CN113158176B - Public key analysis method, device, equipment and storage medium based on SM2 signature - Google Patents

Public key analysis method, device, equipment and storage medium based on SM2 signature Download PDF

Info

Publication number
CN113158176B
CN113158176B CN202110611489.6A CN202110611489A CN113158176B CN 113158176 B CN113158176 B CN 113158176B CN 202110611489 A CN202110611489 A CN 202110611489A CN 113158176 B CN113158176 B CN 113158176B
Authority
CN
China
Prior art keywords
public key
signature
point
elliptic curve
converting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110611489.6A
Other languages
Chinese (zh)
Other versions
CN113158176A (en
Inventor
罗影
张文科
郭晓玲
敖麒
刘红军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial Information Security Sichuan Innovation Center Co ltd
Original Assignee
Industrial Information Security Sichuan Innovation Center Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial Information Security Sichuan Innovation Center Co ltd filed Critical Industrial Information Security Sichuan Innovation Center Co ltd
Priority to CN202110611489.6A priority Critical patent/CN113158176B/en
Publication of CN113158176A publication Critical patent/CN113158176A/en
Application granted granted Critical
Publication of CN113158176B publication Critical patent/CN113158176B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Abstract

The invention discloses a public key analysis method, a device, equipment and a storage medium based on SM2 signature, wherein the method comprises the following steps: inputting standard SM2 signature value (r ', s '), message M ' executed with digital signature, and hash value of signer
Figure 931407DEST_PATH_IMAGE001
Distinguishable identification of signer
Figure 25265DEST_PATH_IMAGE002
And elliptic curve system parameters including elliptic curve equation parameters a, b and base point G = (x) G ,y G ) And the order n of the base point; s2: converting the data types of r 'and s' into integers
Figure 822319DEST_PATH_IMAGE003
Calculating
Figure 368838DEST_PATH_IMAGE004
Converting the data type of e' into an integer; s3: the public key of the signer is resolved by converting the compressed point to a point on an elliptic curve. The invention realizes public key resolution of SM2 signature with execution efficiency basically equivalent to that of the traditional method under the condition of not changing SM2 signature algorithm and not reducing the security of SM2 signature algorithm.

Description

Public key analysis method, device, equipment and storage medium based on SM2 signature
Technical Field
The invention belongs to the field of information security, and particularly relates to a public key analysis method, device, equipment and storage medium based on SM2 signature.
Background
Cryptologists NealKoblitz and Victor Miller, in 1985, proposed the idea of Elliptic Curve Cryptography (ECC) respectively, making it a powerful tool for constructing public key cryptosystems. The SM2 algorithm specified in the national standard GB/T32918 'information security technology SM2 elliptic curve public key cryptographic algorithm' is a specific ECC cryptographic algorithm, and mainly comprises a digital signature algorithm, a key exchange protocol and a public key encryption algorithm. GB/T32918.2 stipulates the digital signature algorithm of SM2 elliptic curve public key cryptographic algorithm, including digital signature generation algorithm and verification algorithm and corresponding flow, can satisfy the safety requirements of identity authentication and data integrity, information source authenticity in various cryptographic applications. The digital signature algorithm generates a digital signature on data by a signer and verifies the authenticity of the signature by a verifier. Each signer has a public key and a private key, wherein the private key is used to generate the signature and the verifier verifies the signature with the public key of the signer. Before the generation process of the signature and the verification process of the signature, a cipher hash function is respectively used for compressing the distinguishable identification ID of the signature user, partial elliptic curve system parameters, the public key hash value of the signature user and the message to be signed to obtain the hash value of the user.
In many fields such as cloud computing, big data, internet of things, mobile internet, industrial control systems, block chains and the like, SM2 is used for data signature to ensure data authenticity and integrity, and in order to verify the correctness of the signature, a public key needs to be verified, and the public key is used for executing an SM2 signature verification function. In order to solve the problem of how to acquire a public key under the conditions that the public key is not timely sent or the data of the public key is abnormal and the like, an SM2 signature recovery public key method (Wanyao, Rahao, Linli, a method for recovering the public key based on SM2 signature [ P ]. Karman island: CN111066285A, 2020-04-24.) is provided for the Wangzhao of Aliaba and the like for the subsequent execution of an SM2 signature verification function, and an SM2 signature recovery public key scheme (Wangzhao, Jiang Meng, Baijian, subsun) is provided for the application scenes of a block chain such as Wangzhao of China Nean and the like (Wangzhao, Jiang, Lang, and Li, a method for recovering the public key and the address based on SM2 signature [ P ]. Sichuan province: CN112152814A, 2020-12-29) in the block chain. Both of these solutions solve the problem of recovering the public key from the SM2 signature.
Although these two schemes can recover the public key, there are the following problems.
(1) Both of these schemes completely change the signature algorithm of SM 2: the input parameters, output results and execution flow of the SM2 signature algorithm are changed.
(2) These two schemes are incompatible with existing SM2 signature and signature verification algorithms: on the one hand, the standard SM2 signature value cannot recover the public key using these two schemes, and on the other hand, the signature value calculated by these two algorithms cannot be recognized by the standard SM2 signature verification algorithm.
(3) Both of these solutions result in the SM2 software and hardware implementation modules having to be modified, especially not for hardware implementation.
(4) These two schemes may risk reducing the security of the signature of the SM2 algorithm: an additional output parameter v is introduced from within the SM2 signature algorithm, which would reduce the security of the SM2 signature algorithm, neither of which gives an explicit security analysis evaluation.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides a public key analysis method, a device, equipment and a storage medium based on SM2 signature, which realize public key analysis of SM2 signature with execution efficiency basically equivalent to that of the traditional method under the condition of not changing SM2 signature algorithm and not reducing the security of SM2 signature algorithm.
The purpose of the invention is realized by the following technical scheme:
the symbols, abbreviations or notations used in the present invention are as follows:
a and B: two users of the SM2 public key cryptosystem, a being the signer and B being the verification signer.
q: finite field F q The number of elements in (c).
F q : a finite field containing q elements.
a,b:F q The elements in (1), which define F q An elliptic curve E above.
E(F q ):F q A set of all rational points of the upper elliptic curve E.
O: the infinity point (or zero point) on the elliptic curve E is the unit cell of the elliptic curve addition group.
G: the order n of a base point of the elliptic curve is prime.
#E(F q ):E(F q ) The number of points on, called elliptic curve E (F) q ) The order of (a).
n: the order of the base point G.
[k] P: the point k times the point P on the elliptic curve.
d A ,d B : private keys of user a and user B, respectively.
P A ,P B : public keys for user a and user B, respectively.
Hash (): a cryptographic hash function.
Figure 100002_DEST_PATH_IMAGE001
: a cryptographic hash function with a message digest length of v bits.
ID A ,ID B : user A is respectively of length entlen A Bit distinguishable identification ID A And user B has a length ofentlen B Bit distinguishable identification ID B
ENTL A ,ENTL B : respectively, a discernible identity ID of user a A Bit length of (entlen) A Converted two bytes ENTL A And a discemable identification ID of user B B Bit length of (entlen) B Converted two bytes ENTL B
Z A ,Z B : respectively hash values for user a/user B. With the hash value Z of user A A For example, the coordinates x of the elliptic curve equation parameters a, b, G are first scaled according to the algorithm given in sections 4.2.5 and 4.2.4 of GB/T32918.1 G 、y G And P A Coordinate x of A 、y A Is converted into a bit string and then recalculated
Figure 431231DEST_PATH_IMAGE002
mod n: modulo n arithmetic. For example, 23mod7= 2.
x | | y: and splicing x and y, wherein x and y are bit strings or byte strings.
The public key analysis method based on SM2 signature comprises the following steps:
s1: inputting standard SM2 signature value (r ', s '), message M ' executed with digital signature, and hash value of signer
Figure 100002_DEST_PATH_IMAGE003
Distinguishable identification of signer
Figure 593222DEST_PATH_IMAGE004
And elliptic curve system parameters including elliptic curve equation parameters a, b and base point G = (x) G ,y G ) And the order n of the base point;
s2: converting the data types of r 'and s' into integers
Figure 920298DEST_PATH_IMAGE005
Calculating
Figure 142332DEST_PATH_IMAGE006
Converting the data type of e' into an integer;
s3: resolving the public key of the signer by converting the compressed point into a point on the elliptic curve;
wherein the content of the first and second substances,
Figure 100002_DEST_PATH_IMAGE007
is the concatenation of x and y, wherein x and y are bit strings or byte strings,
Figure 554859DEST_PATH_IMAGE008
is a cryptographic hash function with a message digest length of v bits.
Further, the method also comprises an input parameter checking step: examination of
Figure 100002_DEST_PATH_IMAGE009
And
Figure 753496DEST_PATH_IMAGE010
if the two are not true, returning an error; where n is the order of the base point G.
Further, when an intermediate temporary variable is used, step S3 specifically includes:
s311: computing
Figure 100002_DEST_PATH_IMAGE011
Figure 872762DEST_PATH_IMAGE012
S312: bit setting
Figure 100002_DEST_PATH_IMAGE013
Compressing the point
Figure 328014DEST_PATH_IMAGE014
Conversion to a point on the SM2 elliptic curve
Figure 100002_DEST_PATH_IMAGE015
S313: put n e =0,n e An error number counter;
s314: computing public keys
Figure 165520DEST_PATH_IMAGE016
Wherein [ k ]]P: the point k times the point P on the elliptic curve.
Further, the method also comprises a public key correctness checking step:
a, b and x G 、y G
Figure 100002_DEST_PATH_IMAGE017
Figure 669314DEST_PATH_IMAGE018
Converting the data type of the data into a byte string;
computing
Figure 100002_DEST_PATH_IMAGE019
Examination of
Figure 705403DEST_PATH_IMAGE020
If yes, return to
Figure 100002_DEST_PATH_IMAGE021
Otherwise, calculate n e = n e +1, check n e If not more than 1 is true, if true, Q is set = -Q, and step S314 is executed.
Further, when two intermediate temporary variables are used, step S3 specifically includes:
s321: computing
Figure 767775DEST_PATH_IMAGE022
Figure 100002_DEST_PATH_IMAGE023
Figure 92577DEST_PATH_IMAGE024
S322: bit setting
Figure 100002_DEST_PATH_IMAGE025
To compress the point
Figure 134482DEST_PATH_IMAGE026
Conversion to a point on the SM2 elliptic curve
Figure 100002_DEST_PATH_IMAGE027
S323: n is arranged e =0,n e An error number counter;
s324: computing public keys
Figure 290657DEST_PATH_IMAGE028
(ii) a Wherein the content of the first and second substances,
Figure 100002_DEST_PATH_IMAGE029
Figure 25395DEST_PATH_IMAGE030
wherein, [ k ] P: the point k times the point P on the elliptic curve.
Further, the method also comprises a public key correctness checking step:
a, b and x G 、y G
Figure 100002_DEST_PATH_IMAGE031
Figure 93886DEST_PATH_IMAGE032
Converting the data type of the data into a byte string;
computing
Figure 100002_DEST_PATH_IMAGE033
Examination of
Figure 267379DEST_PATH_IMAGE034
If yes, return to
Figure DEST_PATH_IMAGE035
Otherwise, calculate n e = n e +1, check n e If it is not more than 1, set R 1 =-R 1 Step S324 is executed;
wherein, [ k ] P: the point k times the point P on the elliptic curve.
Further, the method also comprises a public key correctness checking step:
a, b and x G 、y G
Figure 215743DEST_PATH_IMAGE036
Figure DEST_PATH_IMAGE037
Converting the data type of the data into a byte string;
computing
Figure 121382DEST_PATH_IMAGE038
Examination of
Figure 217514DEST_PATH_IMAGE039
If yes, return to
Figure 663539DEST_PATH_IMAGE040
Otherwise, calculate n e = n e +1, check n e If it is not more than 1, set R 1 =-R 1 Step S324 is performed.
On the other hand, the invention also provides a public key analysis device based on SM2 signature, which comprises:
the parameter input module is used for inputting parameters required by analyzing the public key;
the data conversion module is used for converting data types;
and the public key analysis module is used for converting the compression point into a point on the elliptic curve to analyze the public key of the signer.
Further, the system also comprises a parameter checking module and a public key checking module; wherein, the first and the second end of the pipe are connected with each other,
the parameter checking module is used for checking whether the input parameters are wrong;
and the public key verifying module is used for verifying the correctness of the public key according to the hash value of the signer.
In another aspect, the present invention further provides a computer device, which includes a processor and a memory, where the memory stores a computer program, and the computer program is loaded and executed by the processor to implement any one of the above public key parsing methods based on SM2 signature.
In another aspect, the present invention further provides a computer-readable storage medium, in which a computer program is stored, the computer program being loaded and executed by a processor to implement any one of the above public key parsing methods based on SM2 signature.
The invention has the beneficial effects that:
the defects of the traditional scheme are overcome, and the signature algorithm of the SM2 is changed. The invention does not make any changes to the SM2 signature algorithm.
The defects of the traditional scheme are overcome, and the traditional SM2 signature algorithm and signature verification algorithm are incompatible. The invention uses the signature value of the standard SM2 signature algorithm, thus being completely compatible with the existing SM2 signature algorithm and the existing SM2 signature verification algorithm.
The defects of the traditional scheme are overcome, and the SM2 software and hardware implementation modules need to be changed. The invention uses the signature value of the standard SM2 signature algorithm, so that the SM2 software and hardware implementation modules do not need to be modified.
The method solves the defects of the traditional scheme, and probably has the risk of reducing the signature security of the SM2 algorithm. The signature value of the standard SM2 signature algorithm is used in the invention, and the SM2 signature algorithm is not changed, so that the security of the SM2 signature algorithm is not influenced in any negative way.
The performance efficiency of the present invention is comparable to that of the conventional scheme, since the performance efficiency of multiple points ([ k ] P) is the slowest and differs by several orders of magnitude in SM2 and related schemes compared to the hash operation, point addition, integer operation, etc. involved, the performance efficiency of the scheme is usually evaluated in terms of the number of times the multiple points are performed. The two schemes of the invention and the traditional scheme both need to execute the multi-point operation for 2 times, so the execution efficiency of the invention is equivalent to that of the two schemes of the traditional scheme.
Drawings
Fig. 1 is a flow chart of a public key parsing method based on SM2 signature according to embodiment 1 of the present invention;
fig. 2 is a flowchart of a public key parsing method based on SM2 signature according to embodiment 2 of the present invention.
Detailed Description
The embodiments of the present invention are described below with reference to specific embodiments, and other advantages and effects of the present invention will be easily understood by those skilled in the art from the disclosure of the present specification. The invention is capable of other and different embodiments and of being practiced or of being carried out in various ways, and its several details are capable of modification in various respects, all without departing from the spirit and scope of the present invention. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict.
It should be noted that, in order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention are clearly and completely described below, and it is obvious that the described embodiments are some embodiments of the present invention, but not all embodiments.
Thus, the following detailed description of the embodiments of the present invention is not intended to limit the scope of the invention as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
First, the symbols, abbreviations and signs used in the present embodiment will be explained.
A and B: two users of the SM2 public key cryptosystem, a being the signer and B being the verification signer.
q: finite field F q The number of elements in (c).
F q : a finite field containing q elements.
a,b:F q The elements in (1), which define F q An elliptic curve E above.
E(F q ):F q A set of all rational points of the upper elliptic curve E.
O: the infinity point (or zero point) on the elliptic curve E is the unit cell of the elliptic curve addition group.
G: the order n of a base point of the elliptic curve is prime.
#E(F q ):E(F q ) The number of points on, called elliptic curve E (F) q ) The order of (a).
n: the order of the base point G.
[k] P: the point k times the point P on the elliptic curve.
d A ,d B : private keys of user a and user B, respectively.
P A ,P B : public keys for user a and user B, respectively.
Hash (): a cryptographic hash function.
Figure 731989DEST_PATH_IMAGE041
: a cryptographic hash function with a message digest length of v bits.
ID A ,ID B : user A is respectively of length entlen A Bit distinguishable identification ID A And user B is entlen in length B Bit distinguishable identification ID B
ENTL A ,ENTL B : respectively, a discernible identity ID of user a A Bit length of (entlen) A Converted two bytes ENTL A And a discemable identification ID of user B B Bit length of (entlen) B Converted two bytes ENTL B
Z A ,Z B : respectively hash values for user a/user B. With the hash value Z of user A A For example, the coordinates x of the elliptic curve equation parameters a, b, G are first scaled according to the algorithm given in sections 4.2.5 and 4.2.4 of GB/T32918.1 G 、y G And P A Coordinate x of A 、y A Is converted into a bit string and then recalculated
Figure 870847DEST_PATH_IMAGE042
mod n: modulo n arithmetic. For example, 23mod7= 2.
x | | y: and splicing x and y, wherein x and y are bit strings or byte strings.
As shown in fig. 1, it is a flow chart of a public key parsing method based on SM2 signature provided in this embodiment, and the method specifically includes the following steps:
s1: inputting standard SM2 signature value (r ', s '), message M ' executed with digital signature, and hash value of signer
Figure 890493DEST_PATH_IMAGE003
Distinguishable identification of signer
Figure 140209DEST_PATH_IMAGE004
And elliptic curve system parameters including elliptic curve equation parameters a, b and base point G = (x) G ,y G ) And the order n of the base point, checking the input parameters and calculating the hash value calculation.
S1-1: converting the data types of r 'and s' into integers according to the specification of the data type conversion of section 4.2 of SM2 standard GB/T32918.1, and checking
Figure 63165DEST_PATH_IMAGE009
And
Figure 372924DEST_PATH_IMAGE043
whether both are true. If one fails to becomeImmediately, an "error" is returned.
S1-2: device for placing
Figure 381331DEST_PATH_IMAGE044
Calculating
Figure 434738DEST_PATH_IMAGE006
According to the specification of section 4.2 data type conversion of the SM2 standard GB/T32918.1, the data type conversion method is to
Figure 212201DEST_PATH_IMAGE045
Converts to integers.
S2A: the public key of the signer is parsed.
S2A-1: computing
Figure 692861DEST_PATH_IMAGE046
Figure 985302DEST_PATH_IMAGE047
;t 1 Is an intermediate temporary variable;
S2A-2: bit setting
Figure 278618DEST_PATH_IMAGE013
Compression point defined by the SM2 standard
Figure 972904DEST_PATH_IMAGE014
Conversion to a point on the SM2 elliptic curve
Figure 562149DEST_PATH_IMAGE048
Preferably, the specific implementation mode can adopt the A.5 scheme of GB/T32918.1;
S2A-3: put n e =0,n e The error number counter is initialized to 0 and is used for verifying the correctness of the subsequent public key;
S2A-4: computing public keys
Figure 607465DEST_PATH_IMAGE016
Wherein [ k ]]P: k times the point P on the elliptic curve;
s3: the correctness of the public key is checked using the hash value of the signer.
S3-1: a, b, x according to the specification of the 4.2 th data type conversion of the SM2 standard GB/T32918.1 G 、y G
Figure 940357DEST_PATH_IMAGE049
Figure 489150DEST_PATH_IMAGE050
Is converted into a string of bytes. Computing
Figure 577192DEST_PATH_IMAGE019
S3-2: examination of
Figure 781909DEST_PATH_IMAGE051
If yes, return to
Figure 715230DEST_PATH_IMAGE021
(ii) a Otherwise (
Figure 820327DEST_PATH_IMAGE052
False), calculate n e = n e +1, check n e If the result is not more than 1, setting Q = -Q, and jumping to the step S2A-4; otherwise (n) e Not ≦ 1) returns an "error".
Compressing point
Figure 79270DEST_PATH_IMAGE026
Conversion to a point on the SM2 elliptic curve
Figure 505703DEST_PATH_IMAGE053
Two points are actually obtained
Figure 445977DEST_PATH_IMAGE054
And
Figure 969362DEST_PATH_IMAGE055
thus, firstly, to
Figure 71310DEST_PATH_IMAGE056
And checking the point as a correct point, and selecting another point as a correct Q point if the public key is wrong.
The public key parsing method based on SM2 signature provided by the embodiment realizes public key parsing of SM2 signature with execution efficiency basically equivalent to that of the conventional method under the condition of not changing SM2 signature algorithm and not reducing the security of SM2 signature algorithm.
Example 2
The symbols, abbreviations and signs used in this example are the same as those in example 1, and are not described herein again.
As shown in fig. 2, it is a flow chart of the public key parsing method based on SM2 signature provided in this embodiment, and the method specifically includes the following steps:
s1: the input standard SM2 signature value (r ', s '), the message M ' on which the digital signature is performed, the hash value of the signer
Figure 312936DEST_PATH_IMAGE057
Distinguishable identification of signer
Figure 853639DEST_PATH_IMAGE058
And elliptic curve system parameters including elliptic curve equation parameters a, b and base point G = (x) G ,y G ) And the order n of the base point, checking the input parameters and calculating the hash value calculation.
S1-1: converting the data types of r 'and s' into integers according to the specification of the 4.2 th section data type conversion of SM2 standard GB/T32918.1, and checking
Figure 667749DEST_PATH_IMAGE059
And
Figure 268494DEST_PATH_IMAGE043
whether both are true. If one fails, an error is returned.
S1-2: device for placing
Figure 669520DEST_PATH_IMAGE060
Calculating
Figure 13913DEST_PATH_IMAGE061
According to the specification of section 4.2 data type conversion of the SM2 standard GB/T32918.1, the data type conversion method is to
Figure 449574DEST_PATH_IMAGE062
The data type of (c) is converted into an integer.
S2B: the public key of the signer is parsed.
S2B-1: computing
Figure 955642DEST_PATH_IMAGE063
Figure 171859DEST_PATH_IMAGE064
Figure 992048DEST_PATH_IMAGE065
;t 1 、t 2 Is an intermediate temporary variable;
S2B-2: bit setting
Figure 344532DEST_PATH_IMAGE025
Compression point defined by the SM2 standard
Figure 457719DEST_PATH_IMAGE066
Conversion to a point on the SM2 elliptic curve
Figure 895654DEST_PATH_IMAGE067
Preferably, the specific implementation mode can adopt the A.5 scheme of GB/T32918.1;
S2B-3: put n e =0,n e The error number counter is initialized to 0 for verifying the correctness of the public key subsequently; computing
Figure 519533DEST_PATH_IMAGE029
Figure 726523DEST_PATH_IMAGE068
S2B-4: computing
Figure 777656DEST_PATH_IMAGE028
S3: the correctness of the public key is checked using the hash value of the signer.
S3-1: a, b, x according to the specification of the 4.2 th data type conversion of the SM2 standard GB/T32918.1 G 、y G
Figure 702887DEST_PATH_IMAGE069
Figure 927195DEST_PATH_IMAGE070
Is converted into a string of bytes. Computing
Figure 191954DEST_PATH_IMAGE071
S3-2: examination of
Figure 476305DEST_PATH_IMAGE034
If yes, return to
Figure 59470DEST_PATH_IMAGE035
(ii) a Otherwise (
Figure 87469DEST_PATH_IMAGE072
False), calculate n e = n e +1, check n e Whether or not 1 is true, if true, put R 1 =-R 1 Jumping to step S2B-4; otherwise (n) e Not ≦ 1) returns an "error".
Compressing point
Figure 206735DEST_PATH_IMAGE066
Conversion to a point on the SM2 elliptic curve
Figure 661987DEST_PATH_IMAGE073
Actually, two will be obtainedDot
Figure 499493DEST_PATH_IMAGE074
And
Figure 65604DEST_PATH_IMAGE075
thus, firstly, to
Figure 39376DEST_PATH_IMAGE076
And checking the point as a correct point, and selecting another point as a correct Q point if the public key is wrong.
Since operations other than the multi-point operation take extremely short time compared to the multi-point operation, the number of times of the multi-point operation is counted:
in example 1, (S1 + S2A + S3) as per the flow, S2A-1 to S2A-4 are performed once; if S3-2 appears
Figure 665529DEST_PATH_IMAGE034
Is not true and n e When the value is less than or equal to 1, the control device jumps back to S2A-4 to execute S2A-4 again. The probability is 1/2.
In example 2, (S1 + S2B + S3) as per the flow, S2B-1 to S2B-4 are performed once; if S3-2 appears
Figure 223287DEST_PATH_IMAGE034
Is false and n e When the value is less than or equal to 1, the control device jumps back to S2B-4 to execute S2B-4 again. The probability is 1/2.
From the above, in embodiment 1, the multi-point operation (e.g., [ s ] G) is performed:
(1) S2A-4 when executed for the first time: 2 times;
(2) when the equation does not jump back to S2A-4: 0.5 x 2 times; totaling: 3 times.
In embodiment 2, the multi-point operation (e.g., [ s ] G) performs:
(1) S2A-3 and S2A-4 performed for the first time: 2 times;
(2) when the equation does not jump back to S2B-4: 0 time; totaling: 2 times.
As described above, in embodiment 2, the operation time is shorter than that in embodiment 1, and the SM2 public key can be analyzed more efficiently.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (7)

1. The public key analysis method based on SM2 signature is characterized by comprising the following steps:
s1: inputting standard SM2 signature value (r ', s '), message M ' executed with digital signature, and hash value of signer
Figure DEST_PATH_IMAGE001
Distinguishable identification of signer
Figure 169018DEST_PATH_IMAGE002
And elliptic curve system parameters including elliptic curve equation parameters a, b and base point G = (x) G ,y G ) And the order n of the base point; examination of
Figure DEST_PATH_IMAGE003
And
Figure 555000DEST_PATH_IMAGE004
if the two are not true, returning an error; wherein n is the order of the base point G;
s2: converting the data types of r 'and s' into integers
Figure DEST_PATH_IMAGE005
Calculating
Figure 659704DEST_PATH_IMAGE006
Converting the data type of e' into an integer;
s3: converting the compression point into a point on an elliptic curve through an intermediate temporary variable to analyze the public key of the signer;
when an intermediate temporary variable is used, step S3 specifically includes:
s311: computing
Figure DEST_PATH_IMAGE007
Figure 648388DEST_PATH_IMAGE008
S312: bit setting
Figure DEST_PATH_IMAGE009
Compressing the point
Figure 931602DEST_PATH_IMAGE010
Conversion to a point on the SM2 elliptic curve
Figure DEST_PATH_IMAGE011
S313: put n e =0,n e An error number counter;
a, b and x G 、y G
Figure 81961DEST_PATH_IMAGE012
Figure DEST_PATH_IMAGE013
Converting the data type of the data into a byte string;
computing
Figure 817835DEST_PATH_IMAGE014
Examination of
Figure DEST_PATH_IMAGE015
If yes, return to
Figure 610211DEST_PATH_IMAGE016
Otherwise, calculate n e = n e +1, check n e If not more than 1 is true, if so, Q is set to be Q = -Q, and the step S314 is executed;
s314: computing public keys
Figure DEST_PATH_IMAGE017
Wherein [ k ]]P: k times the point P on the elliptic curve;
wherein the content of the first and second substances,
Figure 606986DEST_PATH_IMAGE018
is the concatenation of x and y, wherein x and y are bit strings or byte strings,
Figure DEST_PATH_IMAGE019
is a cryptographic hash function with a message digest length of v bits.
2. The method for public key resolution based on SM2 signature as claimed in claim 1, wherein when two intermediate temporary variables are used, step S3 specifically includes:
s321: computing
Figure 334770DEST_PATH_IMAGE020
Figure DEST_PATH_IMAGE021
Figure 557941DEST_PATH_IMAGE022
S322: bit setting
Figure DEST_PATH_IMAGE023
Compressing the point
Figure 622849DEST_PATH_IMAGE024
Conversion to a point on the SM2 elliptic curve
Figure DEST_PATH_IMAGE025
S323: put n e =0,n e An error number counter;
s324: computing public keys
Figure 739710DEST_PATH_IMAGE026
(ii) a Wherein the content of the first and second substances,
Figure DEST_PATH_IMAGE027
Figure 638396DEST_PATH_IMAGE028
wherein, [ k ] P: the point k times the point P on the elliptic curve.
3. The public key parsing method based on SM2 signature as claimed in claim 2, wherein the method further comprises a public key correctness checking step of:
a, b and x G 、y G
Figure DEST_PATH_IMAGE029
Figure 207917DEST_PATH_IMAGE030
Converting the data type of the data into a byte string;
computing
Figure DEST_PATH_IMAGE031
Examination of
Figure 951882DEST_PATH_IMAGE032
If yes, return to
Figure DEST_PATH_IMAGE033
Otherwise, calculate n e = n e +1, check n e Whether or not less than 1If true, put R 1 =-R 1 Step S324 is performed.
4. An SM2 signature-based public key parsing apparatus for implementing the SM2 signature-based public key parsing method as claimed in claim 1, the apparatus comprising:
the parameter input module is used for inputting parameters required by analyzing the public key;
the data conversion module is used for converting data types;
and the public key analysis module is used for converting the compression point into a point on the elliptic curve to analyze the public key of the signer.
5. The public key parsing apparatus based on SM2 signature as recited in claim 4, further comprising a parameter verification module and a public key verification module; wherein the content of the first and second substances,
the parameter checking module is used for checking whether the input parameters are wrong;
and the public key verifying module is used for verifying the correctness of the public key according to the hash value of the signer.
6. A computer device, characterized in that the computer device comprises a processor and a memory, in which a computer program is stored, which is loaded and executed by the processor to implement the public key parsing method based on SM2 signature according to any of claims 1 to 3.
7. A computer-readable storage medium, in which a computer program is stored, which is loaded and executed by a processor to implement the SM2 signature-based public key parsing method according to any one of claims 1 to 3.
CN202110611489.6A 2021-06-02 2021-06-02 Public key analysis method, device, equipment and storage medium based on SM2 signature Active CN113158176B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110611489.6A CN113158176B (en) 2021-06-02 2021-06-02 Public key analysis method, device, equipment and storage medium based on SM2 signature

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110611489.6A CN113158176B (en) 2021-06-02 2021-06-02 Public key analysis method, device, equipment and storage medium based on SM2 signature

Publications (2)

Publication Number Publication Date
CN113158176A CN113158176A (en) 2021-07-23
CN113158176B true CN113158176B (en) 2022-08-02

Family

ID=76875492

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110611489.6A Active CN113158176B (en) 2021-06-02 2021-06-02 Public key analysis method, device, equipment and storage medium based on SM2 signature

Country Status (1)

Country Link
CN (1) CN113158176B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114499860A (en) * 2022-03-22 2022-05-13 深圳壹账通智能科技有限公司 Signature public key compression method and device, computer equipment and storage medium
CN115842683B (en) * 2023-02-20 2023-07-07 中电装备山东电子有限公司 Signature generation method for communication of electricity consumption information acquisition system

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107196763A (en) * 2017-07-06 2017-09-22 数安时代科技股份有限公司 SM2 algorithms collaboration signature and decryption method, device and system
CN108667623A (en) * 2018-05-28 2018-10-16 广东工业大学 A kind of SM2 ellipse curve signatures verification algorithm
CN109600233A (en) * 2019-01-15 2019-04-09 西安电子科技大学 Group ranking mark based on SM2 Digital Signature Algorithm signs and issues method
CN109698751A (en) * 2018-11-09 2019-04-30 北京中宇万通科技股份有限公司 Digital signature generates and sign test method, computer equipment and storage medium
WO2019101240A2 (en) * 2019-03-15 2019-05-31 Alibaba Group Holding Limited Authentication based on a recoverd public key
WO2019174402A1 (en) * 2018-03-14 2019-09-19 西安西电捷通无线网络通信股份有限公司 Group membership issuing method and device for digital group signature
CN111066285A (en) * 2019-05-31 2020-04-24 阿里巴巴集团控股有限公司 Method for recovering public key based on SM2 signature
CN111147246A (en) * 2020-02-18 2020-05-12 数据通信科学技术研究所 Multi-party collaborative signature method and system based on SM2
CN111835518A (en) * 2020-07-10 2020-10-27 中金金融认证中心有限公司 Error injection method and system in security evaluation of elliptic curve public key cryptographic algorithm
CN111901102A (en) * 2020-06-28 2020-11-06 成都质数斯达克科技有限公司 Data transmission method, electronic device and readable storage medium
CN112003693A (en) * 2020-07-31 2020-11-27 大陆云盾电子认证服务有限公司 SM 2-based multi-party participation digital signature method and system
CN112152814A (en) * 2020-09-21 2020-12-29 中国电子科技网络信息安全有限公司 Method for recovering public key and address based on sm2 signature in block chain
CN112367175A (en) * 2020-11-12 2021-02-12 西安电子科技大学 Implicit certificate key generation method based on SM2 digital signature
CN112887081A (en) * 2020-09-04 2021-06-01 深圳奥联信息安全技术有限公司 SM 2-based signature verification method, device and system

Patent Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107196763A (en) * 2017-07-06 2017-09-22 数安时代科技股份有限公司 SM2 algorithms collaboration signature and decryption method, device and system
WO2019174402A1 (en) * 2018-03-14 2019-09-19 西安西电捷通无线网络通信股份有限公司 Group membership issuing method and device for digital group signature
CN108667623A (en) * 2018-05-28 2018-10-16 广东工业大学 A kind of SM2 ellipse curve signatures verification algorithm
CN109698751A (en) * 2018-11-09 2019-04-30 北京中宇万通科技股份有限公司 Digital signature generates and sign test method, computer equipment and storage medium
CN109600233A (en) * 2019-01-15 2019-04-09 西安电子科技大学 Group ranking mark based on SM2 Digital Signature Algorithm signs and issues method
US10659233B1 (en) * 2019-03-15 2020-05-19 Alibaba Group Holding Limited Authentication based on a recovered public key
WO2019101240A2 (en) * 2019-03-15 2019-05-31 Alibaba Group Holding Limited Authentication based on a recoverd public key
CN110612700A (en) * 2019-03-15 2019-12-24 阿里巴巴集团控股有限公司 Authentication based on recovered public key
CN111066285A (en) * 2019-05-31 2020-04-24 阿里巴巴集团控股有限公司 Method for recovering public key based on SM2 signature
CN111147246A (en) * 2020-02-18 2020-05-12 数据通信科学技术研究所 Multi-party collaborative signature method and system based on SM2
CN111901102A (en) * 2020-06-28 2020-11-06 成都质数斯达克科技有限公司 Data transmission method, electronic device and readable storage medium
CN111835518A (en) * 2020-07-10 2020-10-27 中金金融认证中心有限公司 Error injection method and system in security evaluation of elliptic curve public key cryptographic algorithm
CN112003693A (en) * 2020-07-31 2020-11-27 大陆云盾电子认证服务有限公司 SM 2-based multi-party participation digital signature method and system
CN112887081A (en) * 2020-09-04 2021-06-01 深圳奥联信息安全技术有限公司 SM 2-based signature verification method, device and system
CN112152814A (en) * 2020-09-21 2020-12-29 中国电子科技网络信息安全有限公司 Method for recovering public key and address based on sm2 signature in block chain
CN112367175A (en) * 2020-11-12 2021-02-12 西安电子科技大学 Implicit certificate key generation method based on SM2 digital signature

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
Practical Partial-Nonce-Exposure Attack on ECC Algorithm;Kaiyu Zhang 等;《2017 3th International Conference on Computational Intelligence and Security(CIS)》;20180212;248-252 *
Study on Secret Sharing for SM2 Digital Signature and Its Application;Fan Ding 等;《2018 4th International Conference on Computational Intelligence and Security(CIS)》;20181206;205-209 *
中心化数字货币的安全编码技术研究;罗一帆;《中国优秀硕士学位论文全文数据库 信息科技辑》;20200115(第01期);I136-446 *
区块链中的身份识别和访问控制技术研究;张青禾;《中国优秀硕士学位论文全文数据库 信息科技辑》;20190115(第01期);I138-233 *
隐式证书的国密算法应用研究;王开轩 等;《信息网络安》;20210510;第21卷(第05期);74-81 *

Also Published As

Publication number Publication date
CN113158176A (en) 2021-07-23

Similar Documents

Publication Publication Date Title
WO2021238527A1 (en) Digital signature generation method and apparatus, computer device, and storage medium
US9698993B2 (en) Hashing prefix-free values in a signature scheme
CN113158176B (en) Public key analysis method, device, equipment and storage medium based on SM2 signature
US9049022B2 (en) Hashing prefix-free values in a certificate scheme
EP2658166A2 (en) Multiple hashing in a cryptographic scheme
CN112152793A (en) Odd index pre-computation for authentication path computation
MXPA04010155A (en) Use of isogenies for design of cryptosystems.
CN108650097B (en) Efficient digital signature aggregation method
US20070064930A1 (en) Modular exponentiation with randomized exponent
CN112446052B (en) Aggregated signature method and system suitable for secret-related information system
CN109214195A (en) A kind of the SM2 ellipse curve signature sign test hardware system and method for resisting differential power consumption attack
CN113055189B (en) SM2 digital signature verification failure reason judgment method, device, equipment and medium
CN112887081A (en) SM 2-based signature verification method, device and system
CN107104788B (en) Terminal and non-repudiation encryption signature method and device thereof
CN110505061B (en) Digital signature algorithm and system
CN110034936B (en) Pierceable digital signature method
CN112152784A (en) Parallel processing techniques for hash-based signature algorithms
Saepulrohman et al. Data integrity and security of digital signatures on electronic systems using the digital signature algorithm (DSA)
CN113722767A (en) Data integrity verification method, system, storage medium and computing equipment
Kotukh et al. Method of Security Improvement for MST3 Cryptosystem Based on Automorphism Group of Ree Function Field
CN108667619B (en) White box implementation method and device for SM9 digital signature
CN112217629B (en) Cloud storage public auditing method
CN114567448A (en) Collaborative signature method and collaborative signature system
CN114491575A (en) SM2 operation method, system, equipment and computer readable storage medium
CN114065233A (en) Digital signature aggregation method for big data and block chain application

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant