the private key generator generates the user identification ID as followsAThe corresponding signature private key:
a random byte string E is generated and incorporated into the identification IDATo obtain IDAE
Calculating t1=(H1(IDAE| hid, n) + s) mod n, where H1Is a hash function specified in the SM9 algorithm, s is the master private or master key, and n is group G in the SM9 algorithm1、G2、GTThe order of (1), hid, is a private key generation function identifier expressed by one byte, | | | represents the byte string combination of data;
if t1If 0, the random byte string E is regenerated and incorporated into the IDATo obtain IDAECalculating t1=(H1(IDAE| hid, n) + s) mod n until t1≠0;
If t1Not equal to 0, then t is calculated2=s(t1)-1mod n,dA=[t2]P1In which P is1Is group G in SM91A generator of (2);
the private key generator signs the generated SM9 with the private key dAAnd the random byte string E is returned to the private key acquisition client of the user side;
private key acquisition client of user side saves returned SM9 signature private key dASaving the returned random byte string E or forming new data on the basis of the returned random byte string E; the new data is data for signature verification or auxiliary signature verification;
the private key obtaining client is a program of a user side for obtaining a private key of a user SM 9; the private key generator is a service system that generates an SM9 identification private key for a user;
the random byte string E is called an identification limited random byte string; the ID incorporating the random byte string EAEAn identity defined by a string of bytes referred to as random E; the user IDAWhich itself is a subscriber identity containing no other defined information or a subscriber identity containing other defined information.
2. The SM9 signature private key generation method of claim 1, wherein:
the private key generator merges the generated random byte string E into the identification IDATo obtain IDAEThe method comprises the following steps: appending a random byte string E to the ID in a predetermined formatAIn (1).
3. An SM9 private key generation system based on the SM9 signature private key generation method of claim 1 or 2, characterized in that:
the private key generation system comprises a private key generator of a server side and a private key acquisition client of a user side; when the private key of the user terminal obtains the client terminalRequesting a private key generator for obtaining a user identification IDAWhen the corresponding SM9 signs the private key, the private key generator generates the user identification ID according to the SM9 signature private key generation methodAThe corresponding SM9 signs the private key and is stored by the private key acquisition client.
4. A method for using SM9 signature private key based on the SM9 signature private key generation method of claim 1, characterized in that:
when digitally signing a message, the cryptographic component uses the SM9 signed private key d generated by the SM9 signed private key generation methodADigitally signing the message;
the cryptographic component uses the identification ID incorporating the random byte string E when verifying the digital signature of the messageAEThe digital signature of the message is verified.
5. The method for using SM9 signature private key of claim 4, wherein: enabling a cryptographic component performing signature verification to obtain an identification ID incorporating a random byte string E required for signature verificationAEOne method of (2) is as follows:
the cryptographic component signs private key d using SM9AThe signature data generated after the message is digitally signed contains an identification limited random byte string E or an identification ID limited by the random byte string EAE(ii) a Before the password component verifies the signature value in the signed data, the password component or other components acquire the previously filled identification limited random byte string E from the signed data and then combine the identification limited random byte string E with the user identification IDAMerging to obtain the identification ID limited by the random byte string EAEOr the cryptographic component or other component first obtains the identification ID defined by the previously filled-in random byte string E directly from the signed dataAE(ii) a In obtaining the identification IDAEThereafter, the password component uses the IDAEVerifying a signature value in the signed data; the other components refer to programs other than password components.
6. According to claim 4The SM9 signature private key using method is characterized in that: enabling a cryptographic component performing signature verification to obtain an identification ID incorporating a random byte string E required for signature verificationAEOne method of (2) is as follows:
in digitally signing a message, the cryptographic component populates or appends an identification-defining random byte string E as padding or appended data to a private key d signed using a user SM9APerforming signature operation to obtain a signature value; and when the digital signature of the message is verified, the password component obtains the identification limited random byte string E from the filling or additional data of the signature value and then combines the obtained identification limited random byte string E with the user identification IDAIn the method, the identification ID defined by the random byte string E is obtainedAEThen use the IDAEThe signature value with the padding or additional data stripped is verified.
7. The method for using SM9 signature private key of claim 4, wherein: enabling a cryptographic component performing signature verification to obtain an identification ID incorporating a random byte string E required for signature verificationAEOne method of (2) is as follows:
when digitally signing a message, a cryptographic component or other component will obtain an identification ID defined by a random byte string EAEIs put to the signature private key d using SM9AIn the signed data or signature value generated by signing the message, when the digital signature of the message is verified, the password component or other components obtain ID from the signed data or signature valueAEThen using the index information to obtain the ID defined by the random byte string EAEThen using the obtained IDAEVerifying a digital signature of the message; the other components refer to programs other than password components.
8. An SM9 cryptosystem based on the SM9 signature private key usage method of any one of claims 4-7, characterized in that:
the SM9 cryptosystem comprises an SM9 private key generation system and a crypto component, and the SM9 private key generation system comprises a private key generator at a server side and a private key acquisition client at a user side;
when a private key acquisition client of a user side requests a private key generator to acquire a user identification IDAWhen the corresponding SM9 signs the private key, the private key generator generates the user identification ID according to the SM9 signature private key generation methodAThe corresponding SM9 signature private key is stored by the private key acquisition client;
when the message is digitally signed, the password component digitally signs the message according to the SM9 signature private key using method;
when verifying the digital signature of the message, the cryptographic component verifies the digital signature of the message in the signature verification manner described in the SM9 signature private key usage method.
CN201910478593.5A 2019-06-03 2019-06-03 SM9 private key generation and use method and system Active CN110247759B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910478593.5A CN110247759B (en) 2019-06-03 2019-06-03 SM9 private key generation and use method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910478593.5A CN110247759B (en) 2019-06-03 2019-06-03 SM9 private key generation and use method and system

Publications (2)

Publication Number Publication Date
CN110247759A CN110247759A (en) 2019-09-17
CN110247759B true CN110247759B (en) 2020-07-10

Family

ID=67885881

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910478593.5A Active CN110247759B (en) 2019-06-03 2019-06-03 SM9 private key generation and use method and system

Country Status (1)

Country Link
CN (1) CN110247759B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111082932B (en) * 2019-12-25 2023-03-28 武汉理工大学 Anti-repudiation identification private key generation and digital signature method, system and device
CN111064564B (en) * 2019-12-31 2023-03-28 武汉理工大学 SM9 signature private key generation and digital signature method, system and device
CN111262691B (en) * 2020-01-07 2023-04-25 武汉理工大学 Identification private key generation and use method, system and device based on mixed master key
CN111866547B (en) * 2020-07-30 2022-07-15 北京万协通信息技术有限公司 Novel video tamper-proofing method
CN115174100B (en) * 2022-06-21 2024-04-12 武汉理工大学 Password processing method and system for gRPC data

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104753917A (en) * 2013-12-30 2015-07-01 三星Sds株式会社 System and method for identity-based key management
CN107819585A (en) * 2017-11-17 2018-03-20 武汉理工大学 SM9 digital signature cooperates with generation method and system
CN108418686A (en) * 2017-11-23 2018-08-17 矩阵元技术(深圳)有限公司 A kind of how distributed SM9 decryption methods and medium and key generation method
CN108551392A (en) * 2018-04-13 2018-09-18 武汉大学 A kind of Proxy Signature generation method and system based on SM9 digital signature
CN109361519A (en) * 2018-12-07 2019-02-19 武汉理工大学 A kind of improved generation method and system comprising secret number

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR914757A (en) * 1944-11-10 1946-10-17 Ericsson Telefon Ab L M Device for disconnecting false calls in automatic telephony
CN108259179B (en) * 2016-12-29 2021-03-02 航天信息股份有限公司 Encryption and decryption coprocessor based on SM9 identification cryptographic algorithm and operation method thereof
CN107395368B (en) * 2017-08-18 2020-09-11 北京无字天书科技有限公司 Digital signature method, decapsulation method and decryption method in media-free environment
CN107579819B (en) * 2017-09-13 2019-11-19 何德彪 A kind of SM9 digital signature generation method and system
CN107566128A (en) * 2017-10-10 2018-01-09 武汉大学 A kind of two side's distribution SM9 digital signature generation methods and system
CN107864037A (en) * 2017-10-25 2018-03-30 深圳奥联信息安全技术有限公司 SM9 Combination with Digital endorsement method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104753917A (en) * 2013-12-30 2015-07-01 三星Sds株式会社 System and method for identity-based key management
CN107819585A (en) * 2017-11-17 2018-03-20 武汉理工大学 SM9 digital signature cooperates with generation method and system
CN108418686A (en) * 2017-11-23 2018-08-17 矩阵元技术(深圳)有限公司 A kind of how distributed SM9 decryption methods and medium and key generation method
CN108551392A (en) * 2018-04-13 2018-09-18 武汉大学 A kind of Proxy Signature generation method and system based on SM9 digital signature
CN109361519A (en) * 2018-12-07 2019-02-19 武汉理工大学 A kind of improved generation method and system comprising secret number

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"SM9标识密码算法综述";袁峰;《信息安全研究》;20161105;全文 *

Also Published As

Publication number Publication date
CN110247759A (en) 2019-09-17

Similar Documents

Publication Publication Date Title
CN110247759B (en) SM9 private key generation and use method and system
US9490979B2 (en) System and method for providing credentials
CN111010272B (en) Identification private key generation and digital signature method, system and device
JP2991099B2 (en) Signature device and method
US8589693B2 (en) Method for two step digital signature
EP2372948A1 (en) Method, device, and system for an identity-based forward-secure digital signature
CN110120939B (en) Encryption method and system capable of repudiation authentication based on heterogeneous system
CN107483191B (en) SM2 algorithm key segmentation signature system and method
CN108989054B (en) Cipher system and digital signature method
CN107707358A (en) A kind of EC KCDSA digital signature generation method and system
JP2013539295A (en) Authenticated encryption of digital signatures with message recovery
CN110113150B (en) Encryption method and system based on non-certificate environment and capable of repudiation authentication
JP2002534701A (en) Auto-recoverable, auto-encryptable cryptosystem using escrowed signature-only keys
CN106899413B (en) Digital signature verification method and system
CN110138567A (en) A kind of collaboration endorsement method based on ECDSA
WO2013087629A1 (en) Group encryption methods and devices
CN116566626B (en) Ring signature method and apparatus
CN106936584A (en) A kind of building method without CertPubKey cryptographic system
CN108768975A (en) Support the data integrity verification method of key updating and third party's secret protection
WO2023184858A1 (en) Timestamp generation method and apparatus, and electronic device and storage medium
CN114499887B (en) Signing key generation and related methods, systems, computer devices and storage media
CN114448641A (en) Privacy encryption method, electronic equipment, storage medium and chip
CN115174056B (en) Chameleon signature generation method and chameleon signature generation device based on SM9 signature
CN110557260A (en) SM9 digital signature generation method and device
CN109902483A (en) Anti- quantum calculation Proxy Digital Signature method and system based on multiple pool of keys

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant