CN110351096B - Multiple signature method, signature center, program medium, and electronic device - Google Patents

Multiple signature method, signature center, program medium, and electronic device Download PDF

Info

Publication number
CN110351096B
CN110351096B CN201910671776.9A CN201910671776A CN110351096B CN 110351096 B CN110351096 B CN 110351096B CN 201910671776 A CN201910671776 A CN 201910671776A CN 110351096 B CN110351096 B CN 110351096B
Authority
CN
China
Prior art keywords
signature
signing
participant
center
signed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910671776.9A
Other languages
Chinese (zh)
Other versions
CN110351096A (en
Inventor
蒋福强
贾牧
张鹏程
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
OneConnect Financial Technology Co Ltd Shanghai
Original Assignee
OneConnect Financial Technology Co Ltd Shanghai
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by OneConnect Financial Technology Co Ltd Shanghai filed Critical OneConnect Financial Technology Co Ltd Shanghai
Priority to CN201910671776.9A priority Critical patent/CN110351096B/en
Publication of CN110351096A publication Critical patent/CN110351096A/en
Priority to PCT/CN2019/123094 priority patent/WO2021012574A1/en
Application granted granted Critical
Publication of CN110351096B publication Critical patent/CN110351096B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures

Abstract

The disclosure relates to the field of information encryption, and discloses a multiple signature method, a signature center, a medium and an electronic device, wherein the method is executed by the signature center, the signature center comprises a signature unit and a plurality of signature participants, and the method comprises the following steps: each signature participant acquires a prime order cycle group under an elliptic curve equation; the signature participant receives a private key generated by a key generation center according to the identifier of the signature participant; the signature participant acquires the public key of the signature participant by using a formula based on the private key of the signature participant; each signature participant generates a random number, and the signature unit obtains a target random point by using a formula based on the random number; and each signature participant signs the message to be signed according to a formula based on the target random point, sends the message to be signed to the signature unit, and obtains the signature of the message to be signed by the signature unit. Under the method, the security of the signature and the maintainability of the signature system are improved, the resource consumption during multiple signatures is reduced, and the signature efficiency is improved.

Description

Multiple signature method, signature center, program medium, and electronic device
Technical Field
The present disclosure relates to the field of information encryption technologies, and in particular, to a multiple signature method, a signature center, a medium, and an electronic device.
Background
In blockchain operations, it is often necessary to utilize signature algorithms in order to verify the security of encrypted transaction information, such as verifying the integrity of the information and the certainty of the identity of the information generator. In order to further improve the security of signatures, multiple signature schemes also begin to appear, and in the prior art, the multiple signature schemes proposed by block stream (blockstream) teams are mainly as follows: each signature participant randomly takes an integer as a private key, then obtains a corresponding public key by using the private key of a generator in the cyclic group to obtain a public key set of the signature participants, and then calculates a public key commitment based on the public key set and each public key; each participant acquires a random number, and random points after generating element operation random numbers for each random number are acquired; and performing hash operation on the binary operation result among the random points, the message to be signed and the public key of the signature participant aiming at each signature participant, performing binary operation on the operation result, the promise of the public key and the public key, adding the random number of the signature participant on the basis of obtaining the calculation result to obtain the signature of the signature participant, and finally connecting the binary operation result among the random points and the signature of each signature participant to obtain the signature.
The prior art has the defects that the security of a private key of a signature participant is uncontrollable and difficult to maintain systematically because the private key is generated randomly, and meanwhile, the prior art needs to calculate a public key commitment, so that a large amount of calculation is needed in the process, and the signature efficiency is low.
Disclosure of Invention
In order to solve or at least partially solve the technical problems in the technical field of information encryption, the present disclosure provides a multiple signature method, a signature center, a medium and an electronic device.
According to an aspect of the present application, there is provided a multiple signature method, the method being performed by a signature center including a signature unit and a plurality of signature participants, the method comprising:
each signature participant in the signature center acquires a prime order cycle group established based on a preset elliptic curve equation, wherein the cycle group comprises a generator, and the signature participant is provided with an identifier;
each signing party in the signing center receives a private key generated by the key generation center according to the identification of the signing party;
each signing party in the signing authority obtains its public key based on its private key using the following formula:
Xi=g^xi
wherein, XiIs the public key of the ith signature participant, g is the generator of the cyclic group, xiIs the private key of the ith signing party;
when a signature request aiming at a message to be signed is received, each signature participant in the signature center generates a random number, and a signature unit in the signature center acquires a target random point on the preset elliptic curve by using the following formula based on the random numbers of the signature participants:
Ri=g^ri
R=R1*R2*…*Rn
wherein R isiIs a random point, r, obtained for the ith signature participant on the preset elliptic curveiThe random number is generated by the ith signature participant, and R is a target random point obtained based on the random numbers of all the signature participants;
and each signing party in the signing center signs the message to be signed by using the following formula based on the target random point and sends the message to be signed to a signing unit in the signing center, and the signing unit synthesizes the signature of each signing party to obtain the signature of the message to be signed:
si=ri+c*IDi*xi
wherein, IDiThe identity of the ith signing party is represented by c ═ H (X, R, m), H is a hash function, m is the message to be signed, X is the set of public keys of all signing parties in the signing authority, siThe signature name of the message to be signed, which is synthesized by the signature unit, is (R, S), and S is S1+s2+…+sn
According to another aspect of the present application, there is provided a signature center, including a signature unit and a plurality of signature participants, where the signature unit includes a target random point acquisition module and a composition module, and the signature participants include an acquisition module, a receiving module, a public key acquisition module, a generation module, and a signature module, where:
the acquisition module is used for acquiring a prime order cycle group established based on a preset elliptic curve equation, the cycle group comprises a generator, and the signature participant has an identifier;
the receiving module is used for receiving a private key generated by the key generation center according to the identification of the signature participant;
a public key obtaining module, configured to obtain, based on the private key of the signing party, the public key of the signing party by using the following formula:
Xi=g^xi
wherein, XiIs the public key of the ith signature participant, g is the generator of the cyclic group, xiIs the private key of the ith signing party;
the generation module is used for generating a random number when receiving a signature request aiming at a message to be signed;
a target random point obtaining module, configured to obtain a target random point on the preset elliptic curve based on the random number of each signature participant by using the following formula:
Ri=g^ri
R=R1*R2*…*Rn
wherein R isiIs a random point, r, obtained for the ith signature participant on the preset elliptic curveiThe random number is generated by the ith signature participant, and R is a target random point obtained based on the random numbers of all the signature participants;
the signature module is used for respectively signing the message to be signed by using the following formulas based on the target random point and sending the signed message to a signature unit in the signature center:
si=ri+c*IDi*xi
wherein, IDiThe identity of the ith signing party is represented by c ═ H (X, R, m), H is a hash function, m is the message to be signed, X is the set of public keys of all signing parties in the signing authority, siSigning the message to be signed for the ith signing party;
a synthesis module for synthesizing the signature of each signature participant to obtain the signature (R, S) of the message to be signed, wherein S is S1+s2+…+sn
According to another aspect of the present application, there is provided a computer readable program medium storing computer program instructions which, when executed by a computer, cause the computer to perform the method as previously described.
According to another aspect of the present application, there is provided an electronic device including:
a processor;
a memory having computer readable instructions stored thereon which, when executed by the processor, implement the method as previously described.
The technical scheme provided by the embodiment of the invention can have the following beneficial effects:
for the multiple signature method provided by the invention, the method is executed by a signature center, the signature center comprises a signature unit and a plurality of signature participants, and the method comprises the following steps: each signature participant in the signature center acquires a prime order cycle group established based on a preset elliptic curve equation, wherein the cycle group comprises a generator, and the signature participant is provided with an identifier; each signing party in the signing center receives a private key generated by the key generation center according to the identification of the signing party; each signing party in the signing authority obtains its public key based on its private key using the following formula:
Xi=g^xi
wherein, XiIs the public key of the ith signature participant, g is the generator of the cyclic group, xiIs the private key of the ith signing party;
when a signature request aiming at a message to be signed is received, each signature participant in the signature center generates a random number, and a signature unit in the signature center acquires a target random point on the preset elliptic curve by using the following formula based on the random numbers of the signature participants:
Ri=g^ri
R=R1*R2*…*Rn
wherein R isiIs a random point, r, obtained for the ith signature participant on the preset elliptic curveiIs a random number generated by the ith signature participant, R is a participation based on each signatureA target random point is obtained by the random number of the party;
and each signing party in the signing center signs the message to be signed by using the following formula based on the target random point and sends the message to be signed to a signing unit in the signing center, and the signing unit synthesizes the signature of each signing party to obtain the signature of the message to be signed:
si=ri+c*IDi*xi
wherein, IDiThe identity of the ith signing party is represented by c ═ H (X, R, m), H is a hash function, m is the message to be signed, X is the set of public keys of all signing parties in the signing authority, siThe signature name of the message to be signed, which is synthesized by the signature unit, is (R, S), and S is S1+s2+…+sn
Under the method, the private key of each signature participant is generated by the key generation center according to the identification of the signature participant, so that the phenomenon that the reliability of the signature is reduced due to the fact that the private key is generated in a random mode can be avoided, the security of the signature and the maintainability of a system are improved, meanwhile, the step of needing a large amount of computing resources is omitted on the basis of the prior art, and the signature efficiency is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
FIG. 1 is a system architecture diagram illustrating a multiple signature method in accordance with an exemplary embodiment;
FIG. 2 is a flow diagram illustrating a multiple signature method in accordance with an exemplary embodiment;
FIG. 3 is a flowchart illustrating steps following step 230 and steps following step 260 according to one embodiment illustrated in a corresponding embodiment in FIG. 2;
FIG. 4 is a block diagram illustrating a signature center according to an example embodiment;
FIG. 5 is a block diagram illustrating an example of an electronic device implementing the multiple signature method described above, according to an example embodiment;
fig. 6 illustrates a computer-readable storage medium implementing the multiple signature method described above, according to an example embodiment.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the invention, as detailed in the appended claims.
Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus their repetitive description will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities.
The present disclosure first provides a multiple signature method. Signing, i.e. the process of generating a digital signature. The digital signature is a digital string which can be generated only by a sender of the information and cannot be forged by others, and the digital string is also a valid proof of the authenticity of the information sent by the sender of the information. The multiple signature is a signature which needs a plurality of signature participants to be together completed, and each signature participant plays a certain role in the signature process.
The signature participant may be any device with computing and processing capabilities, which may be connected to an external device for receiving or sending information, and may be a portable mobile device, such as a smart phone, a tablet computer, a notebook computer, a pda (personal Digital assistant), etc., a stationary device, such as a computer device, a field terminal, a desktop computer, a server, a workstation, etc., or a collection of devices, such as a physical infrastructure of cloud computing.
Preferably, the signing party may be a server or a computer device.
Fig. 1 is a system architecture diagram illustrating a multiple signature method according to an example embodiment. Referring to fig. 1, a signing authority 100 comprises a signing unit 110 and a plurality of signing parties 120, the plurality of signing parties 120 being capable of communicating with the signing unit 110; in addition to the signing authority 100, there is a key generation authority 130, the key generation authority 130 being able to communicate with the signing participants 120 in the signing authority 100. The signing participants 120 have identifications, a plurality of signing participants 120 in the signing authority 100 can respectively receive a private key generated by the key generation authority according to the identification of each signing participant 120, and then the signing participants 120 can generate corresponding public keys by using the private keys; then, if the signing authority 100 receives a signing request of a message to be signed, each signing party 120 in the signing authority 100 generates a random number, the signing unit 110 obtains a random point on a preset elliptic curve for the random number generated by each signing party 120, then, binary operation is performed on each random point according to a predetermined sequence to obtain a target random point existing on the preset elliptic curve, finally, the signature unit 110 performs hash operation on the set of public keys of all signature participants 120, the target random point and the message to be identified for each signature participant 120, then the result of the hash operation is performed with the identification of the signature participant 120 and the private key by an elliptic curve-based two-dimensional operation, and adds the random number generated by the signature participant 120 on the basis of the two-dimensional operation result to obtain the signature of the signature participant; and finally, the combination of the target random point and the signature completed by each signature participant 120 is used as the signature of the message to be signed finally.
It should be noted that fig. 1 is only one embodiment of the present disclosure, and although in the embodiment of fig. 1, each signature participant 120 is a desktop computer, and the key generation center 130 is also located outside the signature center 100, in practical applications, the signature participant 120 may be a terminal of the aforementioned various types, and the inclusion relationship between the key generation center 130 and the signature center 100 may be arbitrary, that is, the key generation center 130 may be located outside the signature center 100 or inside the signature center 100, so the present disclosure is not limited thereto, and the protection scope of the present disclosure should not be limited thereby.
Fig. 2 is a flow diagram illustrating a multiple signature method in accordance with an example embodiment. The method shown in the embodiment of fig. 2 is performed by a signature center, where the signature center includes a signature unit and a plurality of signature participants, and as shown in fig. 2, the method includes the following steps:
in step 210, each signature participant in the signature center obtains a prime order cycle group established based on a preset elliptic curve equation.
The cyclic group includes a generator, and the signature participant has an identification.
A signature center is a system that includes a plurality of units or modules, wherein the included signature units and a plurality of signature participants are organically integrated in the signature center, and the signature units and the signature participants can be related or interacted with each other. The signature center can be an integral body organically combining software, hardware and firmware.
In practical applications, the signing party may be a module, may be a terminal, and may even be a separate system or subsystem.
The group is a concept in the group theory, one group is a non-empty set which satisfies the conditions of closure, association law, existence of unit element, existence of inverse element and the like, one unit in one group is called as one element in the group, the order of the group is the number of the elements in the group, and the cyclic group is the group which satisfies the conditions: each element in the group is a power of a fixed element in the group, so the generator of the cyclic group is the fixed element, and the prime order cyclic group is a cyclic group containing elements whose number is prime.
In one embodiment, the predetermined elliptic curve equation has the general formula:
y^2=x^3+a*x+b(mod p),
wherein a and b are coefficients of the preset elliptic curve equation, and p is a modulus.
A general elliptic curve equation may take the form described above, and may be, for example:
y2=x3-5x+4(mod 25)。
all points in the elliptic curve form an addition group, so that each element in the prime order cyclic group established based on the preset elliptic curve equation is a point.
In one embodiment, the set of all points that satisfy the predetermined elliptic curve equation is taken as the established prime order cyclic group.
The process of establishing the prime order cyclic group based on the predetermined elliptic curve equation is established by using an addition algorithm of the elliptic curve.
The identifier of the signing party is a character string for uniquely determining the identity of the signing party, and may include characters such as letters, numbers, underlines, and the like, such as a Media Access Control Address (MAC Address), a mobile phone number, a bank card number, an account number or an ID (Identification) previously assigned to each signing party, and the like.
In one embodiment, the type of the identifier of each signature participant in the signature center is the same, and the type of the identifier of each signature participant is one of an identity card number, a mobile phone number and a mailbox address.
Each signing participant in the signing authority receives a private key generated by the key generation authority from the identity of the signing participant, step 220.
The private key is a key used for encryption in the field of asymmetric encryption, and information encrypted by the private key can only be decrypted by using a corresponding public key.
In one embodiment, the key generation center generates a private key from the identity of each signing party by:
and the key generation center performs hash operation on the identification of each signature participant by using a hash algorithm specific to the key generation center to obtain the private key of each signature participant.
In one embodiment, the key generation center generates a private key from the identity of each signing party by:
the key generation center encrypts the identification of each signature participant by using a private key of the key generation center to obtain the private key of each signature participant.
In one embodiment, the key generation center generates a private key from the identity of each signing party by:
and the key generation center generates a random character sequence corresponding to the identification of the signature participant as a private key of the signature participant for each signature participant, and correspondingly stores the private key generated for each signature participant and the identification of the corresponding signature participant.
In one embodiment, the identification of all signing parties is generated by and maintained by a key generation center.
In one embodiment, before each signing party in the signing authority receives the private key generated by the key generation authority from the identity of that signing party, the method further comprises:
each signing party in the signing center sends the identification of the signing party to the key generation center, so that the key generation center generates a private key according to the identification of the signing party.
In one embodiment, the key generation center embeds a script at the home terminal (i.e., the signing center), and before each signing party in the signing center receives the private key generated by the key generation center according to the identification of the signing party, the key generation center crawls the identification of the signing party in the signing center by using the script and generates a corresponding private key according to the identification of each signing party.
In step 230, each signing party in the signing authority obtains the public key of the signing party based on the private key of the signing party by using the following formula:
Xi=g^xi
wherein, XiIs the public key of the ith signature participant, g is the generator of the cyclic group, xiIs the private key of the ith signing party.
It can be seen that the public key of each signature participant is obtained by performing a binary operation on the generator for a certain number of times on the elliptic curve, where the generator is the initial point of the elliptic curve, and the certain number is equal to the private key of the corresponding signature participant.
Step 250, when receiving a signature request for a message to be signed, each signature participant in the signature center generates a random number, and a signature unit in the signature center acquires a target random point on the preset elliptic curve by using the following formula based on the random numbers of the signature participants:
Ri=g^ri
R=R1*R2*…*Rn
wherein R isiIs a random point, r, obtained for the ith signature participant on the preset elliptic curveiIs a random number generated by the ith signing party, and R is a target random point obtained based on the random numbers of the respective signing parties.
In one embodiment, the random number generated by each signature participant is greater than 0 and less than the order of the cyclic group.
The signing request for the message to be signed may be a network request based on various protocols, such as may be a request under the HTTP protocol.
In one embodiment, the signing request includes the message to be signed.
In one embodiment, before receiving a signature request for a message to be signed, a signature unit in the signature center acquires a plurality of messages to be signed, wherein each message to be signed has an identifier, and the identifier of the message to be signed is included in the signature request for the message to be signed, and then when receiving the signature request for the message to be signed, the signature unit in the signature center acquires the message to be signed with the same identifier as the identifier of the message to be signed included in the signature request from the plurality of messages to be signed.
Step 260, each signing party in the signing center signs the message to be signed based on the target random point by using the following formula respectively, and sends the signed message to a signing unit in the signing center, and the signing unit synthesizes the signature of each signing party to obtain the signature of the message to be signed:
si=ri+c*IDi*xi
wherein, IDiThe identity of the ith signing party is represented by c ═ H (X, R, m), H is a hash function, m is the message to be signed, X is the set of public keys of all signing parties in the signing authority, siThe signature name of the message to be signed, which is synthesized by the signature unit, is (R, S), and S is S1+s2+…+sn
It can be seen that the finally synthesized signature of the message to be signed is related to a private key, the identification of each signature participant, the public key of each signature participant, the target random point and a plurality of factors of the message to be signed, so that the complexity of the signature is improved, and the reliability and the safety of the signature are further improved.
In summary, according to the multiple signature method shown in the embodiment of fig. 2, since the private key of each signature party is generated by the key generation center according to the identifier of the signature party, it is possible to avoid the phenomenon that the reliability of the signature is reduced due to the generation of the private key in a random manner, and both the private key of the signature party and the finally obtained signature of the message to be signed are related to the identifier of each signature party, thereby improving the security of the signature and the maintainability of the system, and simultaneously saving the steps requiring a large amount of computing resources on the basis of the prior art, saving the resources, and improving the efficiency of the signature.
Fig. 3 is a flowchart illustrating steps after step 230 and steps after step 260 according to an embodiment illustrated in a corresponding embodiment of fig. 2. As shown in fig. 3, the method comprises the following steps:
each signing party in the signature center publishes its public key, step 240, so that the signature verifier can obtain a set of public keys consisting of the public keys of all signing parties in the signature center.
In one embodiment, the signing party publishes its public key by way of a network disclosure. For example, the signature participant adds the public key to a preset webpage code template, generates a webpage file recording the public key and stores the webpage file locally; when the signature verifying party needs to acquire the public key of the signature participant, a public key acquisition request is sent to the signature participant, the signature participant returns a webpage file containing the public key to the signature verifying party according to the request, so that the signature verifying party can acquire the public key from the webpage file, and the signature verifying party acquires a public key set by sending a public key acquisition request to each signature participant.
In one embodiment, after all signature participants in the signature center generate public keys, the signature center packages and sends a set of public keys to each signature verifier with which a communication connection is established, so that the signature verifier can obtain the public keys.
The signature verifier is an entity with arithmetic processing and communication capabilities, and can be a terminal or a system of the same type as the signature participant.
Step 270, the signature unit in the signature center sends the signature of the message to be signed to a target signature verifier, so that the target signature verifier verifies the message to be signed by using the public key set.
The target signature verifier is a party that is qualified to verify the signature of the message to be signed.
In one embodiment, the target signature verifier has an identifier and is stored locally in the signature unit, and when a signature unit in the signature center receives a request for obtaining a signature of a message to be signed, if the identifier in the request is consistent with the identifier stored locally in the signature unit, the signature of the message to be signed is sent to a sender of the request according to the request.
In one embodiment, the target signature verifier verifies the message to be signed by using the public key set based on the following formula:
g^S=R*(X1^ID1+…+Xn^IDn)*c。
wherein g is a generator of the cyclic group, R is a target random point obtained based on random numbers of each signature participant, and S is S1+s2+…+sn,XiIs the public key, ID, of the ith signature participant obtainediAnd c is the identifier of the ith signing party, H (X, R, m), H is a hash function, m is the message to be signed, and X is the set of public keys of all signing parties in the signing center.
The present disclosure also provides a signature center, and fig. 4 is a block diagram illustrating a signature center according to an example embodiment. As shown in fig. 4, the signature center 400 includes a signature unit 420 and a plurality of signature participants 410, the signature unit 420 includes a target random point obtaining module 421 and a synthesizing module 422, and the signature participants 410 includes a obtaining module 411, a receiving module 412, a public key obtaining module 413, a generating module 414, and a signature module 415, wherein:
an obtaining module 411, configured to obtain a prime order cyclic group established based on a preset elliptic curve equation, where the cyclic group includes a generator, and the signature participant has an identifier;
a receiving module 412, configured to receive a private key generated by the key generation center according to the identifier of the signing party;
a public key obtaining module 413, configured to obtain the public key of the signing party based on the private key of the signing party by using the following formula:
Xi=g^xi
wherein, XiIs the public key of the ith signature participant, g is the generator of the cyclic group, xiIs the private key of the ith signing party;
a generating module 414, configured to, when receiving a signature request for a message to be signed, generate a random number:
a target random point obtaining module 421, configured to obtain a target random point on the preset elliptic curve based on the random number of each signature participant by using the following formula:
Ri=g^ri
R=R1*R2*…*Rn
wherein R isiIs a random point, r, obtained for the ith signature participant on the preset elliptic curveiThe random number is generated by the ith signature participant, and R is a target random point obtained based on the random numbers of all the signature participants;
a signature module 415, configured to sign the message to be signed based on the target random point by using the following formulas, and send the signed message to a signature unit in the signature center:
si=ri+c*IDi*xi
wherein, IDiThe identity of the ith signing party is represented by c ═ H (X, R, m), H is a hash function, m is the message to be signed, X is the set of public keys of all signing parties in the signing authority, siSigning the message to be signed for the ith signing party;
a synthesizing module 422, configured to synthesize the signature of each signature participant to obtain a signature (R, S) of the message to be signed, where S is S1+s2+…+sn
According to a third aspect of the present disclosure, there is also provided an electronic device capable of implementing the above method.
As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method or program product. Thus, various aspects of the invention may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
An electronic device 500 according to this embodiment of the invention is described below with reference to fig. 5. The electronic device 500 shown in fig. 5 is only an example and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 5, the electronic device 500 is embodied in the form of a general purpose computing device. The components of the electronic device 500 may include, but are not limited to: the at least one processing unit 510, the at least one memory unit 520, and a bus 530 that couples various system components including the memory unit 520 and the processing unit 510.
Wherein the storage unit stores program code that is executable by the processing unit 510 to cause the processing unit 510 to perform steps according to various exemplary embodiments of the present invention as described in the section "example methods" above in this specification.
The storage unit 520 may include readable media in the form of volatile storage units, such as a random access memory unit (RAM)521 and/or a cache memory unit 522, and may further include a read only memory unit (ROM) 523.
The storage unit 520 may also include a program/utility 524 having a set (at least one) of program modules 525, such program modules 525 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
Bus 530 may be one or more of any of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 500 may also communicate with one or more external devices 700 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 500, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 500 to communicate with one or more other computing devices. Such communication may occur via input/output (I/O) interfaces 550. Also, the electronic device 500 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) via the network adapter 560. As shown, the network adapter 560 communicates with the other modules of the electronic device 500 over the bus 530. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 500, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a terminal device, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
According to a fourth aspect of the present disclosure, there is also provided a computer-readable storage medium having stored thereon a program product capable of implementing the above-mentioned method of the present specification. In some possible embodiments, aspects of the invention may also be implemented in the form of a program product comprising program code means for causing a terminal device to carry out the steps according to various exemplary embodiments of the invention described in the above section "exemplary methods" of the present description, when said program product is run on the terminal device.
Referring to fig. 6, a program product 600 for implementing the above method according to an embodiment of the present invention is described, which may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present invention is not limited in this regard and, in the present document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
A computer readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
Furthermore, the above-described figures are merely schematic illustrations of processes involved in methods according to exemplary embodiments of the invention, and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.

Claims (10)

1. A multiple signature method, performed by a signature center comprising a signature unit and a plurality of signature participants, the method comprising:
each signature participant in the signature center acquires a prime order cycle group established based on a preset elliptic curve equation, wherein the cycle group comprises a generator, and the signature participant is provided with an identifier;
each signing party in the signing center receives a private key generated by the key generation center according to the identification of the signing party;
each signing party in the signing authority obtains its public key based on its private key using the following formula:
Xi=g^xi,
wherein, XiIs the public key of the ith signature participant, g is the generator of the cyclic group, xiIs the private key of the ith signing party;
when a signature request aiming at a message to be signed is received, each signature participant in the signature center generates a random number, and a signature unit in the signature center acquires a target random point on the preset elliptic curve by using the following formula based on the random numbers of the signature participants:
Ri=g^ri
R=R1*R2*…*Rn
wherein D isiIs a random point, r, obtained for the ith signature participant on the preset elliptic curveiThe random number generated by the ith signature participant is greater than 0 and smaller than the order of the cyclic group, R is a target random point obtained based on the random numbers of the signature participants, and n is the number of the signature participants;
and each signing party in the signing center signs the message to be signed by using the following formula based on the target random point and sends the message to be signed to a signing unit in the signing center, and the signing unit synthesizes the signature of each signing party to obtain the signature of the message to be signed:
si=ri+c*IDi*xi
wherein, IDiThe identity of the ith signing party is represented by c ═ H (X, R, m), H is a hash function, m is the message to be signed, X is the set of public keys of all signing parties in the signing authority, siThe signature name of the message to be signed, which is synthesized by the signature unit, is (R, S), and S is S1+s2+…+snAnd n is the number of signature participants.
2. The method of claim 1, wherein after the step of each signing party in the signing authority obtaining the public key of the signing party based on the private key of the signing party, the method further comprises:
each signature participant in the signature center publishes the public key of the signature participant so that the signature verifier can obtain a public key set consisting of the public keys of all signature participants in the signature center;
after the step of signing the message to be signed by each signing party in the signing center based on the target random point and sending the signed message to the signing unit in the signing center, and the signing unit synthesizing the signature of each signing party to obtain the signature of the message to be signed, the method further comprises the following steps:
and a signature unit in the signature center sends the signature of the message to be signed to a target signature verifier, so that the target signature verifier verifies the message to be signed by using the public key set.
3. The method of claim 2, wherein the target signature verifier verifies the message to be signed using the set of public keys based on the following formula:
g^S=R*(X1^ID1+…+Xn^IDn)*c。
4. the method of claim 1, wherein the predetermined elliptic curve equation has a general formula of:
y^2=x^3+a*x+b(mod p),
wherein a and b are coefficients of the preset elliptic curve equation, and p is a modulus.
5. The method of claim 1, wherein the key generation center generates a private key from the identity of each signing party by:
and the key generation center performs hash operation on the identification of each signature participant by using a hash algorithm specific to the key generation center to obtain the private key of each signature participant.
6. The method of claim 1, wherein the key generation center generates a private key from the identity of each signing party by:
the key generation center encrypts the identification of each signature participant by using a private key of the key generation center to obtain the private key of each signature participant.
7. The method according to any one of claims 1 to 6, wherein the type of the identifier of each signature participant in the signature center is the same, and the type of the identifier of each signature participant is one of an identity card number, a mobile phone number and a mailbox address.
8. A signature center, comprising: the signature unit comprises a target random point acquisition module and a synthesis module, and the signature party comprises an acquisition module, a receiving module, a public key acquisition module, a generation module and a signature module, wherein:
the acquisition module is used for acquiring a prime order cycle group established based on a preset elliptic curve equation, the cycle group comprises a generator, and the signature participant has an identifier;
the receiving module is used for receiving a private key generated by the key generation center according to the identification of the signature participant;
a public key obtaining module, configured to obtain, based on the private key of the signing party, the public key of the signing party by using the following formula:
Xi=g^xi,
wherein, XiIs the public key of the ith signature participant, g is the generator of the cyclic group, xiIs the private key of the ith signing party;
the generation module is used for generating a random number when receiving a signature request aiming at a message to be signed;
a target random point obtaining module, configured to obtain a target random point on the preset elliptic curve based on the random number of each signature participant by using the following formula:
Ri=g^ri
R=R1*R2*…*Rn
wherein R isiIs a random point, r, obtained for the ith signature participant on the preset elliptic curveiThe random number generated by the ith signature participant is greater than 0 and smaller than the order of the cyclic group, R is a target random point obtained based on the random numbers of the signature participants, and n is the number of the signature participants;
the signature module is used for respectively signing the message to be signed by using the following formulas based on the target random point and sending the signed message to a signature unit in the signature center:
si=ri+c*IDi*xi
wherein, IDiThe identity of the ith signing party is represented by c ═ H (X, R, m), H is a hash function, m is the message to be signed, X is the set of public keys of all signing parties in the signing authority, siSigning the message to be signed for the ith signing party;
a synthesis module for synthesizing the signature of each signature participant to obtain the signature (R, S) of the message to be signed, wherein S is S1+s2+…+snAnd n is the number of signature participants.
9. A computer-readable program medium, characterized in that it stores computer program instructions which, when executed by a computer, cause the computer to perform the method according to any one of claims 1 to 7.
10. An electronic device, wherein the electronic device is a signing participant, the electronic device comprising:
a processor;
memory having stored thereon computer readable instructions which, when executed by the processor, carry out the steps of the method of any one of claims 1 to 7 performed by a signing party.
CN201910671776.9A 2019-07-24 2019-07-24 Multiple signature method, signature center, program medium, and electronic device Active CN110351096B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201910671776.9A CN110351096B (en) 2019-07-24 2019-07-24 Multiple signature method, signature center, program medium, and electronic device
PCT/CN2019/123094 WO2021012574A1 (en) 2019-07-24 2019-12-04 Multisignature method, signature center, medium and electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910671776.9A CN110351096B (en) 2019-07-24 2019-07-24 Multiple signature method, signature center, program medium, and electronic device

Publications (2)

Publication Number Publication Date
CN110351096A CN110351096A (en) 2019-10-18
CN110351096B true CN110351096B (en) 2022-02-01

Family

ID=68180024

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910671776.9A Active CN110351096B (en) 2019-07-24 2019-07-24 Multiple signature method, signature center, program medium, and electronic device

Country Status (2)

Country Link
CN (1) CN110351096B (en)
WO (1) WO2021012574A1 (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110351096B (en) * 2019-07-24 2022-02-01 深圳壹账通智能科技有限公司 Multiple signature method, signature center, program medium, and electronic device
CN111162912B (en) * 2019-12-30 2021-06-15 深圳前海微众银行股份有限公司 Verification method and device suitable for block chain and storage medium
CN111523889B (en) * 2020-04-17 2023-09-01 昆明大棒客科技有限公司 Multiple signature implementation method, device, equipment and storage medium
CN111817858A (en) * 2020-07-27 2020-10-23 北京金仓幸福科技有限公司 Block chain data security method based on multiple signatures
CN112737777B (en) * 2020-12-29 2023-01-10 北京百度网讯科技有限公司 Threshold signature and signature verification method, device, equipment and medium based on secret key
CN112613882B (en) * 2020-12-29 2023-06-02 成都知道创宇信息技术有限公司 Distributed signature system and management method
CN113112269B (en) * 2021-04-09 2023-11-28 杭州复杂美科技有限公司 Multiple signature method, computer device, and storage medium
CN113139197A (en) * 2021-04-27 2021-07-20 上海淇玥信息技术有限公司 Project signature checking method and device and electronic equipment
CN113343259B (en) * 2021-06-17 2023-09-29 北京宏思电子技术有限责任公司 SM 2-based joint signature realization method and device, electronic equipment and storage medium
CN113381856A (en) * 2021-07-07 2021-09-10 北京明朝万达科技股份有限公司 Digital signature and signature verification method, system, device and storage medium
CN114070556B (en) * 2021-11-15 2023-07-25 成都卫士通信息产业股份有限公司 Threshold ring signature method and device, electronic equipment and readable storage medium
CN113869901B (en) * 2021-12-02 2022-05-10 腾讯科技(深圳)有限公司 Key generation method, key generation device, computer-readable storage medium and computer equipment
CN115001711B (en) * 2022-06-10 2024-01-30 成都卫士通信息产业股份有限公司 Information signing method, device, electronic equipment and computer readable storage medium
CN114780923B (en) * 2022-06-17 2022-09-27 杭州天谷信息科技有限公司 Electronic seal management and control method and system

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101459506B (en) * 2007-12-14 2011-09-14 华为技术有限公司 Cipher key negotiation method, system, customer terminal and server for cipher key negotiation
CN102983971B (en) * 2012-10-10 2015-07-15 中国科学技术大学苏州研究院 Certificateless signature algorithm for user identity authentication in network environment
CN107171788B (en) * 2017-04-08 2020-06-30 西安邮电大学 Identity-based online and offline aggregated signature method with constant signature length
CN106941406B (en) * 2017-05-02 2019-11-08 深圳奥联信息安全技术有限公司 Identify-based encryption endorsement method, decryption sign test method and device thereof
GB201709367D0 (en) * 2017-06-13 2017-07-26 Nchain Holdings Ltd Computer-implemented system and method
CN107395370B (en) * 2017-09-05 2020-07-14 深圳奥联信息安全技术有限公司 Identification-based digital signature method and device
CN108650097B (en) * 2018-04-28 2021-03-09 上海扈民区块链科技有限公司 Efficient digital signature aggregation method
CN109064170B (en) * 2018-07-23 2021-10-22 西安电子科技大学 Group signature method without trusted center
CN110011806B (en) * 2019-03-22 2022-02-25 西安邮电大学 Multiple homomorphic signature method under multi-source network coding mechanism
CN110351096B (en) * 2019-07-24 2022-02-01 深圳壹账通智能科技有限公司 Multiple signature method, signature center, program medium, and electronic device

Also Published As

Publication number Publication date
CN110351096A (en) 2019-10-18
WO2021012574A1 (en) 2021-01-28

Similar Documents

Publication Publication Date Title
CN110351096B (en) Multiple signature method, signature center, program medium, and electronic device
CN107483212B (en) Method for generating digital signature by cooperation of two parties
US11757656B2 (en) Efficient post-quantum anonymous attestation with signature-based join protocol and unlimited signatures
CN111200502B (en) Collaborative digital signature method and device
KR20190035835A (en) Data processing method and device
CN107483191B (en) SM2 algorithm key segmentation signature system and method
EP2582085A1 (en) Generating implicit certificates
US11716206B2 (en) Certificate based security using post quantum cryptography
US20130091362A1 (en) Generating implicit certificates
CN111010277B (en) Key exchange method, device, storage medium and computing device
US11750403B2 (en) Robust state synchronization for stateful hash-based signatures
US11575515B2 (en) Post-quantum secure remote attestation for autonomous systems
US11722313B2 (en) State synchronization for post-quantum signing facilities
CN109905229B (en) Anti-quantum computing Elgamal encryption and decryption method and system based on group asymmetric key pool
CN112887081A (en) SM 2-based signature verification method, device and system
CN114785524B (en) Electronic seal generation method, device, equipment and medium
CN108880807A (en) Private key signature process method, apparatus, equipment and medium
Shen et al. Application and implementation of multivariate public key cryptosystem in blockchain (short paper)
CN114037447A (en) Method and device for off-line transaction
CN111314080B (en) SM9 algorithm-based collaborative signature method, device and medium
WO2020177109A1 (en) Lot-drawing processing method, trusted chip, node, storage medium and electronic device
CN114567448B (en) Collaborative signature method and collaborative signature system
CN111147254B (en) Method and device for generating EdDSA digital signature cooperated by two parties
CN111355584B (en) Method and apparatus for generating blockchain multi-signatures
CN109639409B (en) Key initialization method, key initialization device, electronic equipment and computer-readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
CB02 Change of applicant information

Address after: 201, room 518000, building A, No. 1, front Bay Road, Qianhai Shenzhen Guangdong Shenzhen Hong Kong cooperation zone (Qianhai business secretary)

Applicant after: Shenzhen one ledger Intelligent Technology Co., Ltd.

Address before: 518000 Guangdong city of Shenzhen province Qianhai Shenzhen Hong Kong cooperation zone before Bay Road No. 1 building 201 room A

Applicant before: Shenzhen one ledger Intelligent Technology Co., Ltd.

CB02 Change of applicant information
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant