CN112152814A - Method for recovering public key and address based on sm2 signature in block chain - Google Patents
Method for recovering public key and address based on sm2 signature in block chain Download PDFInfo
- Publication number
- CN112152814A CN112152814A CN202010993429.0A CN202010993429A CN112152814A CN 112152814 A CN112152814 A CN 112152814A CN 202010993429 A CN202010993429 A CN 202010993429A CN 112152814 A CN112152814 A CN 112152814A
- Authority
- CN
- China
- Prior art keywords
- signature
- calculating
- public key
- elliptic curve
- recovering
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Algebra (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a method for recovering a public key and an address based on sm2 signature in a block chain. The public key can be recovered only by using the signature, and the public key does not need to be additionally stored, so that the storage expense of the public key can be greatly saved; the invention can quickly recover the public key through the signature, and further recover the transaction address of the transaction sender, thereby carrying out validity verification on the transaction address.
Description
Technical Field
The invention relates to the technical field of block chains, in particular to a method for recovering a public key and an address based on sm2 signature in a block chain.
Background
In the blockchain, the user transaction address is the code of the public key hash value, and when the transaction is verified, the signature and the address need to be verified. Since the public key cannot be directly recovered from the transaction address, the public key is generally added to the transaction in order to verify the validity of the transaction, however, one block may include thousands of transactions, which increases the storage overhead. The public key is recovered from the signature in the Etherhouse to verify the transaction, the method can save a certain storage space, but no similar effective method exists in a block chain system based on a national secret algorithm at present.
Disclosure of Invention
Aiming at the defects in the prior art, the method for recovering the public key and the address based on the sm2 signature in the blockchain solves the problems of quick recovery of the public key storage space, the public key and the address and verification of the transaction address and the signature in the national-secret blockchain transaction.
In order to achieve the purpose of the invention, the invention adopts the technical scheme that: a method for recovering public keys and addresses based on sm2 signatures in a block chain comprises the following steps:
s1, generating sm2 public and private key pair (sk, pk) for the user;
wherein sk is a private key, pk is a public key, pk equals sk.G, and G is an elliptic curve generator;
s2, generating a digital signature of the transaction information M based on the sm2 algorithm and the private key sk;
and S3, recovering the public key and the address according to the digital signature of the transaction information M.
Further: the specific steps of step S2 are:
s21, inputting system and user parameters, including an elliptic curve generating element G, an elliptic curve finite field order p, a hash value Z of user public key information, transaction information M and a private key sk;
s23, generating a random number k belonging to [1, n-1], wherein n is the order of the generator G;
s24, calculating the extended message by using SM3 hash algorithmHash ofThe value e, the calculation formula is:converting the hash value e into an integer;
s25, calculating an elliptic curve point (x) according to the random number k and the circular curve generating element G1,y1) The calculation formula is as follows: (x)1,y1) X is kG, and1converting into an integer;
s26, when y1>When p/2 is adopted, the variable v is 1, otherwise, the variable v is 0;
s27, according to the hash value e and the abscissa x of the elliptic curve point1Calculating the value of the first part r of the signature, returning to the step S23 when r is 0 or r + k is n, otherwise, entering the step S28;
s28, calculating the value of the second part S of the signature according to the private key sk, the random number k and r, and returning to step S23 when S is 0, otherwise outputting the digital signature (r, S, v) of the transaction information M.
Further: the calculation formula of r in step S27 is:
r=(e+x1)mod n。
further: the calculation formula of S in step S28 is:
s=(1+sk)-1(k-r·sk)mod n。
further: the specific steps of step S3 are:
s31, calculating an abscissa x according to the first signature part r and the hash value e:
s32, calculating the corresponding ordinate y from the abscissa x2And y3;
S33, when the variable v is 1, setting the elliptic curve point P1=(x,y2) Otherwise, set the elliptic curve point P1=(x,y3);
S34, according to the elliptic curve point P1Calculating an intermediate value P by the second part s of the signature and the circular curve generator G2The calculation formula is as follows:
P2=P1-sG
s35, according to the intermediate value P2Signature second part s and signatureFirst part r of the name calculation public key pk1The calculation formula is as follows:
pk1=(s+r)-1P2
s36, according to the public key pk1Calculating the hash value h of the public key by the following calculation formula:
h=SM3(pk1)
the last 20 bytes of the hash value h of the public key are taken as the address, i.e. addr ═ h [:20 ].
Further: the formula for calculating the abscissa x in step S31 is:
x=r-e mod n
in the above formula, n is the order of generator G.
The invention has the beneficial effects that:
(1) saving storage space. The invention can recover the public key only by utilizing the signature without additionally storing the public key, thereby greatly saving the storage expense of the public key.
(2) The transaction address may be verified. The invention can quickly recover the public key through the signature, and further recover the transaction address of the transaction sender, thereby carrying out validity verification on the transaction address.
Drawings
FIG. 1 is a flow chart of the present invention.
Detailed Description
The following description of the embodiments of the present invention is provided to facilitate the understanding of the present invention by those skilled in the art, but it should be understood that the present invention is not limited to the scope of the embodiments, and it will be apparent to those skilled in the art that various changes may be made without departing from the spirit and scope of the invention as defined and defined in the appended claims, and all matters produced by the invention using the inventive concept are protected.
The hash algorithm used in the application is the national secret sm3 hash algorithm, and the digital signature algorithm is the national secret sm2 algorithm.
Assume that the blockchain system parameters have been determined and that the signature algorithm parameters are consistent with the sm2 elliptic curve parameters.
As shown in fig. 1, a method for recovering a public key and an address based on an sm2 signature in a block chain is characterized by comprising the following steps:
s1, generating sm2 public and private key pair (sk, pk) for the user;
wherein sk is a private key, pk is a public key, pk equals sk.G, and G is an elliptic curve generator;
s2, generating a digital signature of the transaction information M based on the sm2 algorithm;
the method comprises the following specific steps:
s21, inputting system and user parameters, including an elliptic curve generating element G, an elliptic curve finite field order p, a hash value Z of user public key information, transaction information M and a private key sk;
s23, generating a random number k belonging to [1, n-1], wherein n is the order of the generator G;
s24, calculating the extended message by using SM3 hash algorithmThe hash value e of (a) is calculated by the formula:converting the hash value e into an integer;
s25, calculating an elliptic curve point (x) according to the random number k and the circular curve generating element G1,y1) The calculation formula is as follows: (x)1,y1) X is kG, and1converting into an integer;
s26, when y1>When p/2 is adopted, the variable v is 1, otherwise, the variable v is 0;
s27, according to the hash value e and the abscissa x of the elliptic curve point1Calculating the value of the first part r of the signature, wherein the calculation formula of the first part r of the signature is as follows:
r=(e+x1)mod n。
when r is 0 or r + k is n, returning to step S23, otherwise, proceeding to step S28;
s28, calculating the value of the second signature part S according to the private key sk, the random number k and the random number r, wherein the calculation formula of the second signature part S is as follows:
s=(1+sk)-1(k-r·sk)mod n。
when S is equal to 0, the process returns to step S23, otherwise, the digital signature (r, S, v) of the transaction information M is output.
And S3, recovering the public key and the address according to the digital signature of the transaction information M.
When verifying the blockchain transaction address and the transaction validity, the public key and the address need to be recovered according to the following steps.
The method comprises the following specific steps:
s31, calculating an abscissa x according to the first signature part r and the hash value e: the formula for the abscissa x is:
x=r-e mod n
in the above formula, n is the order of generator G.
S32, calculating the corresponding ordinate y from the abscissa x2And y3;
S33, when the variable v is 1, setting the elliptic curve point P1=(x,y2) Otherwise, set the elliptic curve point P1=(x,y3);
S34, according to the elliptic curve point P1Calculating an intermediate value P by the second part s of the signature and the circular curve generator G2The calculation formula is as follows:
P2=P1-sG
s35, according to the intermediate value P2Calculating a public key pk by the second signature part s and the first signature part r1The calculation formula is as follows:
pk1=(s+r)-1P2
s36, according to the public key pk1Calculating the hash value h of the public key by the following calculation formula:
h=SM 3(pk1)
the last 20 bytes of the hash value h of the public key are taken as the address, i.e. addr ═ h [:20 ].
The signature verification process is the same as the sm2 standard digital signature process, and the invention is not separately described.
The scheme should satisfy that the recovered public key and address are the same as the original user public key and address, and the correctness of the scheme is explained as follows:
pk1=(s+r)-1·P2=(s+r)-1·(P1-sG)=(s+r)-1·(kG-sG)=(s+r)-1(k-s)G
since s is (1+ sk)-1(k-r. sk) mod n, so there is sk ═ s + r)-1(k-s),pk1=sk·G
So pk1Pk, so the scheme satisfies correctness.
(1) Saving storage space. The invention can recover the public key only by utilizing the signature without additionally storing the public key, thereby greatly saving the storage expense of the public key.
(2) The transaction address may be verified. The invention can quickly recover the public key through the signature, and further recover the transaction address of the transaction sender, thereby carrying out validity verification on the transaction address.
Claims (6)
1. A method for recovering public keys and addresses based on sm2 signatures in a block chain is characterized by comprising the following steps:
s1, generating sm2 public and private key pair (sk, pk) for the user;
wherein sk is a private key, pk is a public key, pk equals sk.G, and G is an elliptic curve generator;
s2, generating a digital signature of the transaction information M based on the sm2 algorithm and the private key sk;
and S3, recovering the public key and the address according to the digital signature of the transaction information M.
2. The method for recovering a public key and an address based on sm2 signature in a blockchain according to claim 1, wherein the specific steps of the step S2 are as follows:
s21, inputting system and user parameters, including an elliptic curve generating element G, an elliptic curve finite field order p, a hash value Z of user public key information, transaction information M and a private key sk;
s23, generating a random number k belonging to [1, n-1], wherein n is the order of the generator G;
s24, calculating the extended message by using SM3 hash algorithmThe hash value e of (a) is calculated by the formula:converting the hash value e into an integer;
s25, calculating an elliptic curve point (x) according to the random number k and the circular curve generating element G1,y1) The calculation formula is as follows: (x)1,y1) X is kG, and1converting into an integer;
s26, when y1>When p/2 is adopted, the variable v is 1, otherwise, the variable v is 0;
s27, according to the hash value e and the abscissa x of the elliptic curve point1Calculating the value of the first part r of the signature, returning to the step S23 when r is 0 or r + k is n, otherwise, entering the step S28;
s28, calculating the value of the second part S of the signature according to the private key sk, the random number k and r, and returning to step S23 when S is 0, otherwise outputting the digital signature (r, S, v) of the transaction information M.
3. The method for recovering public keys and addresses based on sm2 signature in a blockchain according to claim 2, wherein the formula for calculating the signature first part r in step S27 is:
r=(e+x1)mod n。
4. the method for recovering public keys and addresses based on sm2 signature in a blockchain according to claim 2, wherein the calculation formula of the signature second part S in the step S28 is:
s=(1+sk)-1(k-r·sk)mod n。
5. the method for recovering public keys and addresses based on sm2 signature in a blockchain of claim 2, wherein the specific steps of the step S3 are as follows:
s31, calculating an abscissa x according to the first signature part r and the hash value e:
s32, calculating the corresponding ordinate y from the abscissa x2And y3;
S33, when the variable v is 1, setting the elliptic curve point P1=(x,y2) Otherwise, set the elliptic curve point P1=(x,y3);
S34, according to the elliptic curve point P1Calculating an intermediate value P by the second part s of the signature and the circular curve generator G2The calculation formula is as follows:
P2=P1-sG
s35, according to the intermediate value P2Calculating a public key pk by the second signature part s and the first signature part r1The calculation formula is as follows:
pk1=(s+r)-1P2
s36, calculating public key pk1The hash value h of (a) is calculated by the following formula:
h=SM3(pk1)
get the public key pk1The last 20 bytes of the hash value h as the address, i.e. addr ═ h [:20 [ ]]。
6. The method for recovering public keys and addresses based on sm2 signature in block chain according to claim 5, wherein the formula for calculating the abscissa x in step S31 is as follows:
x=r-e mod n
in the above formula, n is the order of generator G.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010993429.0A CN112152814A (en) | 2020-09-21 | 2020-09-21 | Method for recovering public key and address based on sm2 signature in block chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010993429.0A CN112152814A (en) | 2020-09-21 | 2020-09-21 | Method for recovering public key and address based on sm2 signature in block chain |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112152814A true CN112152814A (en) | 2020-12-29 |
Family
ID=73893348
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010993429.0A Pending CN112152814A (en) | 2020-09-21 | 2020-09-21 | Method for recovering public key and address based on sm2 signature in block chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112152814A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113067703A (en) * | 2021-03-19 | 2021-07-02 | 上海摩联信息技术有限公司 | Terminal equipment data uplink method and system |
CN113158176A (en) * | 2021-06-02 | 2021-07-23 | 工业信息安全(四川)创新中心有限公司 | Public key analysis method, device, equipment and storage medium based on SM2 signature |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106878022A (en) * | 2017-02-15 | 2017-06-20 | 中钞信用卡产业发展有限公司北京智能卡技术研究院 | The method and device signed on block chain, verified |
CN110458554A (en) * | 2019-03-31 | 2019-11-15 | 西安电子科技大学 | The data fast transaction method of identity-based on block chain |
CN111066285A (en) * | 2019-05-31 | 2020-04-24 | 阿里巴巴集团控股有限公司 | Method for recovering public key based on SM2 signature |
-
2020
- 2020-09-21 CN CN202010993429.0A patent/CN112152814A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106878022A (en) * | 2017-02-15 | 2017-06-20 | 中钞信用卡产业发展有限公司北京智能卡技术研究院 | The method and device signed on block chain, verified |
CN110458554A (en) * | 2019-03-31 | 2019-11-15 | 西安电子科技大学 | The data fast transaction method of identity-based on block chain |
CN111066285A (en) * | 2019-05-31 | 2020-04-24 | 阿里巴巴集团控股有限公司 | Method for recovering public key based on SM2 signature |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113067703A (en) * | 2021-03-19 | 2021-07-02 | 上海摩联信息技术有限公司 | Terminal equipment data uplink method and system |
CN113067703B (en) * | 2021-03-19 | 2022-09-20 | 上海摩联信息技术有限公司 | Terminal equipment data uplink method and system |
CN113158176A (en) * | 2021-06-02 | 2021-07-23 | 工业信息安全(四川)创新中心有限公司 | Public key analysis method, device, equipment and storage medium based on SM2 signature |
CN113158176B (en) * | 2021-06-02 | 2022-08-02 | 工业信息安全(四川)创新中心有限公司 | Public key analysis method, device, equipment and storage medium based on SM2 signature |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108551392B (en) | Blind signature generation method and system based on SM9 digital signature | |
WO2015021934A1 (en) | Method and device for generating digital signature | |
CN109272316B (en) | Block implementing method and system based on block chain network | |
CN112152814A (en) | Method for recovering public key and address based on sm2 signature in block chain | |
CA2555322C (en) | One way authentication | |
CN112152777B (en) | Homomorphic cryptographic operation-oriented key conversion method, system, equipment and readable storage medium | |
KR20170134976A (en) | Proof of Ownership-Based User Identification System | |
CN108259506B (en) | SM2 whitepack password implementation method | |
CN112152807B (en) | Two-party cooperative digital signature method based on SM2 algorithm | |
CN110535635B (en) | Cooperative signature method and system supporting information hiding | |
CA2669472C (en) | Compressed ecdsa signatures | |
CN109933304B (en) | Rapid Montgomery modular multiplier operation optimization method suitable for national secret sm2p256v1 algorithm | |
CN112380269A (en) | Identity card information inquiry and evidence fixing and obtaining method based on block chain | |
CN112883398B (en) | Homomorphic encryption-based data integrity verification method | |
CN113014398B (en) | Aggregate signature generation method based on SM9 digital signature algorithm | |
CN112491560A (en) | SM2 digital signature method and medium supporting batch verification | |
CN106330424A (en) | Anti-attack method and device of password module based on SM3 algorithm | |
US20220021541A1 (en) | An online and offline circulating unbalanced oil and vinegar signature method | |
US9288041B2 (en) | Apparatus and method for performing compression operation in hash algorithm | |
Alabbadi et al. | Digital signature schemes based on error-correcting codes | |
RU2008140403A (en) | METHOD FOR GENERATING AND CHECKING THE AUTHENTICITY OF AN ELECTRONIC DIGITAL SIGNATURE AUTHORIZING AN ELECTRONIC DOCUMENT | |
CN110336678B (en) | Signature algorithm for preventing falsification of mass data in Internet of vehicles | |
Preneel et al. | Security analysis of the message authenticator algorithm (MAA) | |
CN117478327B (en) | PUF-based von Neumann key generator depolarization algorithm | |
CN115174057B (en) | Online offline signature generation method and system based on SM2 signature |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201229 |
|
RJ01 | Rejection of invention patent application after publication |