CN111582867A - Collaborative signature and decryption method and device, electronic equipment and storage medium - Google Patents

Collaborative signature and decryption method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN111582867A
CN111582867A CN202010394747.5A CN202010394747A CN111582867A CN 111582867 A CN111582867 A CN 111582867A CN 202010394747 A CN202010394747 A CN 202010394747A CN 111582867 A CN111582867 A CN 111582867A
Authority
CN
China
Prior art keywords
data
client
server
result
denotes
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010394747.5A
Other languages
Chinese (zh)
Other versions
CN111582867B (en
Inventor
冯飞龙
郭昕
石吉东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Tonghuashun Intelligent Technology Co Ltd
Original Assignee
Zhejiang Tonghuashun Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Tonghuashun Intelligent Technology Co Ltd filed Critical Zhejiang Tonghuashun Intelligent Technology Co Ltd
Priority to CN202010394747.5A priority Critical patent/CN111582867B/en
Priority to CN202310780865.3A priority patent/CN116823260A/en
Publication of CN111582867A publication Critical patent/CN111582867A/en
Application granted granted Critical
Publication of CN111582867B publication Critical patent/CN111582867B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Abstract

The application relates to a collaborative signature and decryption method and device, an electronic device and a storage medium. The method at least comprises the following steps: the client performs first part signature processing on the first message to obtain a first processing result; the client sends the first processing result to a server, and the server performs second partial signature processing based on the first processing result to obtain a second processing result; and the client receives a second processing result sent by the server, and calculates a signature result corresponding to the first message based on the second processing result.

Description

Collaborative signature and decryption method and device, electronic equipment and storage medium
Technical Field
The present application relates to the field of security technologies, and in particular, to a collaborative signature and decryption method and apparatus, an electronic device, and a storage medium.
Background
Aiming at the services with frequent trading and high real-time requirement in the security industry, a user needs to carry a hardware medium, such as an intelligent password key (Ukey), and when a signature is needed, the signature operation is completed by calling the hardware drive of the intelligent password key. The signature mode has the defects of inconvenient operation, inconvenient carrying, low acceptance of the intelligent password key and the like.
Disclosure of Invention
In order to solve the above problems, the present application provides a collaborative signature and decryption method, apparatus, electronic device, and storage medium.
In a first aspect, an embodiment of the present application provides a collaborative signature method, including:
the client performs first part signature processing on the first message to obtain a first processing result;
the client sends the first processing result to a server, and the server performs second partial signature processing based on the first processing result to obtain a second processing result;
and the client receives a second processing result sent by the server, and calculates a signature result corresponding to the first message based on the second processing result.
In a second aspect, an embodiment of the present application provides a collaborative decryption method, including:
the client sends the first target data in the ciphertext to the server, and the server performs first part decryption processing on the first target data to obtain a first decryption result; the ciphertext is obtained by encrypting a plaintext through a cooperative public key, and the ciphertext consists of the following data: first target data, second target data, and third target data;
the client carries out second partial decryption processing on the first target data in the ciphertext to obtain a second decryption result;
the client receives a first decryption result sent by the server, and calculates a cooperative decryption result based on the first decryption result and the second decryption result;
and the client calculates a derived key based on the cooperative decryption result, and decrypts second target data in the ciphertext based on the derived key to obtain a plaintext corresponding to the ciphertext.
In a third aspect, an embodiment of the present application provides a collaborative signing apparatus, including:
the processing unit is used for carrying out first part signature processing on the first message to obtain a first processing result;
the interaction unit is used for sending the first processing result to a server, and the server carries out second partial signature processing based on the first processing result to obtain a second processing result; receiving a second processing result sent by the server;
the processing unit is further configured to calculate a signature result corresponding to the first message based on the second processing result.
In a fourth aspect, an embodiment of the present application provides a cooperative decryption apparatus, including:
the interactive unit is used for sending first target data in the ciphertext to the server, and the server performs first part decryption processing on the first target data to obtain a first decryption result; the ciphertext is obtained by encrypting a plaintext through a cooperative public key, and the ciphertext consists of the following data: first target data, second target data, and third target data;
the processing unit is used for carrying out second part decryption processing on the first target data in the ciphertext to obtain a second decryption result;
the interaction unit is further configured to receive a first decryption result sent by the server;
the processing unit is further configured to calculate a collaborative decryption result based on the first decryption result and the second decryption result; and calculating a derived key based on the cooperative decryption result, and decrypting second target data in the ciphertext based on the derived key to obtain a plaintext corresponding to the ciphertext.
In a fifth aspect, an embodiment of the present application provides an electronic device, including:
one or more processors;
a memory communicatively coupled to the one or more processors;
one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the one or more processors, the one or more programs configured to perform the methods described above.
In a fourth aspect, the present application provides a computer-readable storage medium, which stores a computer program, and when the computer program is executed by a processor, the computer program implements the method described above.
By adopting the technical scheme of the embodiment of the application, the client and the server which participate in the signature cooperatively complete the signature process under the condition that respective private keys are not disclosed, and the client and the server must participate simultaneously in the signature process without recovering the complete private key in the signature process, so that the safety of the private keys of the client and the server is ensured. On the other hand, the client and the server which participate in the decryption cooperatively complete the decryption process under the condition that respective private keys are not disclosed, and the client and the server need not recover the complete private keys in the decryption process, so that the security of the private keys of the client and the server is ensured.
Drawings
Fig. 1 is a first schematic flow chart illustrating an implementation process of a collaborative signature method according to an embodiment of the present application;
fig. 2 is a first schematic flow chart illustrating an implementation process of a public key negotiation method provided in the embodiment of the present application;
fig. 3 is a first schematic flow chart illustrating an implementation of a cooperative decryption method according to an embodiment of the present application;
fig. 4 is a schematic diagram illustrating an implementation flow of a public key negotiation method according to an embodiment of the present application;
fig. 5 is a schematic flow chart illustrating an implementation process of a collaborative signature method according to an embodiment of the present application;
fig. 6 is a schematic diagram of an implementation flow of the cooperative decryption method according to the embodiment of the present application;
fig. 7 is a schematic structural component diagram of a cooperative signature apparatus according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of a cooperative decryption apparatus according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
In some of the flows described in the specification and claims of the present application and in the above-described figures, a number of operations are included that occur in a particular order, but it should be clearly understood that the flows may include more or less operations, and that the operations may be performed sequentially or in parallel.
The digital signature mechanism is one of means for guaranteeing the network information security, and can solve the problems of counterfeiting, repudiation, impersonation and tampering. The current online trading system in the securities industry uses an intelligent password key (Ukey) to store key information, and when a signature is needed, the signature operation is completed by calling the hardware drive of the intelligent password key. The private key of the user cannot be revealed and needs to be always stored in the hand of the client, which is the core of the intelligent password key guarantee.
Aiming at the services with frequent trading and high real-time requirement in the security industry, a user needs to carry a hardware medium, such as an intelligent password key (Ukey), and when a signature is needed, the signature operation is completed by calling the hardware drive of the intelligent password key. However, the signature method has the disadvantages of inconvenient operation, inconvenient carrying, easy loss, high hardware cost and the like. In addition, with the popularization of the mobile internet, the mobile trading accounts for a step higher than the securities network trading, most of the hardware devices of the traditional intelligent password key are Universal Serial Bus (USB) interfaces, cannot be compatible with the mobile devices, and are difficult to popularize.
Based on this, the embodiment of the application provides a collaborative signature and decryption method, a collaborative signature and decryption device, an electronic device and a storage medium.
The technical scheme of the embodiment of the application provides a novel SM2 signature method and an SM2 decryption method. The novel SM2 signature method belongs to a collaborative signature method, namely a signature method requiring the participation of both a client and a server, and the novel SM2 signature can be called a collaborative SM2 signature method. The novel SM2 decryption method belongs to a collaborative decryption method, namely a decryption method requiring the participation of both a client and a server, and the novel SM2 decryption method can be called a collaborative SM2 decryption method.
It should be noted that the collaborative signature method and the collaborative decryption method in the embodiment of the present application are implemented based on the following preconditions: the client and the server determine the following contents through a national secret standard algorithm: elliptic curve parameters E (Fp), G and n, where E is an elliptic curve defined over a finite element field Fp, G is a base point on the elliptic curve E, and n is the order of the base point, cryptographic hash algorithms, key derivation functions, random number generators. The cipher hash algorithm may use a cipher hash algorithm annotated by the national cipher administration, such as SM3 cipher hash algorithm; the key derivation function has the role of deriving a key (called a derived key); the random number generator may use a random number generator annotated by the national crypto authority for generating random numbers.
Fig. 1 is a first schematic flow chart of an implementation process of a cooperative signature method provided in an embodiment of the present application, as shown in fig. 1, the method includes:
step 101: the client performs first partial signature processing on the first message to obtain a first processing result.
In the embodiment of the present application, the client performs a first partial signature process on a first message in the following manner:
1-1) the client processes the first message based on a hash function to obtain first data;
specifically, the first message is denoted as M', the Hash function is denoted as Hash, the first data is denoted as e, and the following formula holds:
e=Hash(M’) (1)
here, the hash function may be implemented using a cryptographic hash algorithm, such as SM3 cryptographic hash algorithm.
It should be noted that the first message refers to a message to be signed, and the first data (i.e. e) may also be referred to as a message digest.
1-2) the client generates a first random number, and calculates second data based on the first random number and a base point;
here, the client may generate a first random number through the random number generator, specifically, the first random number is represented as k1 and ranges from [1, n-1], i.e., k1 ∈ [1, n-1], the base point is represented as G, and the second data is represented as Q1, and the following formula holds:
Q1=k1[*]G (2)
here, [ ] denotes a dot product operation.
1-3) the client computing third data based on a first private key of the client side, the first random number and an order of a base point;
specifically, the client calculates the third data by the following formula:
s1=(1+D1⊕U1)-1*k1 mod n (3)
where s1 denotes third data, D1 ≦ U1 denotes a first private key on the client side, k1 denotes a first random number, n denotes the base point order, and mod denotes a remainder operation.
First data (i.e., e), second data (i.e., Q1), and third data (i.e., s1) can be obtained through the above-mentioned steps 1-1), 1-2), and 1-3), and it should be noted that the first processing result in the embodiment of the present application includes the first data, the second data, and the third data.
Step 102: and the client sends the first processing result to a server, and the server performs second partial signature processing based on the first processing result to obtain a second processing result.
Here, the client transmits the first processing result, i.e., the first data (i.e., e), the second data (i.e., Q1), and the third data (i.e., s1) to the server. Performing, by the server, the following operations based on the first processing result:
2-1) generating a second random number, and calculating fourth data based on the second random number and a base point;
here, the server may generate a second random number through a random number generator, specifically, the second random number is represented by k2 and ranges from [1, n-1], i.e., k2 ∈ [1, n-1], the base point is represented by G, and the fourth data is represented by Q2, and the following formula holds:
Q2=k2[*]G (4)
here, [ ] denotes a dot product operation.
2-2) generating a third random number, calculating fifth data based on the third random number, the second data and the fourth data, wherein the fifth data is represented as (x1, y 1);
here, the server may further generate a third random number through a random number generator, specifically, the third random number is represented as k3 and ranges from [1, n-1], that is, k3 ∈ [1, n-1], and the fifth data is represented as (x1, y1), where the following formula holds:
(x1,y1)=k3[*](Q1+Q2) (5)
here, (x1, y1) represents the point coordinates corresponding to the fifth data, x1 represents the abscissa corresponding to the fifth data, y1 represents the ordinate corresponding to the fifth data, [. sup. ] represents the dot product operation, Q1 represents the second data (see the above equation (2)), and Q2 represents the fourth data (see the above equation (4)).
2-3) calculating sixth data based on x1 in the fifth data, the first data, and the order of the base point;
specifically, the sixth data is represented by the following formula:
r=x1+e mod n (6)
where r denotes the sixth data, x1 denotes the abscissa in the fifth data, e denotes the first data (see the above equation (1)), and n denotes the order of the base point.
2-4) if the sixth data is not equal to 0, calculating seventh data based on the second private key of the server, the third random number, the third data and the order of the base point, and calculating eighth data based on the second private key of the server, the sixth data, the third random number, the second random number and the order of the base point;
specifically, if r ≠ 0, the seventh data is calculated by the following formula:
s2 =(1+D2⊕U2)-1*k3*s1 mod n (7)
where s2 denotes seventh data, D2 ≦ U2 denotes a second private key on the service side, k3 denotes a third random number, s1 denotes third data (see the above equation (3)), and n denotes the order of the base point;
and calculating eighth data by the following formula:
s3=(1+D2⊕U2)-1*(r+k3*k2) mod n (8)
where s3 denotes eighth data, D2 ≦ U2 denotes the second private key on the service side, r denotes sixth data (see the above equation (6)), k3 denotes a third random number, k2 denotes a second random number, and n denotes the rank of the base point.
Sixth data (i.e., r), seventh data (i.e., s2), and eighth data (i.e., s3) can be obtained through the above-mentioned 2-1), 2-2), 2-3), and 2-4), and it should be noted that the second processing result in the embodiment of the present application includes the sixth data, the seventh data, and the eighth data.
Then, the server transmits the sixth data (i.e., r), the seventh data (i.e., s2), and the eighth data (i.e., s3) to the client, referring to the following step 103.
Step 103: and the client receives a second processing result sent by the server, and calculates a signature result corresponding to the first message based on the second processing result.
Here, the client receives the second processing result, i.e., the sixth data (i.e., r), the seventh data (i.e., s2), and the eighth data (i.e., s3), sent by the server. And the client calculates a signature result corresponding to the first message based on the second processing result. Specifically, the client calculates a signature result corresponding to the first message by:
3-1) the client computing ninth data based on the client's first private key, the sixth data, the seventh data, the eighth data, and the order of the base point;
specifically, the client calculates the ninth data by the following formula:
s=s2–r+(1+D1⊕U1)-1*s3 mod n (9)
where s denotes ninth data, s2 denotes seventh data (see the above equation (7)), r denotes sixth data (see the above equation (6)), D1 ≦ U1 denotes the first private key on the client side, s3 denotes eighth data (see the above equation (8)), n denotes the order of the base point, mod denotes a remainder operation, and ≦ denotes an exclusive or operation.
3-2) if the ninth data is not equal to 0 and the ninth data is not equal to the step of the base point minus the sixth data, the client combines the sixth data and the ninth data into a signature result.
Specifically, (r, s) indicates the sixth data (see the above equation (6)), s indicates the ninth data (see the above equation (9)), and n indicates the rank of the base point as the signature result if r ≠ 0 and s ≠ n-r.
According to the technical scheme of the embodiment of the application, the client side and the server side which participate in the signature cooperatively complete the signature process under the condition that respective private keys are not disclosed, and the client side and the server side must participate simultaneously in the signature process, and the complete private key does not need to be recovered in the signature process, so that the safety of the private keys of the client side and the server side is ensured, and in addition, the server side participates in part of the signature process, so that the processing advantage of the server side can be utilized to improve the signature efficiency and quality.
In the technical scheme of the embodiment of the application, the first private key at the client side and the second private key at the server side are involved, and the two private keys are respectively and independently arranged at the two sides of the client side and the server side, so that the security of the private keys of the two sides is guaranteed. After the signature of the first message is completed through the technical scheme, the signature result obtained can be signed by adopting a national secret standard signature verification method, wherein a public key adopted in the signature verification process is a public key jointly negotiated between the client and the server and is called a negotiation public key. How the negotiation public key is determined is described below with fig. 2, as well as a client-side public-private key pair and a service-side public-private key pair. It should be noted that the scheme described in the following fig. 2 may be implemented in combination with the scheme described above with reference to fig. 1, or may be implemented separately.
Fig. 2 is a first schematic flow chart illustrating an implementation process of a public key negotiation method provided in an embodiment of the present application, as shown in fig. 2, the method includes:
step 201: the client generates a first private key of the client side based on the first device information of the client and the first target random number.
Specifically, the first private key at the client side is represented by U1 ≦ D1, where U1 represents the first device information of the client and D1 represents the first target random number. U1 ≧ D1 is in the range [1, n-1], i.e. (U1 ≦ D1) ∈ [1, n-1 ]. It should be noted that the first private key is a private key of the client itself, and may also be referred to as a self-private key of the client.
Step 202: and the client calculates a first public key of the client side based on the first private key and the base point.
In particular, the first public key is denoted as P1, wherein,
P1=(D1⊕U1)[*]G (10)
here, G denotes a base point, [ ] denotes a dot product operation.
Step 203: and the client sends the first public key to a server, and the server generates a collaborative public key based on the first public key.
Here, the client sends the first public key (i.e. P1) to the server, and the server generates a collaborative public key based on the first public key, specifically:
4-1) generating a second private key of the server side based on second device information of the server side and a second target random number.
Here, the second private key at the server side is denoted by U2 ≦ D2, where U2 denotes second device information of the server side, and D2 denotes a second target random number. U2 ≧ D2 is in the range [1, n-1], i.e. (U2 ≦ D2) ∈ [1, n-1 ]. It should be noted that the second private key is a private key of the server itself, and may also be referred to as a self-private key of the server.
4-2) calculating a second public key of the server side based on the second private key and the base point.
In particular, the second public key is denoted as P2, wherein,
P2=(D2⊕U2)[*]G (11)
here, G denotes a base point, [ ] denotes a dot product operation.
4-3) calculating a collaborative public key based on the first public key, the second public key and the second private key, the collaborative public key being expressed as:
P=P1+P2+(D2⊕U2)[*]P1 (12)
then, the server side publishes the P as a cooperative public key, and any other client side can obtain the cooperative public key.
In this embodiment of the present application, the cooperative public key is used to verify a signature result corresponding to the first message in the scheme shown in fig. 1. And the signature verification method can be adopted, and the signature verification is carried out on the signature result by using the cooperative public key.
Fig. 3 is a first schematic flow chart of an implementation process of the cooperative decryption method provided in the embodiment of the present application, and as shown in fig. 3, the method includes:
step 301: the client side sends the first target data in the ciphertext to the server side, and the server side conducts first part decryption processing on the first target data to obtain a first decryption result.
In the embodiment of the application, the ciphertext is obtained by encrypting a plaintext through a cooperative public key, and the ciphertext is composed of the following data: first target data, second target data, and third target data.
For example: the ciphertext is represented as M, M ═ C1| | | C2| | | C3, where | | | represents a concatenation symbol, C1 represents first target data, C2 represents second target data, and C3 represents third target data. The client may extract the first target data (i.e., C1), the second target data (i.e., C2), and the third target data (i.e., C3) from the ciphertext.
Then, the client sends the first target data in the ciphertext to the server, and the server performs a first partial decryption process on the first target data to obtain a first decryption result, specifically, the first decryption result is represented by the following formula:
T1=(D2⊕U2)[*]C1 (13)
where T1 indicates the first decryption result, D2 ≦ U2 indicates the second private key on the service side, C1 indicates the first target data, [ × ] indicates a dot product operation, and ≦ indicates an exclusive or operation.
Step 302: and the client performs second partial decryption processing on the first target data in the ciphertext to obtain a second decryption result.
Specifically, the second decryption result is represented by the following formula:
T2=(D1⊕U1)[*]C1 (14)
where T2 indicates the second decryption result, D1 ≦ U1 indicates the first private key on the client side, C1 indicates the first target data, and [) indicates the dot product operation.
Step 303: and the client receives a first decryption result sent by the server and calculates a cooperative decryption result based on the first decryption result and the second decryption result.
Specifically, the client calculates the cooperative decryption result based on the following formula:
(x2,y2)=T1+T2+(D1⊕U1)[*]T1 (15)
wherein, (x2, y2) represents the collaborative decryption result, T1 represents the first decryption result, T2 represents the second decryption result, D1 ≦ U1 represents the first private key on the client side, and [ ] represents the dot product operation.
It should be noted that (x2, y2) represents point coordinates corresponding to the collaborative decryption result, x2 represents an abscissa corresponding to the collaborative decryption result, and y2 represents an ordinate corresponding to the collaborative decryption result.
Step 304: and the client calculates a derived key based on the cooperative decryption result, and decrypts second target data in the ciphertext based on the derived key to obtain a plaintext corresponding to the ciphertext.
Specifically, the client calculates the derived key based on the following formula:
t=KDF(x2||y2,klen) (16)
wherein t represents a derived key, KDF represents a key derivation function, | | | represents a concatenation symbol, x2 represents an abscissa of the cooperative decryption result, y2 represents an ordinate of the cooperative decryption result, and klen represents a length of the derived key;
the client calculates the plaintext corresponding to the ciphertext based on the following formula:
M`=C2⊕t (17)
where M' represents a plaintext corresponding to the ciphertext, C2 represents second target data in the ciphertext, and ≧ represents an exclusive or operation.
According to the technical scheme of the embodiment of the application, the client and the server which participate in decryption cooperatively complete the decryption process under the condition that respective private keys are not disclosed, and the client and the server must participate simultaneously in the decryption process without recovering the complete private keys in the decryption process, so that the security of the private keys of the client and the server is ensured, and in addition, the server participates in part of the decryption process, so that the processing advantage of the server can be utilized to improve the decryption efficiency and the decryption quality.
In the technical scheme of the embodiment of the application, the first private key at the client side and the second private key at the server side are involved, and the two private keys are respectively and independently arranged at the two sides of the client side and the server side, so that the security of the private keys of the two sides is guaranteed. The ciphertext in the above technical solution may be obtained by encrypting the plaintext by using a public key through a national standard encryption algorithm, where the used public key may be a public key negotiated between the client and the server, and is referred to as a negotiated public key. Fig. 2 shows how to determine the negotiated public key, and the public-private key pair on the client side and the public-private key on the service side, which will not be described in detail. It should be noted that the scheme related to fig. 2 may be implemented in combination with the scheme related to fig. 3, or may be implemented separately.
It should be noted that, in the embodiment of the present application, the first message, the signature result corresponding to the first message, the ciphertext, and the plaintext corresponding to the ciphertext may be converted into a bit string with a limited length for processing.
Fig. 4 is a schematic diagram of an implementation flow of a public key negotiation method provided in an embodiment of the present application, and as shown in fig. 4, the method includes:
step 401: the client acquires the first device information U1 on the client side, generates a first target random number D1, and takes (U1 ^ D1) epsilon [1, n-1] as the self-private key of the client.
Here, U1 ≦ D1 may also be referred to as the first private key on the client side.
Step 402: the client calculates P1 [ ] G (D1 [ ] U1) [ ] G, and sends P1 to the server.
Here, P1 is the first public key on the client side.
Step 403: the server side acquires the second device information U2 of the server side, generates a second target random number D2, and takes (U2 ^ D2) epsilon [1, n-1] as the self-private key of the server side.
Here, U2 ≦ D2 may also be referred to as the second private key on the server side.
Step 404: the server calculates P2 ═ (D2 ≦ U2 [ ] G.
Here, P1 is the first public key on the client side.
Step 405: the server calculates P ═ P1+ P2+ (D2 ≦ U2) [ ] P1, and discloses P as a negotiation public key.
Fig. 5 is a schematic view of an implementation flow chart of a collaborative signature method provided in an embodiment of the present application, and as shown in fig. 5, the method includes:
step 501: the client computes e ═ Hash (M '), where M' is the first message to be signed.
Here, e is the first data, and may also be referred to as a message digest.
Step 502-the client generates a first random number k1 ∈ [1, n-1]]Calculating Q1 ═ k1 [. ]]G, and s1 ═ (1+ D1 ⊕ U1)-1K 1mod n and sends e, Q1, s1 to the server.
Here, Q1 is the second data, and s1 is the third data.
Step 503: the server generates a second random number k2 ∈ [1, n-1], and calculates Q2 ═ k2[ ] G.
Here, Q2 is fourth data.
Step 504: the server generates a second random number k3 ∈ [1, n-1], calculates (x1, y1) ═ k3[ ((Q1 + Q2)), and r ═ x1+ e mod n.
Here, (x1, y1) is the fifth data, and r is the sixth data.
Step 505: the server side judges whether r is equal to 0 or not, if sor ≠ 0, calculating s2 ═ 1+ D2 ⊕ U2)-1K3 s1mod n, and s3 ═ 1+ D2 ⊕ U2)-1(r + k3 k2) mod n and sends r, s2, s3 to the client.
Here, s2 is the seventh data, and s3 is the eighth data.
Step 506, the client calculates s as 2-r + (1+ D1 ⊕ U1)-1*s3 mod n。
Here, s is ninth data.
Step 507: the client determines whether s is equal to 0 and s is equal to n-r, if r ≠ 0 and s ≠ n-r, (r, s) is taken as the signature result.
Fig. 6 is a schematic diagram of an implementation flow of the cooperative decryption method provided in the embodiment of the present application, and as shown in fig. 6, the illustrated method includes:
step 601: the client sends C1 in ciphertext to the server.
Here, the ciphertext is represented as M, M ═ C1| | C2| | C3, where | | | represents the concatenation symbol, C1 represents the first target data, C2 represents the second target data, and C3 represents the third target data. The client may extract the first target data (i.e., C1), the second target data (i.e., C2), and the third target data (i.e., C3) from the ciphertext.
Step 602: the server calculates T1 ═ (D2 ≦ U2 [) C1, and sends T1 to the client.
Here, T1 indicates the first decryption result, D2 ≦ U2 indicates the second private key on the service side, C1 indicates the first target data, [ × ] indicates a dot product operation, and ≦ indicates an exclusive or operation.
Step 603: the client calculates T2 ═ (D1 ≦ U1 [ ] C1.
Here, T2 denotes the second decryption result, D1 ≦ U1 denotes the first private key on the client side, C1 denotes the first target data, and [) denotes the dot product operation.
Step 604: the client calculates (x2, y2) ═ T1+ T2+ (D1 ≦ U1 [ ] T1.
Here, (x2, y2) indicates the cooperative decryption result.
Step 605: the client calculates t ═ KDF (x2| | y2, klen).
Here, t denotes a derived key, KDF denotes a key derivation function, | | | denotes a concatenation symbol, x2 denotes an abscissa of the cooperative decryption result, y2 denotes an ordinate of the cooperative decryption result, and klen denotes a length of the derived key.
Step 606: the client calculates M ═ C2 ≦ t.
Here, M' denotes a plaintext corresponding to the ciphertext, C2 denotes second target data in the ciphertext, and ≧ denotes an exclusive or operation.
The consistency of the collaborative signature method and the collaborative decryption method in the above technical solution is verified through some equations.
1) Equation one:
P=P1+P2+(D2⊕U2)[*]P1
=(D1⊕U1)[*]G+(D2⊕U2)[*]G+(D1⊕U1)(D2⊕U2)[*]G
=((D1⊕U1)+(D2⊕U2)+(D1⊕U1)(D2⊕U2))[*]G
2) equation two:
PA=DA[*]G
3) from the above equations one and two, the following equation three can be derived:
DA=((D1⊕U1)+(D2⊕U2)+(D1⊕U1)(D2⊕U2))mod n
4) equation four:
(x1,y1)=k3[*](Q1+Q2)
=k3[*](k1[*]G+k2[*]G)
=(k3*k1+k2*k3)[*]G
5) equation five:
(x,y)=k*G
6) from the above equations four and five, the following equation six can be derived:
k=k1*k3+k2*k3
7) equation seven:
s=s2–r+(1+D1⊕U1)-1*s3
=(1+D2⊕U2)-1*k3*(1+D1⊕U1)-1*k1+(1+D1⊕U1)-1*(1+D2⊕
U2)-1*(r+k3*k2)-r
=(1+D2⊕U2)-1*(1+D1⊕U1)-1*k1*k3+(1+D1⊕U1)-1*(1+D2⊕
U2)-1*(r+k3*k2)-r
=(1+(D1⊕U1)+(D2⊕U2)+(D1⊕U1)*(D2⊕U2))-1*k1*k3+(1+(D1⊕U1)+(D2⊕U2)+(D1⊕U1)*(D2⊕U2))-1*(r+k3*k2)-r
=(1+(D1⊕U1)+(D2⊕U2)+(D1⊕U1)*(D2⊕
U2))-1*(k1*k3+k2*k3+r-r*(1+(D1⊕U1)+(D2⊕U2)+(D1⊕U1)*(D2⊕U2))-1)
=(1+(D1⊕U1)+(D2⊕U2)+(D1⊕U1)*(D2⊕U2))-1*(k1*k3+k2*k3+r*(D1⊕U1)+(D2⊕U2)+(D1⊕U1)*(D2⊕U2))-1)
=(1+dA)-1*(k-r*dA)
the consistency of the co-signing method can be verified according to the seventh equation above.
8) Equation eight:
(x2,y2)=T1+T2+(D1⊕D2)[*]T1
=(D1⊕U1)[*]C1+(D2⊕U2)[*]C1+(D2⊕U2)(D1⊕U1)[*]C1
=((D1⊕U1)+(D2⊕U2)+(D2⊕U2)(D1⊕U1))[*]C1
=((D1⊕U1)+(D2⊕U2)+(D2⊕U2)(D1⊕U1))k[*]G
=k[*](DA[*]G)
=k[*]PA
the consistency of the cooperative decryption algorithm can be verified according to the above equation eight.
Fig. 7 is a schematic structural composition diagram of a cooperative signature apparatus provided in an embodiment of the present application, and as shown in fig. 7, the apparatus includes:
a processing unit 701, configured to perform a first partial signature process on a first message to obtain a first processing result;
an interaction unit 702, configured to send the first processing result to a server, where the server performs a second partial signature processing based on the first processing result to obtain a second processing result; receiving a second processing result sent by the server;
the processing unit 701 is further configured to calculate a signature result corresponding to the first message based on the second processing result.
In an optional manner, the processing unit 701 is specifically configured to process the first message based on a hash function to obtain first data; generating a first random number, and calculating second data based on the first random number and a base point; calculating third data based on a first private key of the client side, the first random number, and an order of a base point; wherein the first processing result includes the first data, the second data, and the third data.
In an optional manner, the processing unit 701 is specifically configured to calculate the third data according to the following formula:
s1=(1+D1⊕U1)-1*k1 mod n;
where s1 denotes third data, D1 ≦ U1 denotes a first private key on the client side, k1 denotes a first random number, and n denotes the rank of the base point.
In an optional manner, the performing, by the server, a second partial signature process based on the first processing result and obtaining a second processing result includes:
performing, by the server, the following operations based on the first processing result:
generating a second random number, and calculating fourth data based on the second random number and a base point;
generating a third random number, calculating fifth data based on the third random number, the second data and the fourth data, wherein the fifth data is represented as (x1, y 1);
calculating sixth data based on x1 in the fifth data, the first data, and the rank of the base point;
if the sixth data is not equal to 0, calculating seventh data based on the second private key of the server, the third random number, the third data and the order of the base point, and calculating eighth data based on the second private key of the server, the sixth data, the third random number, the second random number and the order of the base point;
wherein the second processing result includes the sixth data, the seventh data, and the eighth data.
In an alternative, the sixth data is represented by the following formula: r ═ x1+ e mod n; where r denotes sixth data, x1 denotes an abscissa in the fifth data, e denotes first data, and n denotes a rank of a base point;
the seventh data is expressed by the following formula, s2 ═ (1+ D2 ⊕ U2)-1K3 s1mod n, where s2 denotes seventh data, D2 ⊕ U2 denotes a second private key on the service end side, k3 denotes a third random number, s1 denotes third data, and n denotes the rank of the base point;
the eighth data is expressed by the following formula, s3 ═ (1+ D2 ⊕ U2)-1(r + k3 k2) mod n, where s3 denotes eighth data, D2 ⊕ U2 denotes a second private key on the service end side, r denotes sixth data, k3 denotes a third random number, k2 denotes a second random number, and n denotes the rank of the base point.
In an optional manner, the processing unit 701 is specifically configured to calculate ninth data based on the first private key of the client, the sixth data, the seventh data, the eighth data, and the order of the base point; if the ninth data is not equal to 0 and the ninth data is not equal to the step of the base point minus the sixth data, combining the sixth data and the ninth data into a signature result.
In an optional manner, the processing unit 701 is specifically configured to calculate the ninth data according to the following formula:
s=s2–r+(1+D1⊕U1)-1*s3 mod n;
where s denotes ninth data, s2 denotes seventh data, r denotes sixth data, D1 ≦ U1 denotes the first private key on the client side, s3 denotes eighth data, and n denotes the rank of the base point.
In an optional manner, the processing unit 701 is further configured to generate a first private key at the client side based on the first device information of the client and a first target random number, where the first private key at the client side is denoted by U1 ≧ D1, where U1 denotes the first device information of the client, and D1 denotes the first target random number; calculating a first public key at the client side based on the first private key and a base point, wherein the first public key is represented as P1, P1 ═ G (D1 ≦ U1) [ ] G, G represents the base point, and [ ] represents a dot product operation;
the interaction unit is further configured to send the first public key to a server, and the server generates a collaborative public key based on the first public key; and the cooperative public key is used for verifying the signature result corresponding to the first message.
In an optional manner, the generating, by the server, a collaborative public key based on the first public key includes:
performing, by the server, the following operations based on the first public key:
generating a second private key of the server side based on second device information of the server side and a second target random number, wherein the second private key of the server side is represented by U2 ^ D2, U2 represents the second device information of the server side, and D2 represents the second target random number;
calculating a second public key at the server side based on the second private key and a base point, wherein the second public key is represented as P2, P2 ═ G (D2 ≦ U2) [ ] G, G represents the base point, and [ ] represents a dot product operation;
calculating a collaborative public key, denoted as P1+ P2+ (D2 ^ U2) [. P1), based on the first public key, the second public key, and the second private key.
Here, it should be noted that: the descriptions of the embodiments of the apparatus are similar to the descriptions of the methods, and have the same advantages as the embodiments of the methods, and therefore are not repeated herein. For technical details not disclosed in the embodiments of the apparatus of the present application, those skilled in the art should refer to the description of the embodiments of the method of the present application for understanding, and for the sake of brevity, will not be described again here.
Fig. 8 is a schematic structural composition diagram of a cooperative decryption apparatus according to an embodiment of the present application, and as shown in fig. 8, the apparatus includes:
an interaction unit 801, configured to send first target data in a ciphertext to a server, where the server performs a first partial decryption process on the first target data to obtain a first decryption result; the ciphertext is obtained by encrypting a plaintext through a cooperative public key, and the ciphertext consists of the following data: first target data, second target data, and third target data;
a processing unit 802, configured to perform a second partial decryption process on the first target data in the ciphertext to obtain a second decryption result;
the interaction unit 801 is further configured to receive a first decryption result sent by the server;
the processing unit 802 is further configured to calculate a cooperative decryption result based on the first decryption result and the second decryption result; and calculating a derived key based on the cooperative decryption result, and decrypting second target data in the ciphertext based on the derived key to obtain a plaintext corresponding to the ciphertext.
In an alternative, the first decryption result is represented by the following formula: t1 ═ C1 (D2 ≦ U2 [ ] C1; wherein, T1 represents the first decryption result, D2 ≦ U2 represents the second private key at the service end, C1 represents the first target data, [) represents the dot product operation;
the second decryption result is represented by the following formula: t2 ═ C1 (D1 ≦ U1 [ ] C1; where T2 indicates the second decryption result, D1 ≦ U1 indicates the first private key on the client side, C1 indicates the first target data, and [) indicates the dot product operation.
In an optional manner, the processing unit 802 is specifically configured to calculate a cooperative decryption result based on the following formula:
(x2,y2)=T1+T2+(D1⊕U1)[*]T1;
wherein, (x2, y2) represents the collaborative decryption result, T1 represents the first decryption result, T2 represents the second decryption result, D1 ≦ U1 represents the first private key on the client side, and [ ] represents the dot product operation.
In an alternative, the processing unit 802 is specifically configured to calculate the derived key based on the following formula: t-KDF (x2 y2, klen); wherein t represents a derived key, KDF represents a key derivation function, | | | represents a concatenation symbol, x2 represents an abscissa of the cooperative decryption result, y2 represents an ordinate of the cooperative decryption result, and klen represents a length of the derived key; calculating the plaintext corresponding to the ciphertext based on the following formula: m ═ C2 ≦ t, where M' denotes a plaintext corresponding to the ciphertext, C2 denotes second target data in the ciphertext, and ≦ denotes an exclusive or operation.
In an optional manner, the processing unit 802 is further configured to generate a first private key at the client side based on the first device information of the client and a first target random number, where the first private key at the client side is denoted by U1 ≧ D1, where U1 denotes the first device information of the client, and D1 denotes the first target random number; calculating a first public key at the client side based on the first private key and a base point, wherein the first public key is represented as P1, P1 ═ G (D1 ≦ U1) [ ] G, G represents the base point, and [ ] represents a dot product operation;
the interaction unit 801 is further configured to send the first public key to a server, and the server generates a collaborative public key based on the first public key; and the cooperative public key is used for verifying the signature result corresponding to the first message.
In an optional manner, the generating, by the server, a collaborative public key based on the first public key includes:
performing, by the server, the following operations based on the first public key:
generating a second private key of the server side based on second device information of the server side and a second target random number, wherein the second private key of the server side is represented by U2 ^ D2, U2 represents the second device information of the server side, and D2 represents the second target random number;
calculating a second public key at the server side based on the second private key and a base point, wherein the second public key is represented as P2, P2 ═ G (D2 ≦ U2) [ ] G, G represents the base point, and [ ] represents a dot product operation;
calculating a collaborative public key, denoted as P1+ P2+ (D2 ^ U2) [. P1), based on the first public key, the second public key, and the second private key.
Here, it should be noted that: the descriptions of the embodiments of the apparatus are similar to the descriptions of the methods, and have the same advantages as the embodiments of the methods, and therefore are not repeated herein. For technical details not disclosed in the embodiments of the apparatus of the present application, those skilled in the art should refer to the description of the embodiments of the method of the present application for understanding, and for the sake of brevity, will not be described again here.
An embodiment of the present application further provides an electronic device, including: one or more processors; a memory communicatively coupled to the one or more processors; one or more application programs; wherein the one or more applications are stored in the memory and configured to be executed by the one or more processors, the one or more programs configured to perform the method described above.
In a specific example, the electronic device according to the embodiment of the present application may be embodied as a structure as shown in fig. 9, and the electronic device includes at least a processor 91, a storage medium 92, and at least one external communication interface 93; the processor 91, the storage medium 92, and the external communication interface 93 are all connected by a bus 94. The processor 91 may be a microprocessor, a central processing unit, a digital signal processor, a programmable logic array, or other electronic components with processing functions. The storage medium has stored therein computer executable code capable of performing the method of any of the above embodiments. In practical applications, the processing unit in the above scheme may be implemented by the processor 91.
Here, it should be noted that: the description of the embodiment of the electronic device is similar to the description of the method, and has the same beneficial effects as the embodiment of the method, and therefore, the description is omitted. For technical details that are not disclosed in the embodiments of the electronic device of the present application, those skilled in the art should refer to the description of the embodiments of the method of the present application for understanding, and for the sake of brevity, will not be described again here.
Embodiments of the present application also provide a computer-readable storage medium, which stores a computer program, and when the program is executed by a processor, the computer program implements the method described above.
A computer-readable storage medium can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable read-only memory (CDROM). Additionally, the computer-readable storage medium may even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that all or part of the steps carried by the method for implementing the above embodiments can be implemented by hardware related to instructions of a program, which can be stored in a computer readable storage medium, and the program includes one or a combination of the steps of the method embodiments when the program is executed.
In addition, functional units in the embodiments of the present application may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a separate product, may also be stored in a computer readable storage medium. The storage medium may be a read-only memory, a magnetic or optical disk, or the like.
The embodiments described above are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

Claims (19)

1. A method of collaborative signing, the method comprising:
the client performs first part signature processing on the first message to obtain a first processing result;
the client sends the first processing result to a server, and the server performs second partial signature processing based on the first processing result to obtain a second processing result;
and the client receives a second processing result sent by the server, and calculates a signature result corresponding to the first message based on the second processing result.
2. The method of claim 1, wherein the client performs a first partial signature process on the first message to obtain a first processing result, and comprises:
the client processes the first message based on a hash function to obtain first data;
the client generates a first random number, and calculates second data based on the first random number and a base point;
the client side calculates third data based on a first private key of the client side, the first random number and the order of a base point;
wherein the first processing result includes the first data, the second data, and the third data.
3. The method according to claim 2, wherein the client calculates third data based on the first private key of the client side, the first random number and the order of the base point, comprising:
the client calculates the third data by the following formula:
s1=(1+D1⊕U1)-1*k1 mod n;
where s1 denotes third data, D1 ≦ U1 denotes a first private key on the client side, k1 denotes a first random number, and n denotes the rank of the base point.
4. The method of claim 2, wherein performing, by the server, a second partial signature process based on the first processing result and obtaining a second processing result comprises:
performing, by the server, the following operations based on the first processing result:
generating a second random number, and calculating fourth data based on the second random number and a base point;
generating a third random number, calculating fifth data based on the third random number, the second data and the fourth data, wherein the fifth data is represented as (x1, y 1);
calculating sixth data based on x1 in the fifth data, the first data, and the rank of the base point;
if the sixth data is not equal to 0, calculating seventh data based on the second private key of the server, the third random number, the third data and the order of the base point, and calculating eighth data based on the second private key of the server, the sixth data, the third random number, the second random number and the order of the base point;
wherein the second processing result includes the sixth data, the seventh data, and the eighth data.
5. The method of claim 4,
the sixth data is represented by the following formula: r ═ x1+ e mod n; where r denotes sixth data, x1 denotes an abscissa in the fifth data, e denotes first data, and n denotes a rank of a base point;
the seventh data is expressed by the following formula, s2 ═ (1+ D2 ⊕ U2)-1K3 s1mod n, where s2 denotes seventh data, D2 ⊕ U2 denotes a second private key on the service end side, k3 denotes a third random number, s1 denotes third data, and n denotes the rank of the base point;
the eighth data is expressed by the following formula, s3 ═ (1+ D2 ⊕ U2)-1(r + k3 k2) mod n, where s3 represents eighth data and D2 ⊕ U2 represents the second private side of the service end sideThe key, r, k3, k2, and n represent the order of the base point.
6. The method of claim 4, wherein said calculating the signature result corresponding to the first message based on the second processing result comprises:
the client calculates ninth data based on the first private key of the client, the sixth data, the seventh data, the eighth data, and the order of the base point;
if the ninth data is not equal to 0 and the ninth data is not equal to the step of the base point minus the sixth data, the client combines the sixth data and the ninth data into a signature result.
7. The method of claim 6, wherein the client calculates ninth data based on the client's first private key, the sixth data, the seventh data, the eighth data, and the order of the radix point, comprising:
the client calculates ninth data by the following formula:
s=s2–r+(1+D1⊕U1)-1*s3 mod n;
where s denotes ninth data, s2 denotes seventh data, r denotes sixth data, D1 ≦ U1 denotes the first private key on the client side, s3 denotes eighth data, and n denotes the rank of the base point.
8. The method according to any one of claims 2 to 7, further comprising:
the client generates a first private key at the client side based on first device information of the client and a first target random number, wherein the first private key at the client side is represented by U1 ^ D1, U1 represents the first device information of the client, and D1 represents the first target random number;
the client calculates a first public key at the client side based on the first private key and a base point, wherein the first public key is represented as P1, P1 ═ G (D1 ≦ U1) [ ] G, G represents the base point, and [ ] represents a dot product operation;
the client sends the first public key to a server, and the server generates a collaborative public key based on the first public key; and the cooperative public key is used for verifying the signature result corresponding to the first message.
9. The method of claim 8, wherein generating, by the server, a collaborative public key based on the first public key comprises:
performing, by the server, the following operations based on the first public key:
generating a second private key of the server side based on second device information of the server side and a second target random number, wherein the second private key of the server side is represented by U2 ^ D2, U2 represents the second device information of the server side, and D2 represents the second target random number;
calculating a second public key at the server side based on the second private key and a base point, wherein the second public key is represented as P2, P2 ═ G (D2 ≦ U2) [ ] G, G represents the base point, and [ ] represents a dot product operation;
calculating a collaborative public key, denoted as P1+ P2+ (D2 ^ U2) [. P1), based on the first public key, the second public key, and the second private key.
10. A collaborative decryption method, the method comprising:
the client sends the first target data in the ciphertext to the server, and the server performs first part decryption processing on the first target data to obtain a first decryption result; the ciphertext is obtained by encrypting a plaintext through a cooperative public key, and the ciphertext consists of the following data: first target data, second target data, and third target data;
the client carries out second partial decryption processing on the first target data in the ciphertext to obtain a second decryption result;
the client receives a first decryption result sent by the server, and calculates a cooperative decryption result based on the first decryption result and the second decryption result;
and the client calculates a derived key based on the cooperative decryption result, and decrypts second target data in the ciphertext based on the derived key to obtain a plaintext corresponding to the ciphertext.
11. The method of claim 10,
the first decryption result is represented by the following formula: t1 ═ C1 (D2 ≦ U2 [ ] C1; wherein, T1 represents the first decryption result, D2 ≦ U2 represents the second private key at the service end, C1 represents the first target data, [) represents the dot product operation;
the second decryption result is represented by the following formula: t2 ═ C1 (D1 ≦ U1 [ ] C1; where T2 indicates the second decryption result, D1 ≦ U1 indicates the first private key on the client side, C1 indicates the first target data, and [) indicates the dot product operation.
12. The method according to claim 11, wherein the client receives a first decryption result sent by the server, and calculates a collaborative decryption result based on the first decryption result and the second decryption result, including:
the client calculates a collaborative decryption result based on the following formula:
(x2,y2)=T1+T2+(D1⊕U1)[*]T1;
wherein, (x2, y2) represents the collaborative decryption result, T1 represents the first decryption result, T2 represents the second decryption result, D1 ≦ U1 represents the first private key on the client side, and [ ] represents the dot product operation.
13. The method according to claim 12, wherein the client calculates a derivative key based on the cooperative decryption result, and decrypts second target data in the ciphertext based on the derivative key to obtain a plaintext corresponding to the ciphertext, and the method includes:
the client calculates a derived key based on the following formula: t-KDF (x2 y2, klen); wherein t represents a derived key, KDF represents a key derivation function, | | | represents a concatenation symbol, x2 represents an abscissa of the cooperative decryption result, y2 represents an ordinate of the cooperative decryption result, and klen represents a length of the derived key;
the client calculates the plaintext corresponding to the ciphertext based on the following formula: m ═ C2 ≦ t, where M' denotes a plaintext corresponding to the ciphertext, C2 denotes second target data in the ciphertext, and ≦ denotes an exclusive or operation.
14. The method according to any one of claims 10 to 13, further comprising:
the client generates a first private key at the client side based on first device information of the client and a first target random number, wherein the first private key at the client side is represented by U1 ^ D1, U1 represents the first device information of the client, and D1 represents the first target random number;
the client calculates a first public key at the client side based on the first private key and a base point, wherein the first public key is represented as P1, P1 ═ G (D1 ≦ U1) [ ] G, G represents the base point, and [ ] represents a dot product operation;
the client sends the first public key to a server, and the server generates a collaborative public key based on the first public key; and the cooperative public key is used for verifying the signature result corresponding to the first message.
15. The method of claim 14, wherein generating, by the server, a collaborative public key based on the first public key comprises:
performing, by the server, the following operations based on the first public key:
generating a second private key of the server side based on second device information of the server side and a second target random number, wherein the second private key of the server side is represented by U2 ^ D2, U2 represents the second device information of the server side, and D2 represents the second target random number;
calculating a second public key at the server side based on the second private key and a base point, wherein the second public key is represented as P2, P2 ═ G (D2 ≦ U2) [ ] G, G represents the base point, and [ ] represents a dot product operation;
calculating a collaborative public key, denoted as P1+ P2+ (D2 ^ U2) [. P1), based on the first public key, the second public key, and the second private key.
16. A collaborative signing apparatus, the apparatus comprising:
the processing unit is used for carrying out first part signature processing on the first message to obtain a first processing result;
the interaction unit is used for sending the first processing result to a server, and the server carries out second partial signature processing based on the first processing result to obtain a second processing result; receiving a second processing result sent by the server;
the processing unit is further configured to calculate a signature result corresponding to the first message based on the second processing result.
17. A collaborative decryption apparatus, the apparatus comprising:
the interactive unit is used for sending first target data in the ciphertext to the server, and the server performs first part decryption processing on the first target data to obtain a first decryption result; the ciphertext is obtained by encrypting a plaintext through a cooperative public key, and the ciphertext consists of the following data: first target data, second target data, and third target data;
the processing unit is used for carrying out second part decryption processing on the first target data in the ciphertext to obtain a second decryption result;
the interaction unit is further configured to receive a first decryption result sent by the server;
the processing unit is further configured to calculate a collaborative decryption result based on the first decryption result and the second decryption result; and calculating a derived key based on the cooperative decryption result, and decrypting second target data in the ciphertext based on the derived key to obtain a plaintext corresponding to the ciphertext.
18. An electronic device, comprising:
one or more processors;
a memory communicatively coupled to the one or more processors;
one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the one or more processors, the one or more programs configured to perform the method of any of claims 1-9, or the method of any of claims 10-15.
19. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the method of any one of claims 1 to 9, or the method of any one of claims 10 to 15.
CN202010394747.5A 2020-05-11 2020-05-11 Collaborative signature and decryption method and device, electronic equipment and storage medium Active CN111582867B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202010394747.5A CN111582867B (en) 2020-05-11 2020-05-11 Collaborative signature and decryption method and device, electronic equipment and storage medium
CN202310780865.3A CN116823260A (en) 2020-05-11 2020-05-11 Collaborative signature and decryption method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010394747.5A CN111582867B (en) 2020-05-11 2020-05-11 Collaborative signature and decryption method and device, electronic equipment and storage medium

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN202310780865.3A Division CN116823260A (en) 2020-05-11 2020-05-11 Collaborative signature and decryption method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN111582867A true CN111582867A (en) 2020-08-25
CN111582867B CN111582867B (en) 2023-09-22

Family

ID=72126373

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202010394747.5A Active CN111582867B (en) 2020-05-11 2020-05-11 Collaborative signature and decryption method and device, electronic equipment and storage medium
CN202310780865.3A Pending CN116823260A (en) 2020-05-11 2020-05-11 Collaborative signature and decryption method and device, electronic equipment and storage medium

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN202310780865.3A Pending CN116823260A (en) 2020-05-11 2020-05-11 Collaborative signature and decryption method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (2) CN111582867B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113300841A (en) * 2021-05-25 2021-08-24 贵州大学 Identity-based collaborative signature method and system
CN115134093A (en) * 2022-08-30 2022-09-30 北京信安世纪科技股份有限公司 Digital signature method and computing device
CN116992204A (en) * 2023-09-26 2023-11-03 蓝象智联(杭州)科技有限公司 Data point multiplication operation method based on privacy protection

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140304168A1 (en) * 2013-04-05 2014-10-09 Kabushiki Kaisha Toshiba Data managing apparatus, meter apparatus and data managing method
CN107196763A (en) * 2017-07-06 2017-09-22 数安时代科技股份有限公司 SM2 algorithms collaboration signature and decryption method, device and system
CN108737103A (en) * 2018-03-27 2018-11-02 中国科学院数据与通信保护研究教育中心 A kind of SM2 algorithm endorsement methods applied to CS frameworks
CN109672539A (en) * 2019-03-01 2019-04-23 深圳市电子商务安全证书管理有限公司 SM2 algorithm collaboration signature and decryption method, apparatus and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140304168A1 (en) * 2013-04-05 2014-10-09 Kabushiki Kaisha Toshiba Data managing apparatus, meter apparatus and data managing method
CN107196763A (en) * 2017-07-06 2017-09-22 数安时代科技股份有限公司 SM2 algorithms collaboration signature and decryption method, device and system
CN108737103A (en) * 2018-03-27 2018-11-02 中国科学院数据与通信保护研究教育中心 A kind of SM2 algorithm endorsement methods applied to CS frameworks
CN109672539A (en) * 2019-03-01 2019-04-23 深圳市电子商务安全证书管理有限公司 SM2 algorithm collaboration signature and decryption method, apparatus and system

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113300841A (en) * 2021-05-25 2021-08-24 贵州大学 Identity-based collaborative signature method and system
CN113300841B (en) * 2021-05-25 2022-11-25 贵州大学 Identity-based collaborative signature method and system
CN115134093A (en) * 2022-08-30 2022-09-30 北京信安世纪科技股份有限公司 Digital signature method and computing device
CN115134093B (en) * 2022-08-30 2022-11-15 北京信安世纪科技股份有限公司 Digital signature method and computing device
CN116992204A (en) * 2023-09-26 2023-11-03 蓝象智联(杭州)科技有限公司 Data point multiplication operation method based on privacy protection
CN116992204B (en) * 2023-09-26 2023-12-29 蓝象智联(杭州)科技有限公司 Data point multiplication operation method based on privacy protection

Also Published As

Publication number Publication date
CN111582867B (en) 2023-09-22
CN116823260A (en) 2023-09-29

Similar Documents

Publication Publication Date Title
CN111628868B (en) Digital signature generation method and device, computer equipment and storage medium
CN110011802B (en) Efficient method and system for cooperatively generating digital signature by two parties of SM9
CN109672539B (en) SM2 algorithm collaborative signature and decryption method, device and system
CN107483212B (en) Method for generating digital signature by cooperation of two parties
CN110247757B (en) Block chain processing method, device and system based on cryptographic algorithm
US8331568B2 (en) Efficient distribution of computation in key agreement
CN108667625B (en) Digital signature method of cooperative SM2
CN107707358B (en) EC-KCDSA digital signature generation method and system
CN108667627B (en) SM2 digital signature method based on two-party cooperation
CN114730420A (en) System and method for generating signatures
CN111130804B (en) SM2 algorithm-based collaborative signature method, device, system and medium
CN110224812B (en) Method and equipment for communication between electronic signature mobile client and collaboration server based on multi-party security calculation
CN110120939B (en) Encryption method and system capable of repudiation authentication based on heterogeneous system
CN111582867B (en) Collaborative signature and decryption method and device, electronic equipment and storage medium
CN110113150B (en) Encryption method and system based on non-certificate environment and capable of repudiation authentication
EP1642437A2 (en) Key agreement and transport protocol
CN110601859B (en) Certificateless public key cryptographic signature method based on 25519 elliptic curve
CN111049650A (en) SM2 algorithm-based collaborative decryption method, device, system and medium
CN114726546B (en) Digital identity authentication method, device, equipment and storage medium
CN110599164B (en) Supervision-capable quick payment method for any payee under chain
CN111147245A (en) Algorithm for encrypting by using national password in block chain
CN113765662B (en) Signature and decryption method and system based on SM2 algorithm
CN106789087B (en) Method and system for determining data digest of message and multi-party-based digital signature
CN112784284B (en) Encryption processing system, encryption processing method, and recording medium
CN111355582A (en) Two-party combined signature and decryption method and system based on SM2 algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant