CN111355582A  Twoparty combined signature and decryption method and system based on SM2 algorithm  Google Patents
Twoparty combined signature and decryption method and system based on SM2 algorithm Download PDFInfo
 Publication number
 CN111355582A CN111355582A CN202010138468.2A CN202010138468A CN111355582A CN 111355582 A CN111355582 A CN 111355582A CN 202010138468 A CN202010138468 A CN 202010138468A CN 111355582 A CN111355582 A CN 111355582A
 Authority
 CN
 China
 Prior art keywords
 calculating
 signature
 algorithm
 private key
 joint
 Prior art date
 Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
 Pending
Links
 238000004422 calculation algorithm Methods 0.000 title claims abstract description 60
 238000004364 calculation method Methods 0.000 claims abstract description 18
 238000000034 method Methods 0.000 claims description 12
 238000009795 derivation Methods 0.000 claims description 8
 230000003993 interaction Effects 0.000 claims description 5
 238000010200 validation analysis Methods 0.000 abstract 1
 238000010586 diagram Methods 0.000 description 5
 238000010561 standard procedure Methods 0.000 description 5
 230000000875 corresponding Effects 0.000 description 2
 230000004048 modification Effects 0.000 description 2
 238000006011 modification reaction Methods 0.000 description 2
 238000002360 preparation method Methods 0.000 description 2
 230000000694 effects Effects 0.000 description 1
Classifications

 H—ELECTRICITY
 H04—ELECTRIC COMMUNICATION TECHNIQUE
 H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
 H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
 H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
 H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyperelliptic curves

 H—ELECTRICITY
 H04—ELECTRIC COMMUNICATION TECHNIQUE
 H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
 H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
 H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, nonrepudiation, key authentication or verification of credentials
 H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, nonrepudiation, key authentication or verification of credentials involving digital signatures
 H04L9/3252—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, nonrepudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
Abstract
The invention provides a combined signature and decryption method and system based on an SM2 algorithm, which are applicable to twoparty transactions. Specifically, both parties involved in the calculation respectively have partial private keys, and a common public key is calculated. The two parties respectively use own partial private keys, can sign the transaction message through joint calculation, and can decrypt the ciphertext through joint calculation; in the joint signature and decryption calculation, both the participating parties cannot acquire any information of the private key of the other party. The two parties jointly sign and decrypt to achieve simultaneous common validation of transactions. The joint signature can be verified by a common public key, and the nonrepudiation of the two parties to the transaction can be verified by onetime verification. The signature verification and encryption use standard methods of the SM2 algorithm to enable compatibility with existing public key applications. In addition, under the condition that an attacker invades any one party, the signature cannot be forged or the decryption cannot be carried out, so that the security of the private key in the calculation of the two parties is improved, and the signature or decryption abuse after the private key is leaked is avoided.
Description
Technical Field
The invention relates to the technical field of signature decryption, in particular to a method and a system for twoparty combined signature and decryption based on SM2 algorithm.
Background
The SM2 algorithm is an elliptic curve asymmetric cryptographic algorithm, is a cryptographic algorithm independently developed in China, and has been released as the national standard GB/T32918. The SM2 algorithm may implement signature and signature verification functions.
According to the algorithm specification, the SM2 algorithm signature method is described as follows: let G be a reference point on the elliptic curve, dA be a private key, PA be a public key, PA ═ dA × G, and the signature result obtained by performing digital signature calculation on the message e is (r, s); firstly, selecting a random number k, and calculating re + x1, wherein (x1, y1) kG; calculate s ═ (1+ dA)^{1}*(kr*dA)。
According to the algorithm specification, the SM2 algorithm verifies the signature method as follows: elliptic curve parameters specified by known signature (r, s), public key PA and SM2 algorithm; firstly, calculating t ═ r + s, and if t ═ 0, then the verification is not passed; otherwise, calculating r '═ x1+ e, judging whether r' is equal to r, and if so, passing the verification.
According to the algorithm specification, the SM2 algorithm encryption method is as follows: the method comprises the following steps of setting a message needing to be sent as a bit string M and klen as the bit length of M, and encrypting a plaintext M by using a public key PA:
a1, generating a random number k ∈ [1, n1] by using a random number generator, wherein n is a natural number, and calculating an elliptic curve point C1 (k G) (x1, y1), wherein G is a reference point on the elliptic curve, and k G represents a ktime far point of the reference point;
a2: calculating an elliptic curve point S ═ H × PA, if S is an infinite point, reporting an error and exiting; h is a cofactor specified by the SM2 algorithm, and is 1 by default;
a3: calculating an elliptic curve point k × PA ═ (x2, y2), and converting the data types of the coordinates x2 and y2 into bit strings; calculating t as KDF (x2  y2, klen), and if t is all 0bit string, returning to the step 1; KDF is a key derivation function specified by the SM2 algorithm, with the output being a key sequence;
a4, calculating C2M ⊕ t, wherein ⊕ is exclusiveor operation, and calculating C3Hash (x 2M y2), wherein the Hash is a Hash function specified by SM2 algorithm;
a5: and outputting the ciphertext C1C 2C 3.
According to the algorithm specification, the SM2 algorithm decryption method is as follows: assuming that a message to be decrypted is a bit string C1   C2   C3, and klen is the bit length of C2 in a ciphertext, decrypting the ciphertext C by using a private key dA, the method includes the following operation steps:
b1: taking out a bit string C1 from C, converting C1 into points on an elliptic curve, verifying whether C1 meets an elliptic curve equation, and if not, reporting an error and exiting; calculating an elliptic curve point SHC1, if S is an infinite point, reporting an error and exiting;
b2: calculating dA × C1 ═ (x2, y2), and converting coordinates x2 and y2 into a bit string;
b3: calculating t as KDF (x2  y2, klen), if t is all 0 bit string, reporting an error and exiting; KDF is a key derivation function specified by the SM2 algorithm, with the output being a key sequence;
b4, taking out a bit string C2 from C, calculating M '═ C2 ⊕ t, ⊕ is XOR operation, calculating u ═ Hash (x2  M'   y2), taking out a bit string C3 from C, if u is not equal to C3, reporting an error and exiting, wherein Hash is a Hash function specified by SM2 algorithm;
b5: the plaintext M' is output.
SM2 signatures can be used to guarantee the integrity of transaction messages, guaranteeing nonrepudiation of computations, based on the private key being unique and owned by the holder. Since the public key can be published, the signature can be verified by the computing participant or a third party. The signature confirmation of the twoparty transaction usually means that the two parties mutually confirm after signing respectively, the two parties need to use the public keys to verify respectively during verification, the process is long, and the confirmation mechanism is complex.
Based on public key publicity characteristics, when the data confidentiality of the participator is calculated, the issued public key can be used for encryption; based on the fact that the private key is unique and owned by the holder, the ciphertext can be guaranteed to be decrypted only by the owner of the private key. In a scenario that decryption needs two parties to confirm, a complex interaction control mechanism is usually adopted; or a mechanism of data reencryption and bothparty successive encryption. However, both methods have the risks of complicated control and control conditions skipped by attacks.
In addition, the common method for protecting the private key is to store the private key in special independent security hardware, but the special independent security hardware has high issuing cost, poor equipment compatibility and inconvenient use; the other method is to issue the private key in a file form, but the private key is easy to steal; after stealing, there is a risk of misuse because existing signing or decryption operations can be done independently using the private key.
Disclosure of Invention
The present invention is directed to solving the above problems by providing a twoparty joint signature and decryption method and system based on SM2 algorithm. The technical scheme is as follows:
a twoparty joint signing and decrypting system based on the SM2 algorithm, comprising:
the system comprises a client and a cloud server; the client side stores a private key a and a public key Pa, the cloud server side stores a private key b and a public key Pb, and the client side and the cloud server side perform information interaction;
the client receives the transaction file needing to be signed, the private key a is used for calculating a first partial signature Q1, the private key b is used for calculating a complete signature Q2 by combining with Q1, the cloud server feeds back Q2 to the client, and the client publishes the transaction file and the Q2 together;
the client requests the cloud server to decrypt the file, the private key b is used for calculating the first part of decrypted data, and the private key a is used for calculating the complete decrypted data by combining the first part of decrypted data;
and the public key Pa and the public key Pb are used for joint operation to obtain a joint public key Pu, and the joint public key Pu is used for verifying the complete signature Q2 and encrypting the file.
A twoparty combined signature and decryption method based on SM2 algorithm is characterized in that two parties are marked as A and B, A has a private key a and a public key Pa, B has a private key B and a public key Pb,
the twoparty joint signature comprises the following steps:
c1, B sends Pb to A;
c2, A generates a joint public key Pu through Pa and Pb;
c3, given the transaction message E, A calculates a first partial signature Q1 using the private key a, A sends Q1 to B;
c4, B calculates a complete signature Q2 by using Q1 and a private key B, wherein Q2 is signed by a joint public key Pu;
the two parties jointly decrypt, comprising the following steps:
d1, giving a combined public key Pu to encrypt the message M to obtain a ciphertext C, calculating by the aid of the private key a and the ciphertext C to obtain first part decryption data by the aid of the A, and sending the first part decryption data to the B;
b, the first part of decrypted data, the private key B and the ciphertext C are used for calculating to obtain complete decrypted data, namely plaintext M.
Optionally, in C3, the calculation process of the first partial signature Q1 obtained by a using the private key a is as follows:
1) a generates a random number m, and calculates s31 ═ m × G, wherein G is a reference base point of SM 2;
2) generating a random number k, calculating k × G ═ (x1, y1), and taking x1 of the point;
3) the hash value of the transaction message E is marked as E, and r is calculated as E + x 1;
4) calculating s32 ═ s31 ═ (kr a);
5) calculating s33 ═ s31 × (1+ a);
6) let Q1 ═ (r, s32, s 33).
Optionally, in C4, the calculation process of the full signature Q2 by B using Q1 and the private key B is as follows:
1) calculating s41 ═ s33 × (1+ b);
2) the overall inversion of s41 gave s42 ═ s41^{1}；
3) Calculating s43 ═ s33 ═ r ═ b;
4) calculating s 44s 32s 43;
5) calculating s 45s 42s 44;
6) s45, and outputs the full signature Q2 ═ r, s as the signature of the transaction message E.
Optionally, in D1, the process of encrypting the message M with the public key Pu to obtain the ciphertext C is as follows:
1) let the elliptic curve point C1 ═ k × G ═ x1, y 1;
2) calculating the elliptic curve point S ═ H × P_{A}If S is an infinite point, an error is reported and the operation is exited, wherein H is a cofactor specified by the SM2 algorithm and is 1 by default;
3) calculating an elliptic curve point K × Pu ═ (x2, y2), that is, K × (Pa + Pb + a × Pb) ═(x2, y2), and converting the data types of the coordinates x2 and y2 into bit strings;
calculating t as KDF (x2  y2, klen), if t is all 0 bit string, returning to step 1), where KDF is a key derivation function specified by SM2 algorithm, and the output is a key sequence;
4) calculating C2M ⊕ t, ⊕ is exclusiveor operation, calculating C3Hash (x 2M y2), wherein the Hash is a Hash function specified by SM2 algorithm;
5) and outputting the ciphertext C1C 2C 3.
Optionally, in D1, a calculates the first part of decrypted data using private key a as follows:
a takes out a bit string C1 from C, calculates H x C1, H is a cofactor parameter specified by SM2 algorithm, if H x C1 is an infinite point, an error is reported and exits, otherwise, s61 is calculated as a x C1; a sends s61 to B.
Optionally, in 2, the process of obtaining the complete decrypted data, i.e. the plaintext M, by using the first partial decrypted data and the private key B is as follows:
1) b, extracting C1 from the ciphertext C, calculating s71 ═ B ═ C1, calculating s72 ═ B ═ s61 ═ B ═ a × C1, calculating s73 ═ s61+ s71+ s72 ═ s + B ═ C1, and marking the coordinates of s42 as (x2, y 2);
2) calculating t as KDF (x2  y2, klen), if t is all 0 bit string, reporting an error and exiting; KDF is a key derivation function specified by the SM2 algorithm, with the output being a key sequence;
3) taking out a bit string C2 from C, calculating M '═ C2 ⊕ t, calculating u ═ Hash (x2   M'   y2), taking out a bit string C3 from C, and if u is not equal to C3, reporting an error and exiting;
4) the output plaintext M equals M'.
The invention has the beneficial effects that:
the invention provides a method and a system for joint signature and decryption of two parties of SM2 in twoparty transaction. The two parties respectively use own partial private keys to sign the transaction message through joint calculation, and in the joint signature calculation, both the participating parties cannot acquire any information of the private key of the other party. The signature obtained by joint calculation can be verified by a public key shared by both parties, and the verification uses a standard method of an SM2 algorithm. In the method, the confirmation of both parties to the transaction is completed by one signature; the signature can be checked by a public key shared by two parties, the nonrepudiation of the two parties of the transaction can be confirmed by onetime checking, and the checking uses a standard method of an SM2 algorithm, so that the existing public key application can be compatible. In addition, under the condition that an attacker invades any one party, the signature cannot be forged, so that the security of the private key in the calculation of the two parties is improved, and the signature abuse after the private key is leaked is avoided.
Drawings
The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure without limiting the disclosure. In the drawings:
fig. 1 is a flow chart of a twoparty joint signing and decrypting method based on SM2 algorithm according to the present invention;
FIG. 2 is a diagram of the steps of the twoparty joint signature based on the SM2 algorithm according to the present invention;
fig. 3 is a diagram of the steps of the twoparty joint decryption based on the SM2 algorithm according to the present invention;
FIG. 4 is a flowchart of the certificate preparation phase of the twoparty federated signing and decrypting system of the present invention;
FIG. 5 is a flow diagram of a joint signature phase of a twoparty joint signature and decryption system of the present invention;
FIG. 6 is a flow diagram of a signature verification phase of the twoparty federated signature and decryption system described in the present invention;
FIG. 7 is a flow diagram of the data encryption phase of the twoparty federated signing and decryption system of the present invention;
fig. 8 is a flow chart of the data encryption phase of the twoparty joint signing and decrypting system of the present invention.
Detailed Description
The following detailed description of specific embodiments of the present disclosure is provided in connection with the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present disclosure, are given by way of illustration and explanation only, not limitation.
As shown in fig. 1, the invention relates to a twoparty joint signing and decrypting method based on SM2 algorithm, two parties are marked as a and B, a has a private key a and a public key Pa, B has a private key B and a public key Pb,
the twoparty joint signature comprises the following steps:
c1, B sends Pb to A;
c2, A generates a joint public key Pu through Pa and Pb;
c3, given the transaction message E, A calculates a first partial signature Q1 using the private key a, A sends Q1 to B;
c4, B calculates a complete signature Q2 by using Q1 and a private key B, wherein Q2 is signed by a joint public key Pu;
the two parties jointly decrypt, comprising the following steps:
d1, giving a combined public key Pu to encrypt the message M to obtain a ciphertext C, calculating by the aid of the private key a and the ciphertext C to obtain first part decryption data by the aid of the A, and sending the first part decryption data to the B;
d2, B uses the first part of decrypted data, the private key B and the ciphertext C to calculate the complete decrypted data, namely the plaintext M.
The two parties involved in the transaction respectively have partial private keys and share a public key. As shown by MA1 in fig. 2, a party participating in a transaction is denoted as a, having a private key a and a public key Pa. As shown by MB1 in fig. 2, another party to the transaction is designated B, having a private key B and a public key Pb. Either party can compute a public key common to both parties, an example of the invention is computed by a. As shown in MA2 in fig. 2, B transmits Pb to a, and a calculates the common public key Pu + Pb + a Pb after receiving Pb. SM2 is an elliptic curve cryptography algorithm with defined parameters, the set of points on the elliptic curve belonging to the addition domain; according to the operation rule of the addition domain, the private key corresponding to Pu is recorded as u ═ a + b + a ×, b, and it can be known that the private key a and the private key b are partial private keys forming the private key u. The common public key Pu may be published.
The two participating parties can sign the message by joint calculation by using their own partial private keys, respectively, as described below. As shown by MA3 in fig. 2, for message E, party a computes a first partial signature Q1 using private key a as follows:
1) a generates a random number m, and calculates s31 ═ m × G, wherein G is a reference base point of SM 2;
2) generating a random number k, calculating k × G ═ (x1, y1), and taking x1 of the point;
3) calculating a hash value of the transaction message E as E, and calculating r as E + x 1;
4) calculating s32 ═ s31 ═ (kr a);
5) calculating s33 ═ s31 × (1+ a);
6) keeping the partial signature Q1 ═ r (r, s32, s33), party a sends Q1 to party B.
As shown in MB2 in fig. 2, after receiving the partial signature Q1, party B calculates the full signature Q2 as follows:
1) calculating s41 ═ s33 ═ (1+ b) ═ s31 ═ (1+ a + b + a ×) b;
2) the overall inversion of s41 gave s42 ═ s31 ═ s (1+ a + b + a } b)^{1}，()^{1}Means inversion of the formula in parentheses;
3) calculating s43 ═ s33 ═ r ═ b ═ s31 ═ r ═ b + r ═ a ═ b);
4) calculating s 44s 32s 43s 31 (kr (a + b + a) b));
5) calculate s45 ═ s42 ═ s44
＝(s31*(1+a+b+a*b))^{1}*s31*(kr*(a+b+a*b))
＝(1+a+b+a*b)^{1}*(kr*(a+b+a*b))；
6) S45, and outputs the full signature Q2 ═ r, s as the signature of the transaction message E.
As can be seen from the SM2 signature algorithm, the signature result is (r, s), where r is e + x1 and s is (1+ d)_{A})^{1}*(kr*d_{A}). From the common public key Pu, the common public key Pu is Pa + Pb + a Pb, and the corresponding private key u is (a + b + a b). Noting the private key u as d_{A}(a + b + a + b), then s46 ═ 1+ d_{A})^{1}*(kr*d_{A}) The full signature Q2 can be derived to conform to the SM2 standard structure.
The signature obtained by joint calculation can be verified by a public key shared by both parties, and the verification uses the standard method of the SM2 algorithm, which is described below. Noting the private key u as d_{A}(a + b + a ×) and the combined computed full signature Q2 ═ r, s, r ═ e + x1, s ═ 1+ d_{A})^{1}*(kr*d_{A}). Since Q2 fully conforms to the SM2 signature method, it can be deduced that the signature can be signed by the public key Pu, and the signatureverifying algorithm uses the SM2 standard method.
The joint decryption of the present invention is described in detail below with reference to fig. 3.
In the invention, the message M is a ciphertext C generated by encrypting the public key Pu, which conforms to the SM2 standard method, and the ciphertext C (C1  C2  C3) conforms to the SM2 ciphertext standard format. The specific process is as follows:
1) let the elliptic curve point C1 ═ k × G ═ x1, y 1;
2) calculating the elliptic curve point S ═ H × P_{A}If S is an infinite point, an error is reported and the operation is exited, wherein H is a cofactor specified by the SM2 algorithm and is 1 by default;
3) calculating an elliptic curve point K × Pu ═ (x2, y2), that is, K × (Pa + Pb + a × Pb) ═(x2, y2), and converting the data types of the coordinates x2 and y2 into bit strings;
calculating t as KDF (x2  y2, klen), if t is all 0 bit string, returning to step 1), where KDF is a key derivation function specified by SM2 algorithm, and the output is a key sequence;
4) calculating C2M ⊕ t, ⊕ is exclusiveor operation, calculating C3Hash (x 2M y2), wherein the Hash is a Hash function specified by SM2 algorithm;
5) and outputting the ciphertext C1C 2C 3.
The public key Pu is encrypted by the encryption module M to generate a ciphertext C, and the participating parties can decrypt the ciphertext C by joint calculation by using partial private keys of the participating parties respectively, which is described as follows. As shown by MA4 in fig. 3, for ciphertext C, party a computes the first portion of decrypted data using private key a as follows:
a takes out a bit string C1 from C, calculates H x C1, H is a cofactor parameter specified by SM2 algorithm, if H x C1 is an infinite point, an error is reported and exits, otherwise, s61 is calculated as a x C1; a sends s61 to B.
As shown in MB3 in fig. 3, the process of B obtaining the complete decrypted data, i.e. the plaintext M, using the first part of decrypted data and the private key B is as follows:
1) b, extracting C1 from the ciphertext C, calculating s71 ═ B ═ C1, calculating s72 ═ B ═ s61 ═ B ═ a × C1, calculating s73 ═ s61+ s71+ s72 ═ s + B ═ C1, and marking the coordinates of s42 as (x2, y 2);
2) calculating t as KDF (x2  y2, klen), if t is all 0 bit string, reporting an error and exiting; KDF is a key derivation function specified by the SM2 algorithm, with the output being a key sequence;
3) taking out a bit string C2 from C, calculating M '═ C2 ⊕ t, calculating u ═ Hash (x2   M'   y2), taking out a bit string C3 from C, and if u is not equal to C3, reporting an error and exiting;
4) the output plaintext M equals M'.
The invention also provides a twoparty combined signature and decryption system based on the SM2 algorithm, which comprises:
the system comprises a client and a cloud server; the client side stores a private key a and a public key Pa, the cloud server side stores a private key b and a public key Pb, and the client side and the cloud server side perform information interaction;
the client receives the transaction file needing to be signed, the private key a is used for calculating a first partial signature Q1, the private key b is used for calculating a complete signature Q2 by combining with Q1, the cloud server feeds back Q2 to the client, and the client publishes the transaction file and the Q2 together;
the client requests the cloud server to decrypt the file, the private key b is used for calculating the first part of decrypted data, and the private key a is used for calculating the complete decrypted data by combining the first part of decrypted data;
a third party, specifically a certificate signing authority (CA); and the third party stores a combined public key Pu obtained by the operation of the public key Pa and the public key Pb sent by the client, the third party performs information interaction with the client and the cloud server respectively, the client and the cloud server obtain the combined public key Pu from the third party, and the combined public key Pu is used for verifying the complete signature Q2 and encrypting the file.
Certificate preparation, as shown in fig. 4: and the cloud server sends Pb to the client. After receiving Pb, the client calculates the common public key Pu ═ Pa + Pb + a × Pb. The client sends Pu to the CA, and the CA issues a certificate CPu containing Pu.
Joint signature, as shown in fig. 5: the client receives a transaction file E needing to be signed, and the file needs to be signed. The client first obtains the hash value e of the file through hash calculation. The client calculates a first partial signature Q1 by using the partial private key a, and the client sends the first partial signature Q1 to the cloud server.
And after the cloud server receives the Q1, calculating a complete signature Q2 by using the partial private key b. The cloud server sends the complete signature Q2 to the client, and the client publishes the signature together with the file E.
Signature verification, as shown in fig. 6: when any one of the cloud server side or the client side or other third parties needs to verify the integrity, authenticity and transaction nonrepudiation of the transaction file E, firstly, a certificate CPu is obtained, and a common public key Pu is obtained from the certificate CPu; the hash value E of file E is then calculated and the signature Q2 is verified using Pu.
Data encryption, as shown in fig. 7: when any one party of a cloud server or a client, or other third party, needs to encrypt a file M, a certificate CPu is obtained first, and a common public key Pu is obtained from the certificate CPu; and generating a ciphertext C after encrypting M by using Pu.
Joint decryption, as shown in fig. 8: when the client needs to decrypt the ciphertext C, the cloud server is requested to perform combined decryption, the cloud server acquires C1 from the ciphertext C, calculates by using a part of private keys to obtain a first part of decrypted data, and sends the first part of decrypted data to the client. And after receiving the first part of decrypted data, the client acquires a complete plaintext from the ciphertext C according to the joint decryption step.
The preferred embodiments of the present disclosure are described in detail with reference to the accompanying drawings, however, the present disclosure is not limited to the specific details of the above embodiments, and various simple modifications may be made to the technical solution of the present disclosure within the technical idea of the present disclosure, and these simple modifications all belong to the protection scope of the present disclosure.
It should be noted that, in the foregoing embodiments, various features described in the above embodiments may be combined in any suitable manner, and in order to avoid unnecessary repetition, various combinations that are possible in the present disclosure are not described again.
In addition, any combination of various embodiments of the present disclosure may be made, and the same should be considered as the disclosure of the present disclosure, as long as it does not depart from the spirit of the present disclosure.
Claims (7)
1. A twoparty joint signing and decrypting system based on the SM2 algorithm, comprising:
the system comprises a client and a cloud server; the client side stores a private key a and a public key Pa, the cloud server side stores a private key b and a public key Pb, and the client side and the cloud server side perform information interaction;
the client receives the transaction file needing to be signed, the private key a is used for calculating a first partial signature Q1, the private key b is used for calculating a complete signature Q2 by combining with Q1, the cloud server feeds back Q2 to the client, and the client publishes the transaction file and the Q2 together;
the client requests the cloud server to decrypt the file, the private key b is used for calculating the first part of decrypted data, and the private key a is used for calculating the complete decrypted data by combining the first part of decrypted data;
and the public key Pa and the public key Pb are used for joint operation to obtain a joint public key Pu, and the joint public key Pu is used for verifying the complete signature Q2 and encrypting the file.
2. Method for twoparty joint signing and decrypting based on SM2 algorithm, applied to the system for twoparty joint signing and decrypting based on SM2 algorithm claimed in claim 1, two parties are marked A and B, A has private key a and public key Pa, B has private key B and public key Pb,
the twoparty joint signature comprises the following steps:
c1, B sends Pb to A;
c2, A generates a joint public key Pu through Pa and Pb;
c3, given the transaction message E, A calculates a first partial signature Q1 using the private key a, A sends Q1 to B;
c4, B calculates a complete signature Q2 by using Q1 and a private key B, wherein Q2 can be checked by a joint public key Pu;
the two parties jointly decrypt, comprising the following steps:
d1, giving a combined public key Pu to encrypt the message M to obtain a ciphertext C, calculating by the aid of the private key a and the ciphertext C to obtain first part decryption data by the aid of the A, and sending the first part decryption data to the B;
d2, B uses the first part of decrypted data, the private key B and the ciphertext C to calculate the complete decrypted data, namely the plaintext M.
3. The method for twoparty joint signing and decrypting based on SM2 algorithm, joint signing method, according to claim 2, wherein in C3, the calculation process of the first partial signature Q1 by A using private key a is as follows:
1) a generates a random number m, and calculates s31 ═ m × G, wherein G is a reference base point of SM 2;
2) generating a random number k, calculating k × G ═ (x1, y1), and taking x1 of the point;
3) the hash value of the transaction message E is marked as E, and r is calculated as E + x 1;
4) calculating s32 ═ s31 ═ (kr a);
5) calculating s33 ═ s31 × (1+ a);
6) let Q1 ═ (r, s32, s 33).
4. The method for twoparty joint signing and decrypting based on SM2 algorithm, joint signing method, in accordance with claim 3, wherein in C4, the calculation process of B's full signature Q2 using Q1 and private key B is as follows:
1) calculating s41 ═ s33 × (1+ b);
2) the overall inversion of s41 gave s42 ═ s41^{1}；
3) Calculating s43 ═ s33 ═ r ═ b;
4) calculating s 44s 32s 43;
5) calculating s 45s 42s 44;
6) s45, and outputs the full signature Q2 ═ r, s as the signature of the transaction message E.
5. The twoparty joint signing and decrypting method and the joint decrypting method based on the SM2 algorithm according to claim 4, wherein in D1, the process of obtaining the ciphertext C by combining the public key Pu to encrypt the message M is as follows:
1) let the elliptic curve point C1 ═ k × G ═ x1, y 1;
2) calculating the elliptic curve point S ═ H × P_{A}If S is an infinite point, an error is reported and the operation is exited, wherein H is a cofactor specified by the SM2 algorithm and is 1 by default;
3) calculating an elliptic curve point K × Pu ═ (x2, y2), that is, K × (Pa + Pb + a × Pb) ═(x2, y2), and converting the data types of the coordinates x2 and y2 into bit strings;
calculating t as KDF (x2  y2, klen), if t is all 0 bit string, returning to step 1), where KDF is a key derivation function specified by SM2 algorithm, and the output is a key sequence;
4) calculating C2M ⊕ t, ⊕ is exclusiveor operation, calculating C3Hash (x 2M y2), wherein the Hash is a Hash function specified by SM2 algorithm;
5) and outputting the ciphertext C1C 2C 3.
6. The method for twoparty joint signing and decrypting based on SM2 algorithm, joint decrypting method, according to claim 5, wherein in D1, the process of A calculating the first part of decrypted data using private key a is as follows:
a takes out a bit string C1 from C, calculates H x C1, H is a cofactor parameter specified by SM2 algorithm, if H x C1 is an infinite point, an error is reported and exits, otherwise, s61 is calculated as a x C1; a sends s61 to B.
7. The method for twoparty joint signing and decrypting based on SM2 algorithm according to claim 6, wherein in D2, the process that B obtains complete decrypted data (plaintext M) using the first part decrypted data and the private key B is as follows:
1) b, extracting C1 from the ciphertext C, calculating s71 ═ B ═ C1, calculating s72 ═ B ═ s61 ═ B ═ a × C1, calculating s73 ═ s61+ s71+ s72 ═ s + B ═ C1, and marking the coordinates of s42 as (x2, y 2);
2) calculating t as KDF (x2  y2, klen), if t is all 0 bit string, reporting an error and exiting; KDF is a key derivation function specified by the SM2 algorithm, with the output being a key sequence;
3) taking out a bit string C2 from C, calculating M '═ C2 ⊕ t, calculating u ═ Hash (x2   M'   y2), taking out a bit string C3 from C, and if u is not equal to C3, reporting an error and exiting;
4) the output plaintext M equals M'.
Priority Applications (1)
Application Number  Priority Date  Filing Date  Title 

CN202010138468.2A CN111355582A (en)  20200303  20200303  Twoparty combined signature and decryption method and system based on SM2 algorithm 
Applications Claiming Priority (1)
Application Number  Priority Date  Filing Date  Title 

CN202010138468.2A CN111355582A (en)  20200303  20200303  Twoparty combined signature and decryption method and system based on SM2 algorithm 
Publications (1)
Publication Number  Publication Date 

CN111355582A true CN111355582A (en)  20200630 
Family
ID=71197248
Family Applications (1)
Application Number  Title  Priority Date  Filing Date 

CN202010138468.2A Pending CN111355582A (en)  20200303  20200303  Twoparty combined signature and decryption method and system based on SM2 algorithm 
Country Status (1)
Country  Link 

CN (1)  CN111355582A (en) 
Cited By (1)
Publication number  Priority date  Publication date  Assignee  Title 

CN112822155A (en) *  20201221  20210518  陕西土豆数据科技有限公司  Aerial photography data encryption and decryption method based on state password 
Citations (4)
Publication number  Priority date  Publication date  Assignee  Title 

CN104243456A (en) *  20140829  20141224  中国科学院信息工程研究所  Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm 
CN108199835A (en) *  20180119  20180622  北京江南天安科技有限公司  A kind of multiparty joint private key decryption method and system 
CN109088726A (en) *  20180719  20181225  郑州信大捷安信息技术股份有限公司  Communicating pair collaboration signature and decryption method and system based on SM2 algorithm 
CN109672539A (en) *  20190301  20190423  深圳市电子商务安全证书管理有限公司  SM2 algorithm collaboration signature and decryption method, apparatus and system 

2020
 20200303 CN CN202010138468.2A patent/CN111355582A/en active Pending
Patent Citations (4)
Publication number  Priority date  Publication date  Assignee  Title 

CN104243456A (en) *  20140829  20141224  中国科学院信息工程研究所  Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm 
CN108199835A (en) *  20180119  20180622  北京江南天安科技有限公司  A kind of multiparty joint private key decryption method and system 
CN109088726A (en) *  20180719  20181225  郑州信大捷安信息技术股份有限公司  Communicating pair collaboration signature and decryption method and system based on SM2 algorithm 
CN109672539A (en) *  20190301  20190423  深圳市电子商务安全证书管理有限公司  SM2 algorithm collaboration signature and decryption method, apparatus and system 
Cited By (1)
Publication number  Priority date  Publication date  Assignee  Title 

CN112822155A (en) *  20201221  20210518  陕西土豆数据科技有限公司  Aerial photography data encryption and decryption method based on state password 
Similar Documents
Publication  Publication Date  Title 

JP6515246B2 (en)  Determination of common secrets for the secure exchange of information and hierarchical and deterministic encryption keys  
CN108352015B (en)  Secure multiparty lossresistant storage and encryption key transfer for blockchain based systems in conjunction with wallet management systems  
CN107196763B (en)  SM2 algorithm collaborative signature and decryption method, device and system  
CN107707358B (en)  ECKCDSA digital signature generation method and system  
US8670563B2 (en)  System and method for designing secure clientserver communication protocols based on certificateless public key infrastructure  
US7650494B2 (en)  Method and apparatus for use in relation to verifying an association between two parties  
JP5205398B2 (en)  Key authentication method  
CN107733648B (en)  Identitybased RSA digital signature generation method and system  
US9705683B2 (en)  Verifiable implicit certificates  
CN107947913B (en)  Anonymous authentication method and system based on identity  
CN104821880B (en)  One kind is without certificate broad sense agent signcryption method  
CN107968710B (en)  SM9 digital signature separation interaction generation method and system  
WO2021042685A1 (en)  Transaction method, device, and system employing blockchain  
CN107659395B (en)  Identitybased distributed authentication method and system in multiserver environment  
US20210152370A1 (en)  Digital signature method, device, and system  
CN110113155B (en)  Highefficiency certificateless public key encryption method  
CN106936584B (en)  Method for constructing certificateless public key cryptosystem  
CN112564907B (en)  Key generation method and device, encryption method and device, and decryption method and device  
Saranya et al.  Cloud based efficient authentication for mobile payments using key distribution method  
CN112104453B (en)  Antiquantum computation digital signature system and signature method based on digital certificate  
CN108055134B (en)  Collaborative computing method and system for elliptic curve point multiplication and pairing operation  
CN110120939B (en)  Encryption method and system capable of repudiation authentication based on heterogeneous system  
CN111355582A (en)  Twoparty combined signature and decryption method and system based on SM2 algorithm  
CN111565108B (en)  Signature processing method, device and system  
Barker et al.  Sp 80056b. recommendation for pairwise key establishment schemes using integer factorization cryptography 
Legal Events
Date  Code  Title  Description 

PB01  Publication  
PB01  Publication  
SE01  Entry into force of request for substantive examination  
SE01  Entry into force of request for substantive examination 