CN112152814A - Method for recovering public key and address based on sm2 signature in block chain - Google Patents

Method for recovering public key and address based on sm2 signature in block chain Download PDF

Info

Publication number
CN112152814A
CN112152814A CN202010993429.0A CN202010993429A CN112152814A CN 112152814 A CN112152814 A CN 112152814A CN 202010993429 A CN202010993429 A CN 202010993429A CN 112152814 A CN112152814 A CN 112152814A
Authority
CN
China
Prior art keywords
signature
calculating
public key
elliptic curve
recovering
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010993429.0A
Other languages
Chinese (zh)
Inventor
王震
姜孟杉
白健
李亚荣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Electronic Technology Cyber Security Co Ltd
Original Assignee
China Electronic Technology Cyber Security Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Electronic Technology Cyber Security Co Ltd filed Critical China Electronic Technology Cyber Security Co Ltd
Priority to CN202010993429.0A priority Critical patent/CN112152814A/en
Publication of CN112152814A publication Critical patent/CN112152814A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a method for recovering a public key and an address based on sm2 signature in a block chain. The public key can be recovered only by using the signature, and the public key does not need to be additionally stored, so that the storage expense of the public key can be greatly saved; the invention can quickly recover the public key through the signature, and further recover the transaction address of the transaction sender, thereby carrying out validity verification on the transaction address.

Description

Method for recovering public key and address based on sm2 signature in block chain
Technical Field
The invention relates to the technical field of block chains, in particular to a method for recovering a public key and an address based on sm2 signature in a block chain.
Background
In the blockchain, the user transaction address is the code of the public key hash value, and when the transaction is verified, the signature and the address need to be verified. Since the public key cannot be directly recovered from the transaction address, the public key is generally added to the transaction in order to verify the validity of the transaction, however, one block may include thousands of transactions, which increases the storage overhead. The public key is recovered from the signature in the Etherhouse to verify the transaction, the method can save a certain storage space, but no similar effective method exists in a block chain system based on a national secret algorithm at present.
Disclosure of Invention
Aiming at the defects in the prior art, the method for recovering the public key and the address based on the sm2 signature in the blockchain solves the problems of quick recovery of the public key storage space, the public key and the address and verification of the transaction address and the signature in the national-secret blockchain transaction.
In order to achieve the purpose of the invention, the invention adopts the technical scheme that: a method for recovering public keys and addresses based on sm2 signatures in a block chain comprises the following steps:
s1, generating sm2 public and private key pair (sk, pk) for the user;
wherein sk is a private key, pk is a public key, pk equals sk.G, and G is an elliptic curve generator;
s2, generating a digital signature of the transaction information M based on the sm2 algorithm and the private key sk;
and S3, recovering the public key and the address according to the digital signature of the transaction information M.
Further: the specific steps of step S2 are:
s21, inputting system and user parameters, including an elliptic curve generating element G, an elliptic curve finite field order p, a hash value Z of user public key information, transaction information M and a private key sk;
s22, order
Figure BDA0002691611220000021
Wherein the content of the first and second substances,
Figure BDA0002691611220000022
to an extension message;
s23, generating a random number k belonging to [1, n-1], wherein n is the order of the generator G;
s24, calculating the extended message by using SM3 hash algorithm
Figure BDA0002691611220000023
Hash ofThe value e, the calculation formula is:
Figure BDA0002691611220000024
converting the hash value e into an integer;
s25, calculating an elliptic curve point (x) according to the random number k and the circular curve generating element G1,y1) The calculation formula is as follows: (x)1,y1) X is kG, and1converting into an integer;
s26, when y1>When p/2 is adopted, the variable v is 1, otherwise, the variable v is 0;
s27, according to the hash value e and the abscissa x of the elliptic curve point1Calculating the value of the first part r of the signature, returning to the step S23 when r is 0 or r + k is n, otherwise, entering the step S28;
s28, calculating the value of the second part S of the signature according to the private key sk, the random number k and r, and returning to step S23 when S is 0, otherwise outputting the digital signature (r, S, v) of the transaction information M.
Further: the calculation formula of r in step S27 is:
r=(e+x1)mod n。
further: the calculation formula of S in step S28 is:
s=(1+sk)-1(k-r·sk)mod n。
further: the specific steps of step S3 are:
s31, calculating an abscissa x according to the first signature part r and the hash value e:
s32, calculating the corresponding ordinate y from the abscissa x2And y3
S33, when the variable v is 1, setting the elliptic curve point P1=(x,y2) Otherwise, set the elliptic curve point P1=(x,y3);
S34, according to the elliptic curve point P1Calculating an intermediate value P by the second part s of the signature and the circular curve generator G2The calculation formula is as follows:
P2=P1-sG
s35, according to the intermediate value P2Signature second part s and signatureFirst part r of the name calculation public key pk1The calculation formula is as follows:
pk1=(s+r)-1P2
s36, according to the public key pk1Calculating the hash value h of the public key by the following calculation formula:
h=SM3(pk1)
the last 20 bytes of the hash value h of the public key are taken as the address, i.e. addr ═ h [:20 ].
Further: the formula for calculating the abscissa x in step S31 is:
x=r-e mod n
in the above formula, n is the order of generator G.
The invention has the beneficial effects that:
(1) saving storage space. The invention can recover the public key only by utilizing the signature without additionally storing the public key, thereby greatly saving the storage expense of the public key.
(2) The transaction address may be verified. The invention can quickly recover the public key through the signature, and further recover the transaction address of the transaction sender, thereby carrying out validity verification on the transaction address.
Drawings
FIG. 1 is a flow chart of the present invention.
Detailed Description
The following description of the embodiments of the present invention is provided to facilitate the understanding of the present invention by those skilled in the art, but it should be understood that the present invention is not limited to the scope of the embodiments, and it will be apparent to those skilled in the art that various changes may be made without departing from the spirit and scope of the invention as defined and defined in the appended claims, and all matters produced by the invention using the inventive concept are protected.
The hash algorithm used in the application is the national secret sm3 hash algorithm, and the digital signature algorithm is the national secret sm2 algorithm.
Assume that the blockchain system parameters have been determined and that the signature algorithm parameters are consistent with the sm2 elliptic curve parameters.
As shown in fig. 1, a method for recovering a public key and an address based on an sm2 signature in a block chain is characterized by comprising the following steps:
s1, generating sm2 public and private key pair (sk, pk) for the user;
wherein sk is a private key, pk is a public key, pk equals sk.G, and G is an elliptic curve generator;
s2, generating a digital signature of the transaction information M based on the sm2 algorithm;
the method comprises the following specific steps:
s21, inputting system and user parameters, including an elliptic curve generating element G, an elliptic curve finite field order p, a hash value Z of user public key information, transaction information M and a private key sk;
s22, order
Figure BDA0002691611220000041
Wherein the content of the first and second substances,
Figure BDA0002691611220000042
to an extension message;
s23, generating a random number k belonging to [1, n-1], wherein n is the order of the generator G;
s24, calculating the extended message by using SM3 hash algorithm
Figure BDA0002691611220000043
The hash value e of (a) is calculated by the formula:
Figure BDA0002691611220000044
converting the hash value e into an integer;
s25, calculating an elliptic curve point (x) according to the random number k and the circular curve generating element G1,y1) The calculation formula is as follows: (x)1,y1) X is kG, and1converting into an integer;
s26, when y1>When p/2 is adopted, the variable v is 1, otherwise, the variable v is 0;
s27, according to the hash value e and the abscissa x of the elliptic curve point1Calculating the value of the first part r of the signature, wherein the calculation formula of the first part r of the signature is as follows:
r=(e+x1)mod n。
when r is 0 or r + k is n, returning to step S23, otherwise, proceeding to step S28;
s28, calculating the value of the second signature part S according to the private key sk, the random number k and the random number r, wherein the calculation formula of the second signature part S is as follows:
s=(1+sk)-1(k-r·sk)mod n。
when S is equal to 0, the process returns to step S23, otherwise, the digital signature (r, S, v) of the transaction information M is output.
And S3, recovering the public key and the address according to the digital signature of the transaction information M.
When verifying the blockchain transaction address and the transaction validity, the public key and the address need to be recovered according to the following steps.
The method comprises the following specific steps:
s31, calculating an abscissa x according to the first signature part r and the hash value e: the formula for the abscissa x is:
x=r-e mod n
in the above formula, n is the order of generator G.
S32, calculating the corresponding ordinate y from the abscissa x2And y3
S33, when the variable v is 1, setting the elliptic curve point P1=(x,y2) Otherwise, set the elliptic curve point P1=(x,y3);
S34, according to the elliptic curve point P1Calculating an intermediate value P by the second part s of the signature and the circular curve generator G2The calculation formula is as follows:
P2=P1-sG
s35, according to the intermediate value P2Calculating a public key pk by the second signature part s and the first signature part r1The calculation formula is as follows:
pk1=(s+r)-1P2
s36, according to the public key pk1Calculating the hash value h of the public key by the following calculation formula:
h=SM 3(pk1)
the last 20 bytes of the hash value h of the public key are taken as the address, i.e. addr ═ h [:20 ].
The signature verification process is the same as the sm2 standard digital signature process, and the invention is not separately described.
The scheme should satisfy that the recovered public key and address are the same as the original user public key and address, and the correctness of the scheme is explained as follows:
pk1=(s+r)-1·P2=(s+r)-1·(P1-sG)=(s+r)-1·(kG-sG)=(s+r)-1(k-s)G
since s is (1+ sk)-1(k-r. sk) mod n, so there is sk ═ s + r)-1(k-s),pk1=sk·G
So pk1Pk, so the scheme satisfies correctness.
(1) Saving storage space. The invention can recover the public key only by utilizing the signature without additionally storing the public key, thereby greatly saving the storage expense of the public key.
(2) The transaction address may be verified. The invention can quickly recover the public key through the signature, and further recover the transaction address of the transaction sender, thereby carrying out validity verification on the transaction address.

Claims (6)

1. A method for recovering public keys and addresses based on sm2 signatures in a block chain is characterized by comprising the following steps:
s1, generating sm2 public and private key pair (sk, pk) for the user;
wherein sk is a private key, pk is a public key, pk equals sk.G, and G is an elliptic curve generator;
s2, generating a digital signature of the transaction information M based on the sm2 algorithm and the private key sk;
and S3, recovering the public key and the address according to the digital signature of the transaction information M.
2. The method for recovering a public key and an address based on sm2 signature in a blockchain according to claim 1, wherein the specific steps of the step S2 are as follows:
s21, inputting system and user parameters, including an elliptic curve generating element G, an elliptic curve finite field order p, a hash value Z of user public key information, transaction information M and a private key sk;
s22, order
Figure FDA0002691611210000011
Wherein the content of the first and second substances,
Figure FDA0002691611210000012
to an extension message;
s23, generating a random number k belonging to [1, n-1], wherein n is the order of the generator G;
s24, calculating the extended message by using SM3 hash algorithm
Figure FDA0002691611210000013
The hash value e of (a) is calculated by the formula:
Figure FDA0002691611210000014
converting the hash value e into an integer;
s25, calculating an elliptic curve point (x) according to the random number k and the circular curve generating element G1,y1) The calculation formula is as follows: (x)1,y1) X is kG, and1converting into an integer;
s26, when y1>When p/2 is adopted, the variable v is 1, otherwise, the variable v is 0;
s27, according to the hash value e and the abscissa x of the elliptic curve point1Calculating the value of the first part r of the signature, returning to the step S23 when r is 0 or r + k is n, otherwise, entering the step S28;
s28, calculating the value of the second part S of the signature according to the private key sk, the random number k and r, and returning to step S23 when S is 0, otherwise outputting the digital signature (r, S, v) of the transaction information M.
3. The method for recovering public keys and addresses based on sm2 signature in a blockchain according to claim 2, wherein the formula for calculating the signature first part r in step S27 is:
r=(e+x1)mod n。
4. the method for recovering public keys and addresses based on sm2 signature in a blockchain according to claim 2, wherein the calculation formula of the signature second part S in the step S28 is:
s=(1+sk)-1(k-r·sk)mod n。
5. the method for recovering public keys and addresses based on sm2 signature in a blockchain of claim 2, wherein the specific steps of the step S3 are as follows:
s31, calculating an abscissa x according to the first signature part r and the hash value e:
s32, calculating the corresponding ordinate y from the abscissa x2And y3
S33, when the variable v is 1, setting the elliptic curve point P1=(x,y2) Otherwise, set the elliptic curve point P1=(x,y3);
S34, according to the elliptic curve point P1Calculating an intermediate value P by the second part s of the signature and the circular curve generator G2The calculation formula is as follows:
P2=P1-sG
s35, according to the intermediate value P2Calculating a public key pk by the second signature part s and the first signature part r1The calculation formula is as follows:
pk1=(s+r)-1P2
s36, calculating public key pk1The hash value h of (a) is calculated by the following formula:
h=SM3(pk1)
get the public key pk1The last 20 bytes of the hash value h as the address, i.e. addr ═ h [:20 [ ]]。
6. The method for recovering public keys and addresses based on sm2 signature in block chain according to claim 5, wherein the formula for calculating the abscissa x in step S31 is as follows:
x=r-e mod n
in the above formula, n is the order of generator G.
CN202010993429.0A 2020-09-21 2020-09-21 Method for recovering public key and address based on sm2 signature in block chain Pending CN112152814A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010993429.0A CN112152814A (en) 2020-09-21 2020-09-21 Method for recovering public key and address based on sm2 signature in block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010993429.0A CN112152814A (en) 2020-09-21 2020-09-21 Method for recovering public key and address based on sm2 signature in block chain

Publications (1)

Publication Number Publication Date
CN112152814A true CN112152814A (en) 2020-12-29

Family

ID=73893348

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010993429.0A Pending CN112152814A (en) 2020-09-21 2020-09-21 Method for recovering public key and address based on sm2 signature in block chain

Country Status (1)

Country Link
CN (1) CN112152814A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113067703A (en) * 2021-03-19 2021-07-02 上海摩联信息技术有限公司 Terminal equipment data uplink method and system
CN113158176A (en) * 2021-06-02 2021-07-23 工业信息安全(四川)创新中心有限公司 Public key analysis method, device, equipment and storage medium based on SM2 signature

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106878022A (en) * 2017-02-15 2017-06-20 中钞信用卡产业发展有限公司北京智能卡技术研究院 The method and device signed on block chain, verified
CN110458554A (en) * 2019-03-31 2019-11-15 西安电子科技大学 The data fast transaction method of identity-based on block chain
CN111066285A (en) * 2019-05-31 2020-04-24 阿里巴巴集团控股有限公司 Method for recovering public key based on SM2 signature

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106878022A (en) * 2017-02-15 2017-06-20 中钞信用卡产业发展有限公司北京智能卡技术研究院 The method and device signed on block chain, verified
CN110458554A (en) * 2019-03-31 2019-11-15 西安电子科技大学 The data fast transaction method of identity-based on block chain
CN111066285A (en) * 2019-05-31 2020-04-24 阿里巴巴集团控股有限公司 Method for recovering public key based on SM2 signature

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113067703A (en) * 2021-03-19 2021-07-02 上海摩联信息技术有限公司 Terminal equipment data uplink method and system
CN113067703B (en) * 2021-03-19 2022-09-20 上海摩联信息技术有限公司 Terminal equipment data uplink method and system
CN113158176A (en) * 2021-06-02 2021-07-23 工业信息安全(四川)创新中心有限公司 Public key analysis method, device, equipment and storage medium based on SM2 signature
CN113158176B (en) * 2021-06-02 2022-08-02 工业信息安全(四川)创新中心有限公司 Public key analysis method, device, equipment and storage medium based on SM2 signature

Similar Documents

Publication Publication Date Title
CN108551392B (en) Blind signature generation method and system based on SM9 digital signature
WO2015021934A1 (en) Method and device for generating digital signature
CN109272316B (en) Block implementing method and system based on block chain network
CN112152814A (en) Method for recovering public key and address based on sm2 signature in block chain
CA2555322C (en) One way authentication
CN112152777B (en) Homomorphic cryptographic operation-oriented key conversion method, system, equipment and readable storage medium
KR20170134976A (en) Proof of Ownership-Based User Identification System
CN108259506B (en) SM2 whitepack password implementation method
CN112152807B (en) Two-party cooperative digital signature method based on SM2 algorithm
CN110535635B (en) Cooperative signature method and system supporting information hiding
CA2669472C (en) Compressed ecdsa signatures
CN109933304B (en) Rapid Montgomery modular multiplier operation optimization method suitable for national secret sm2p256v1 algorithm
CN112380269A (en) Identity card information inquiry and evidence fixing and obtaining method based on block chain
CN112883398B (en) Homomorphic encryption-based data integrity verification method
CN113014398B (en) Aggregate signature generation method based on SM9 digital signature algorithm
CN112491560A (en) SM2 digital signature method and medium supporting batch verification
CN106330424A (en) Anti-attack method and device of password module based on SM3 algorithm
US20220021541A1 (en) An online and offline circulating unbalanced oil and vinegar signature method
US9288041B2 (en) Apparatus and method for performing compression operation in hash algorithm
Alabbadi et al. Digital signature schemes based on error-correcting codes
RU2008140403A (en) METHOD FOR GENERATING AND CHECKING THE AUTHENTICITY OF AN ELECTRONIC DIGITAL SIGNATURE AUTHORIZING AN ELECTRONIC DOCUMENT
CN110336678B (en) Signature algorithm for preventing falsification of mass data in Internet of vehicles
Preneel et al. Security analysis of the message authenticator algorithm (MAA)
CN117478327B (en) PUF-based von Neumann key generator depolarization algorithm
CN115174057B (en) Online offline signature generation method and system based on SM2 signature

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20201229

RJ01 Rejection of invention patent application after publication