CN113259103B - Signature method and device, verification method and device, equipment and storage medium - Google Patents

Signature method and device, verification method and device, equipment and storage medium Download PDF

Info

Publication number
CN113259103B
CN113259103B CN202110664448.3A CN202110664448A CN113259103B CN 113259103 B CN113259103 B CN 113259103B CN 202110664448 A CN202110664448 A CN 202110664448A CN 113259103 B CN113259103 B CN 113259103B
Authority
CN
China
Prior art keywords
target
digital signature
result
signature information
secret value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110664448.3A
Other languages
Chinese (zh)
Other versions
CN113259103A (en
Inventor
张宇
汪宗斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Infosec Technologies Co Ltd
Original Assignee
Beijing Infosec Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Infosec Technologies Co Ltd filed Critical Beijing Infosec Technologies Co Ltd
Priority to CN202110664448.3A priority Critical patent/CN113259103B/en
Publication of CN113259103A publication Critical patent/CN113259103A/en
Application granted granted Critical
Publication of CN113259103B publication Critical patent/CN113259103B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The embodiment of the application provides a signature method and device, a verification method and device, equipment and a storage medium. Wherein, the method comprises the following steps: acquiring a target private key and system parameters provided by a key generation center; selecting any positive integer as a target secret value; generating a target parameter according to the target secret value and the system parameter, and sending the target parameter to a receiving party; and generating digital signature information according to the target private key, the target secret value and the target parameter, and sending the digital signature information to the receiver so that the receiver verifies the digital signature information according to the target parameter. The technical scheme provided by the embodiment of the application can improve the data security.

Description

Signature method and device, verification method and device, equipment and storage medium
Technical Field
The embodiment of the application relates to the technical field of computers, in particular to a signature method and device, a verification method and device, equipment and a storage medium.
Background
The national commercial cipher standard algorithm SM9 issued by the national cipher administration is an Identity-Based cipher (IBC) algorithm, the IBC algorithm calculates a public key of a user Based on Identity identifications such as the Identity number, the mobile phone number, the mailbox address and the like of the user, and omits the process of exchanging a digital certificate and the public key, so that the security system becomes easy to deploy and manage, and is very suitable for various occasions of end-to-end offline security communication, cloud data encryption, attribute-Based encryption and policy-Based encryption.
In the related art, in a data signature stage of the SM9 algorithm, a sender obtains a corresponding private key from a Key Generation Center (KGC), generates data signature information of the sender based on the private key, sends the data signature information to a receiver, verifies the data signature information by the receiver, and determines whether data received by the receiver is from the sender according to a verification result. However, since the key generation center generates the private key required by the sender to perform the digital signature, the key generation center may forge the sender data signature information using the private key and send the forged data signature information to the receiver for verification, and the receiver verifies the data signature information and determines that the data received by itself originates from the sender according to the verification result. In this way, the key generation center can send various data to the receiver on behalf of the sender, while the receiver perceives that the data originated from the sender, rather than from the key generation center. Obviously, when data transmission is performed based on the data signature method, data security is poor.
Disclosure of Invention
The embodiment of the application provides a signature method and device, a verification method and device, equipment and a storage medium, which are used for improving data security.
In a first aspect, an embodiment of the present application provides a signature method, including:
acquiring a target private key and system parameters provided by a key generation center; selecting any positive integer as a target secret value; generating a target parameter according to the target secret value and the system parameter, and sending the target parameter to a receiving party; and generating digital signature information according to the target private key, the target secret value and the target parameter, and sending the digital signature information to the receiver so that the receiver verifies the digital signature information according to the target parameter.
In a second aspect, an embodiment of the present application provides a verification method, including:
acquiring target parameters sent by a sender; the target parameters are obtained according to the target secret value and system parameters provided by a key generation center; receiving digital signature information sent by the sender; wherein the digital signature information is generated according to a target private key, the target secret value and the target parameter; and verifying the digital signature information according to the target parameter.
In a third aspect, an embodiment of the present application provides a verification method, including:
searching whether a target private key, a target secret value and a target parameter are locally stored or not in response to receiving the signature request; if the query result is negative, acquiring a target private key and system parameters provided by a key generation center, and locally storing the target private key; selecting any positive integer as a target secret value, and locally storing the target secret value; generating target parameters according to the target secret value and the system parameters, storing the target parameters locally, and sending the target parameters to a receiving party; and generating digital signature information according to the target private key, the target secret value and the target parameter, and sending the digital signature information to the receiver so that the receiver verifies the digital signature information according to the target parameter.
In a fourth aspect, an embodiment of the present application provides a signature apparatus, including:
the acquisition module is used for acquiring a target private key and system parameters provided by the key generation center; the processing module is used for selecting any positive integer as a target secret value; generating a target parameter according to the target secret value and the system parameter, and sending the target parameter to a receiving party; and generating digital signature information according to the target private key, the target secret value and the target parameter, and sending the digital signature information to the receiver so that the receiver verifies the digital signature information according to the target parameter.
In a fifth aspect, an embodiment of the present application provides a signature apparatus, including:
the acquisition module is used for responding to the received signature request and searching whether a target private key, a target secret value and a target parameter are locally stored or not; if the query result is negative, the target private key and the system parameters provided by the key generation center are obtained, and the target private key is stored locally. The processing module is used for selecting any positive integer as a target secret value and locally storing the target secret value; generating target parameters according to the target secret value and the system parameters, storing the target parameters locally, and sending the target parameters to a receiving party; and generating digital signature information according to the target private key, the target secret value and the target parameter, and sending the digital signature information to the receiver so that the receiver verifies the digital signature information according to the target parameter.
In a sixth aspect, an embodiment of the present application provides an authentication apparatus, including:
the acquisition module is used for acquiring the target parameters sent by the sender; the target parameters are obtained according to the target secret value and system parameters provided by a key generation center; receiving digital signature information sent by the sender; wherein the digital signature information is generated according to a target private key, the target secret value and the target parameter; and the processing module is used for verifying the digital signature information according to the target parameter.
In a seventh aspect, an embodiment of the present application provides an electronic device, including a processing component and a storage component;
the storage component stores one or more computer instructions; the one or more computer instructions to be invoked for execution by the processing component;
the processing component is to:
acquiring a target private key and system parameters provided by a key generation center; selecting any positive integer as a target secret value; generating a target parameter according to the target secret value and the system parameter, and sending the target parameter to a receiving party; generating digital signature information according to the target private key, the target secret value and the target parameter, and sending the digital signature information to the receiving party so that the receiving party verifies the digital signature information according to the target parameter, or,
the processing component is to:
searching whether a target private key, a target secret value and a target parameter are locally stored or not in response to receiving the signature request; if the query result is negative, acquiring a target private key and system parameters provided by a key generation center, and locally storing the target private key; selecting any positive integer as a target secret value, and locally storing the target secret value; generating target parameters according to the target secret value and the system parameters, storing the target parameters locally, and sending the target parameters to a receiving party; generating digital signature information according to the target private key, the target secret value and the target parameter, and sending the digital signature information to the receiving party so that the receiving party verifies the digital signature information according to the target parameter; alternatively, the first and second electrodes may be,
the processing component is to:
acquiring target parameters sent by a sender; the target parameters are obtained according to the target secret value and system parameters provided by a key generation center; receiving digital signature information sent by the sender; wherein the digital signature information is generated according to a target private key, the target secret value and the target parameter; and verifying the digital signature information according to the target parameter.
In an eighth aspect, an embodiment of the present application provides a computer storage medium, which stores a computer program, and when the computer program is executed by a computer, the computer program implements the signature method or the verification method.
In the embodiment of the application, when the sender generates the digital signature information, the target private key sent by the key generation center is needed, a target secret value selected by the sender, and a target parameter generated based on the target secret value and the system parameter are also needed. Therefore, the generated digital signature information does not only use the target private key sent by the key generation center any more, so that the situation that the key generation center forges the data signature information of the sender is effectively avoided, the situation that the key generation center sends data to an intended receiver on the name of the sender is effectively avoided, and the data safety is improved.
These and other aspects of the present application will be more readily apparent from the following description of the embodiments.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a diagram illustrating an application scenario in an actual application according to an embodiment of the present application;
FIG. 2a is a flow diagram illustrating one embodiment of a signature method provided herein;
FIG. 2b is a flow diagram illustrating another embodiment of a signature method provided herein;
FIG. 3 illustrates a flow diagram of one embodiment of a verification method provided herein;
FIG. 4a is a flow chart illustrating a signature method of the embodiment of the present application in a practical application;
FIG. 4b is a flow chart illustrating a signature method of the embodiment of the present application in another practical application;
FIG. 5 is a flow chart illustrating a verification method of the embodiment of the present application in one practical application;
FIG. 6 is a schematic diagram illustrating an embodiment of a signature device provided herein;
FIG. 7 is a schematic diagram illustrating the structure of one embodiment of the authentication device provided herein;
fig. 8 shows a schematic structural diagram of an embodiment of an electronic device provided by the present application.
Detailed Description
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.
In some of the flows described in the specification and claims of this application and in the above-described figures, a number of operations are included that occur in a particular order, but it should be clearly understood that these operations may be performed out of order or in parallel as they occur herein, the number of operations, e.g., 101, 102, etc., merely being used to distinguish between various operations, and the number itself does not represent any order of performance. Additionally, the flows may include more or fewer operations, and the operations may be performed sequentially or in parallel. It should be noted that, the descriptions of "first", "second", etc. in this document are used for distinguishing different messages, devices, modules, etc., and do not represent a sequential order, nor limit the types of "first" and "second" to be different.
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Fig. 1 shows an application scenario diagram in a practical application according to an embodiment of the present application. In the application scenario shown in fig. 1, a sender 101, a receiver 102, and a Key Generation Center (KGC) 103 are included; both the sender 101 and the receiver 102 establish a network connection with the key generation center KGC103, and the sender 101 and the receiver 102 establish a network connection. The sender 101 may be a terminal device on the data sending side, or the sender 101 may be a computer software program running on the terminal device on the data sending side. The receiver 102 may be a terminal device of the data receiving side, or the receiver 102 may be a computer software program running on a terminal device of the data receiving side. The terminal device includes but is not limited to a desktop computer, a smart phone, a tablet computer, an electronic reader, and an intelligent wearable device. Key generation center 103 may be a single server or a cluster of servers, or a computer software program running on a single server or a cluster of servers.
The key generation center KGC103 is responsible for generating system parameters required by the SM9 algorithm, and provides the system parameters to a terminal device, such as the sender 101 or the receiver 102.
In this embodiment, the system parameters required to implement the SM9 algorithm are determined based on actual traffic demands. For example, system parameters include, but are not limited to, one or more of the following: safety parameter z, positive integer N, first addition cycle group G1A second addition cyclic group G2Multiplication loop group GTThe first generator P1A second generator P2Bilinear mappingeHash function H1Master public key PPub-sAnd an encryption private key generation function identifier hid.
Wherein the security parameter z is used to declare the security strength of the SM9 algorithm. The key generation center may receive a security parameter z input by an administrator of the key generation center.
Wherein the bilinear pairings mape:G1×G2→GTI.e. from G1×G2To GTBilinear pair mapping.
Wherein the first generator P1Being a generator of the first addition cycle group, a second generator P2Is a generator of the second addition cycle group.
Wherein G is1、G2And GTAre all N, i.e. G1、G2Are all N-order addition cycle groups, GTIs an N factorial cyclic group.
Wherein the key generation center selects one byte to represent the encryption private key generation function identifier hid.
Wherein the key generation center is generating the master public key PPub-sFirstly, randomly selecting a main private key ks, wherein ks belongs to ZN *I.e. ks is in ZN *Is taken within the range of ZN *Has a value range of [1, N-1]]That is, ks can be any integer of {1,2, … N-1 }; then, according to the formula PPub-s=ks×P1Calculating the master public key PPub-s. It is noted that the master private key ks and the master public key PPub-sA key pair is composed.
Wherein a hash function H is assumed1Output result h of1,h1∈ZN *
Further description of the above system parameters can be found in the relevant standards document of the SM9 algorithm promulgated by the national crypto authority.
It is noted that the key generation center 103 may select the public security parameter z, the positive integer N, the first addition cycle group G1A second addition cyclic group G2Multiplication loop group GTThe first generator P1A second generator P2Bilinear mappingeHash function H1Master public key PPub-eAnd the encrypted private key generation function identifier hid and other system parameters, and the key generation center keeps secret for the main private key ks.
The system parameters disclosed by the key generation center 103 may be acquired by the terminal device, and the master private key ke kept secret by the key generation center may not be acquired by the terminal device. It will be appreciated that the system parameters that the key generation center sends to the sender 101 or the receiver 102 are disclosed system parameters and do not include secret system parameters (e.g., the master private key ks).
In addition, the key generation center 103 is also responsible for generating a corresponding private key and public key based on the user identity.
For example, the key generation center 103 may generate a target private key and a target public key for a sender on the data sending side based on the user identification of the user on the sending side, and provide the target private key and the target public key to the sender through a secure channel.
Suppose that the user ID of the sending user is IDATarget private key is denoted dsAThe target public key is denoted as PA-s. First, the key generation center 103 follows the formula t1={H1(IDACalculating t for | hid, N) + ks mod N1If t is1=0, then the master key pair needs to be regenerated, i.e. the key generation center regenerates the master private key ks and the master public key PPub-sUp to t1Not equal to 0; if t1Not equal to 0, then according to the formula t2=(t1 -1×ks) modN; then, according to the formula dsA=t2×P1Calculating a target private key dsA. Then, according to the formula PA-s= t1×P2=H1(IDA||hid,N)×P2+PPub-sComputing a target public key PA-s
The sender 101 generates digital signature information and sends the digital signature information to the receiver 102; the receiver 102 verifies the digital signature information to confirm that the received service data originated from the sender 101.
In practical applications, the sender 101 may request the key generation center to obtain the target private key and the system parameters, select a new target secret value and generate a new target parameter, perform digital signature based on the new target secret value and the new target parameter, and provide the new target parameter to the receiver 102, so that the receiver 102 performs digital signature verification based on the new target parameter. For ease of understanding, the above-described signature method is described in detail in conjunction with fig. 2 a.
Fig. 2a shows a flow chart of an embodiment of a signature method provided by the present application. The main execution body of the method is the sender 101. Referring to fig. 2a, the signature method may include the steps of:
201. and acquiring a target private key and system parameters provided by a key generation center.
202. Any positive integer is selected as the target secret value.
Assume that the target secret value is notedx A-sWherein, in the step (A),x A-s∈ZN *i.e. byx A-sIs ZN *Value range of [1, N-1]]Any positive integer selected from.
Further, to further improve data security, the sender 101 may randomly choose a positive integer from [1, N-1] as the target secret value.
203. And generating a target parameter according to the target secret value and the system parameter, and sending the target parameter to a receiving party.
Illustratively, in generating the target parameterThen, the first addition cycle group G in the system parameters can be utilized1First generator P of1. Assume target parameter is denoted as PKA-sWherein, PKA-s=x A-s×P1
After generating the target parameter, the transmission side 101 generates digital signature information corresponding to the transmission side 101 using the target parameter. In addition, in order to ensure that the receiver 102 can normally perform the signature verification operation, the target parameter also needs to be sent to the receiver 102.
204. And generating digital signature information according to the target private key, the target secret value and the target parameter, and sending the digital signature information to a receiver so that the receiver verifies the digital signature information according to the target parameter.
It should be noted that the sender 101 may send the target parameter and the digital signature information to the receiver 102 at the same time; or the target parameter can be sent to the receiver 102 first, and then the digital signature information is sent to the receiver 102; the digital signature information may also be sent to the receiving party 102 first, and then the target parameter is sent to the receiving party 102, which is not limited in this embodiment of the application.
In the embodiment of the application, when the sender generates the digital signature information, the target private key sent by the key generation center, the target secret value selected by the sender, and the target parameter generated based on the target secret value and the system parameter are needed. Therefore, the generated digital signature information does not only use the target private key sent by the key generation center any more, so that the situation that the key generation center forges the data signature information of the sender is effectively avoided, the situation that the key generation center sends data to an intended receiver on the name of the sender is effectively avoided, and the data safety is improved.
In some embodiments, the system parameters include: a master public key; the "generating digital signature information from the target private key, the target secret value, and the target parameter" may include: carrying out bilinear mapping on the main public key and the target parameter to obtain a first result; randomly selecting a random number; generating first digital signature information according to the random number and the first result; and subtracting the modulus operation result of the first digital signature information from the random number to obtain a second result. Judging whether the second result is zero or not; and if the second result is not zero, generating second digital signature information according to the second result, the target secret value and the target private key. If the second result is zero, returning to the step of randomly selecting the random number for re-execution.
Exemplarily, assuming that the first result is denoted as g, the sender follows the formula g =e(PKA-s,PPub-s) A calculation is performed to obtain a first result.
Assuming that the random number is r, the sender randomly selects a random number r, wherein r belongs to ZN *I.e. r is ZN *Value range of [0, N-1]]Any positive integer selected from.
Assuming that the first digital signature information is denoted by h, and the second result is denoted by l, the sender performs calculation according to the formula l = (r-h) modN to obtain the second result, where modN represents performing modulo N operation.
Assuming that the second digital signature information is denoted as S, the sender follows the formula S =x A-s×l×dsAA calculation is performed to generate second digital signature information.
In some embodiments, the system parameters further include: the order; the "generating the first digital signature information from the random number and the first result" may include: acquiring service data to be sent to a receiver; performing power operation on the first result according to the random number to obtain a third result; and obtaining a first splicing result of the service data and the third result, and performing hash operation on the first splicing result and the order to obtain first digital signature information.
For example, assume that the traffic data is denoted as m and the third result is denoted as w.
The sender follows the formula w = grPerforming an exponentiation operation to obtain a third result, and converting w into w in the form of a bit string.
The sender follows the formula H = H1And (m | | w, N) calculating the first digital signature information h. And m | | w represents a first splicing result obtained by splicing the service data m and the third result w. N denotes a system parameterThe order of (1).
In some embodiments, before generating the target parameter according to the target secret value and the system parameter, the method may further include: acquiring a target public key corresponding to a sender and provided by a key generation center; verifying whether the target private key and the target public key meet the validity requirement; and if the target private key and the target public key both meet the validity requirement, executing a step of generating a target parameter according to the target secret value and a first generating element of a first addition cycle group in the system parameter.
In practical applications, the trusted key generation center may be attacked, resulting in the key generation center providing an invalid target private key and target public key. Therefore, before the sender generates the digital signature information, the validity of the target private key and the target public key provided by the key generation center is verified to confirm the credibility of the key generation center, and the data security can be further improved.
It is to be noted that, when the sender determines that the target private key and the target public key do not satisfy the validity requirement, the digital signature operation is no longer performed, and the data sending operation is no longer performed.
In some embodiments, "verifying whether the target private key and the target public key meet the validity requirements" may include: carrying out bilinear mapping on the first generator and the main public key in the system parameter to obtain a fourth result; performing bilinear pairing mapping on the target private key and the target public key to obtain a fifth result; if the fourth result is equal to the fifth result, the target private key and the target public key meet the validity requirement; and if the fourth result is not equal to the fifth result, the target private key and the target public key do not meet the validity requirement.
Assume that the target private key is denoted dsAAnd the target public key is marked as PA-s. Sender authenticatione(dsA,PA-s)=e(P1,PPub-s) And if so, determining that the target private key and the target public key meet the validity requirement. If not, determining that the target private key and the target public key do not meet the validity requirement.
In practical applications, the sender 101 may also store the target private key, the target secret value, and the target parameter obtained in response to the signing request locally when receiving the signing request at any time, and notify the receiver 102 that the corresponding target parameter is also stored locally. When the sender 101 receives a subsequent signing request, whether a target private key, a target secret value and a target parameter are locally stored is firstly inquired, if the inquiry result is negative, the sender 101 provides the target private key and the system parameter to the key generation center, selects a new target secret value and generates a new target parameter, carries out digital signing on the basis of the new target private key and the new target parameter, and provides the new target parameter to the receiver 102, so that the receiver 102 carries out digital signature verification on the basis of the new target parameter. If the query result is yes, the sender 101 obtains a locally stored target private key, a target secret value and a target parameter, and performs digital signature based on the locally stored target secret value and the target parameter.
For ease of understanding, the above signature method is described in conjunction with fig. 2 b.
Fig. 2b shows a flow chart of another embodiment of the signature method provided in the present application. The main execution body of the method is the sender 101. Referring to fig. 2b, the signature method may include the steps of:
11. responding to the received signature request, searching whether a target private key, a target secret value and a target parameter are locally stored, if the query result is negative, executing the step 12, and if the query result is positive, executing the step 16;
12. and acquiring a target private key and system parameters provided by a key generation center, and locally storing the target private key.
13. Any positive integer is selected as a target secret value, and the target secret value is stored locally.
14. And generating target parameters according to the target secret value and the system parameters, locally storing the target parameters, and sending the target parameters to a receiving party.
15. And generating digital signature information according to the target private key, the target secret value and the target parameter, and sending the digital signature information to the receiver so that the receiver verifies the digital signature information according to the target parameter.
16. And acquiring a locally stored target private key, a target secret value and a target parameter.
17. And generating digital signature information according to the target private key, the target secret value and the target parameter, and sending the digital signature information to the receiver so that the receiver verifies the digital signature information according to the target parameter.
It should be noted that the receiver performs digital signature verification according to the latest target parameters sent by the sender. When receiving the latest target parameter sent by the sender, the receiver locally stores the latest target parameter so as to carry out verification by using the latest target parameter when receiving a verification request again in the following.
In some embodiments, the system parameters include: a master public key; the "generating digital signature information from the target private key, the target secret value, and the target parameter" may include: carrying out bilinear mapping on the main public key and the target parameter to obtain a first result; randomly selecting a random number; generating first digital signature information according to the random number and the first result; and subtracting the modulus operation result of the first digital signature information from the random number to obtain a second result. Judging whether the second result is zero or not; and if the second result is not zero, generating second digital signature information according to the second result, the target secret value and the target private key. If the second result is zero, returning to the step of randomly selecting the random number for re-execution.
Exemplarily, assuming that the first result is denoted as g, the sender follows the formula g =e(PKA-s,PPub-s) A calculation is performed to obtain a first result.
Assuming that the random number is r, the sender randomly selects a random number r, wherein r belongs to ZN *I.e. r is ZN *Value range of [1, N-1]]Any positive integer selected from.
Assuming that the first digital signature information is denoted by h, and the second result is denoted by l, the sender performs calculation according to the formula l = (r-h) modN to obtain the second result, where modN represents performing modulo N operation.
Assuming that the second digital signature information is denoted as S, the sender follows the formula S =x A-s×l×dsAA calculation is performed to generate second digital signature information.
In some embodiments, the system parameters further include: the order; the "generating the first digital signature information from the random number and the first result" may include: acquiring service data to be sent to a receiver; performing power operation on the first result according to the random number to obtain a third result; and obtaining a first splicing result of the service data and the third result, and performing hash operation on the first splicing result and the order to obtain first digital signature information.
For example, assume that the traffic data is denoted as m and the third result is denoted as w.
The sender follows the formula w = grPerforming an exponentiation operation to obtain a third result, and converting w into w in the form of a bit string.
The sender follows the formula H = H1And (m | | w, N) calculating the first digital signature information h. And m | | w represents a first splicing result obtained by splicing the service data m and the third result w. N represents the order in the system parameters.
In some embodiments, before generating the target parameter according to the target secret value and the system parameter, the method may further include: acquiring a target public key corresponding to a sender and provided by a key generation center; verifying whether the target private key and the target public key meet the validity requirement; and if the target private key and the target public key both meet the validity requirement, executing a step of generating a target parameter according to the target secret value and a first generating element of a first addition cycle group in the system parameter.
In practical applications, the trusted key generation center may be attacked, resulting in the key generation center providing an invalid target private key and target public key. Therefore, before the sender generates the digital signature information, the validity of the target private key and the target public key provided by the key generation center is verified to confirm the credibility of the key generation center, and the data security can be further improved.
It is to be noted that, when the sender determines that the target private key and the target public key do not satisfy the validity requirement, the digital signature operation is no longer performed, and the data sending operation is no longer performed.
In some embodiments, "verifying whether the target private key and the target public key meet the validity requirements" may include: carrying out bilinear mapping on the first generator and the main public key in the system parameter to obtain a fourth result; performing bilinear pairing mapping on the target private key and the target public key to obtain a fifth result; if the fourth result is equal to the fifth result, the target private key and the target public key meet the validity requirement; and if the fourth result is not equal to the fifth result, the target private key and the target public key do not meet the validity requirement.
Assume that the target private key is denoted dsAAnd the target public key is marked as PA-s. Sender authenticatione(dsA,PA-s)=e(P1,PPub-s) And if so, determining that the target private key and the target public key meet the validity requirement. If not, determining that the target private key and the target public key do not meet the validity requirement.
FIG. 3 shows a flow diagram of one embodiment of a verification method provided herein. The subject of the method is the recipient 102. Referring to fig. 3, the authentication method may include the steps of:
301. and acquiring the target parameters sent by the sender.
302. And receiving the digital signature information sent by the sender.
303. And verifying the digital signature information according to the target parameters.
Wherein the target parameter is obtained according to the target secret value and the system parameter provided by the key generation center. For the generation manner of the target parameter, reference is made to the foregoing content, and details are not repeated here.
The digital signature information is generated according to a target private key, a target secret value and a target parameter. For the manner of generating the digital signature information by the sender, reference is made to the foregoing content, and details are not described herein.
In the data transmission process, a sender sends service data to a receiver, and meanwhile, in order to improve data security, the sender generates digital signature information and target parameters and sends the digital signature information and the target parameters to the receiver. And the receiver verifies the digital signature information by using the target parameter, if the verification is passed, the receiver determines that the received service data is from the sender, and if the verification is not passed, the receiver determines that the received service data is not from the sender.
In the embodiment of the application, the receiver verifies the digital signature information by using the target parameter sent by the sender, so that whether the received service data comes from the sender can be effectively discriminated, and the data security is improved.
In some embodiments, the digital signature information includes first digital signature information and second digital signature information; the "verifying the digital signature information according to the target parameter" may include: acquiring system parameters provided by a key generation center; generating third digital signature information according to the system parameters, the target parameters, the first digital signature information and the second digital signature information; if the third digital signature information is equal to the first digital signature information, determining that the digital signature information is legal; and if the third digital signature information is not equal to the first digital signature information, determining that the digital signature information is illegal.
In some embodiments, the system parameters include at least: the master public key, the order, the encryption key generation function identifier and a second generation element of a second addition cycle group; the "generating the third digital signature information according to the system parameter, the target parameter, the first digital signature information, and the second digital signature information" may include: acquiring a sending side user identity corresponding to a sender, and acquiring service data sent by the sender; carrying out bilinear pairing mapping on the main public key and the target parameter to obtain a sixth result; performing power operation on the sixth result according to the first digital signature information to obtain a seventh result; acquiring a second splicing result of the user identity identifier and the encryption key generation function identifier at the splicing sending side, and performing hash operation on the second splicing result and the order to obtain an eighth result; generating an intermediate master public key according to the eighth result, the master public key and the second generator; carrying out bilinear pairing mapping on the intermediate master public key and the second digital signature information to obtain a ninth result; multiplying the seventh result and the ninth result to obtain a tenth result; and obtaining a third splicing result of the service data and the tenth result, and performing hash operation on the third splicing result and the order to obtain third digital signature information.
Suppose that the service data received by the receiving side is recorded as m, and the digital signature information received by the receiving side from the sending side is recorded as (h, S). Wherein h is the first digital signature information, and S is the second digital signature information.
The receiving party follows the formula g =e(PKA-s,PPub-s) A calculation is performed to obtain a sixth result g.
The receiving party follows the formula t = ghA calculation is performed to obtain a seventh result t.
The receiving party follows the formula h1=H1(IDA| hid, N) to obtain an eighth result h1
The receiving party follows the formula P = h1×P2+PPub-sA calculation is performed to obtain the intermediate master public key P.
The receiving party follows the formula u =e(S, P) to obtain a ninth result u.
The receiving side performs calculation according to the formula w '= u × t to obtain a tenth result w'.
The receiving party follows the formula h2=H1(m | | w', N) to obtain third digital signature information h2
Receiver authentication h2If yes, determining that the received data is sent by a sender; if not, the received data is determined not to be sent by the sender.
In some embodiments, before verifying the digital signature information according to the target parameter, the method may further include: it is determined that the first digital signature information belongs to a preset positive integer, and that the second digital signature information belongs to an element in the first group of addition cycles.
Examples of the inventionSex, the predetermined positive integer being ZN *Value range of [1, N-1]]Any positive integer therein. Receiver authentication h e ZN *Whether the first digital signature information h is established or not is determined, and if the first digital signature information h is established, the first digital signature information h belongs to a preset positive integer; if the first digital signature information h does not belong to the preset positive integer, determining that the first digital signature information h does not belong to the preset positive integer.
It is understood that the first digital signature information h is determined not to belong to the preset positive integer or the second digital signature information S is determined not to belong to the first addition cycle group G1When the element is in (1), the receiver determines that the received service data is unsafe, and ends the signature verification operation, thereby improving the signature verification efficiency.
The receiver can convert the second digital signature information S into a point on the elliptic curve and verify that S belongs to G1If yes, determining that the second digital signature information S belongs to the first addition cycle group G1And continuing to verify subsequent steps in the method; if not, determining that the second digital signature information S does not belong to the first addition cyclic group G1If the element in (1) is the element in (b), ending the verification method and prompting error information.
Fig. 4a shows a flowchart of a signature method in an actual application according to the embodiment of the present application. The execution main body of the method is a sender on the data sending side. The meanings of the symbols in the present embodiment refer to the descriptions of the above embodiments, and are not described herein again.
Referring to fig. 4a, the signature method may include the steps of:
401. the sender obtains the required system parameters from the key generation center.
402. The sender obtains a target private key ds from a key generation centerAAnd a target public key PA-s
The sender 403 verifies the validity of the target private key and the target public key. If the verification is passed, step 404 is executed, and if the verification is not passed, the process is ended.
In particular, sender authenticatione(dsA,PA-s)=e(P1,PPub-s) If yes, determining the targetThe private key and the target public key satisfy validity requirements. If not, determining that the target private key and the target public key do not meet the validity requirement.
404. Sender randomly selects target secret valuex A-s
Wherein the content of the first and second substances,x A-s∈ZN *i.e. byx A-sIs ZN *Value range of [1, N-1]]Any positive integer selected from.
405. Sender generation of target parameters PKA-sAnd applying the target parameter PKA-sAnd sending the data to a receiving party.
Wherein, PKA-s=x A-s×P1
406. The sender follows the formula g =e(PKA-s,PPub-s) A calculation is performed to obtain a first result g.
Wherein G ∈ GTI.e. G is the multiplication cycle group GTAnd (5) medium element.
407. The sender randomly selects a random number r.
Wherein r ∈ ZN *I.e. r is ZN *Value range of [1, N-1]]Any positive integer selected from.
408. The sender follows the formula w = grA calculation is performed to obtain a third result w, and w is converted to w in the form of a bit string.
409. The sender follows the formula H = H1And (m | | w, N) calculating to obtain the first digital signature information h.
410. The sender calculates according to the formula l = (r-h) modN to obtain a second result l, and if l =0, the sender returns to execute step 407; if l ≠ 0, executing step 411;
411. the sender follows the formula S =x A-s×l×dsAA calculation is performed to obtain the second digital signature information S.
412. The transmitting side outputs data signature information (h, S).
Fig. 4b is a flowchart illustrating a signature method in another practical application of the embodiment of the present application. The execution main body of the method is a sender on the data sending side. The meanings of the symbols in the present embodiment refer to the descriptions of the above embodiments, and are not described herein again. Referring to fig. 4b, the signature method may include the steps of:
21. the sender responds to the received signature request, searches whether a target private key, a target secret value and a target parameter are locally stored, and if not, executes the step 22; if so, go to step 34.
22. The sender obtains the required system parameters from the key generation center.
23. The sender obtains a target private key ds from a key generation centerAAnd a target public key PA-s
24. The sender verifies the validity of the target private key and the target public key. If the verification is passed, step 25 is executed, and if the verification is not passed, the process is ended.
In particular, sender authenticatione(dsA,PA-s)=e(P1,PPub-s) And if so, determining that the target private key and the target public key meet the validity requirement. If not, determining that the target private key and the target public key do not meet the validity requirement.
25. Sender randomly selects target secret valuex A-sAnd saving the target secret value locallyx A-sAnd the target private key dsA
Wherein the content of the first and second substances,x A-s∈ZN *i.e. byx A-sIs ZN *Value range of [1, N-1]]Any positive integer selected from.
26. Sender generation of target parameters PKA-sAnd saving the target parameter PK locallyA-sAnd applying the target parameter PKA-sAnd sending the data to a receiving party.
Wherein, PKA-s=x A-s×P1
27. The sender follows the formula g =e(PKA-s,PPub-s) A calculation is performed to obtain a first result g.
Wherein G ∈ GTI.e. G is the multiplication cycle group GTAnd (5) medium element.
28. The sender randomly selects a random number r.
Wherein r ∈ ZN *I.e. r is ZN *Value range of [0, N-1]]Any positive integer selected from.
29. The sender follows the formula w = grA calculation is performed to obtain a third result w, and w is converted to w in the form of a bit string.
30. The sender follows the formula H = H1And (m | | w, N) calculating to obtain the first digital signature information h.
31. The sender calculates according to the formula l = (r-h) modN to obtain a second result l, and if l =0, the sender returns to execute step 28; if l ≠ 0, executing step 32;
32. the sender follows the formula S =x A-s×l×dsAA calculation is performed to obtain the second digital signature information S.
33. The transmitting side outputs data signature information (h, S).
34. And the sender acquires a locally stored target private key, a target secret value and a target parameter.
35. And the sender generates digital signature information according to the target private key, the target secret value and the target parameter, and outputs the data signature information (h, S).
Fig. 5 is a flowchart illustrating a verification method in an actual application according to an embodiment of the present application. The execution subject of the method is a receiving party of a data transmitting side. The meanings of the symbols in the present embodiment refer to the descriptions of the above embodiments, and are not described herein again.
As shown in fig. 5, the verification method provided in this embodiment may include the following steps:
501. receiver authentication h e ZN *If true, go to step 502, otherwise, end.
502. Receiver authentication S e G1If true, step 503 is executed, otherwise, the process is ended.
Wherein S ∈ G1That is, S is the first addition cycle group G1Of (1).
503. The receiving party follows the formula g =e(PKA-s,PPub-s) A calculation is performed to obtain a sixth result g.
Wherein G ∈ GTI.e. G is the multiplication cycle group GTOf (1).
504. The receiving party follows the formula t = ghA calculation is performed to obtain a seventh result t.
Wherein t ∈ GTI.e. t is the multiplication cycle group GTOf (1).
505. The receiving party follows the formula h1=H1(IDA| hid, N) to obtain an eighth result h1
506. The receiving party follows the formula P = h1×P2+PPub-sA calculation is performed to obtain the intermediate master public key P.
507. The receiving party follows the formula u =e(S, P) to obtain a ninth result u.
508. The receiving side performs calculation according to the formula w '= uxt to obtain a tenth result w', and converts w 'into w' in the form of a bit string.
509. The receiving party follows the formula h2=H1(m | | w', N) to obtain third digital signature information h2
510. Receiver authentication h2If yes, determining that the received data is sent by a sender; if not, the received data is determined not to be sent by the sender.
Fig. 6 shows a schematic structural diagram of an embodiment of a signature device provided in the present application. Referring to fig. 6, the signature apparatus may include:
an obtaining module 601, configured to obtain a target private key and system parameters provided by a key generation center;
a processing module 602, configured to select any positive integer as a target secret value; generating a target parameter according to the target secret value and the system parameter, and sending the target parameter to a receiving party; and generating digital signature information according to the target private key, the target secret value and the target parameter, and sending the digital signature information to the receiver so that the receiver verifies the digital signature information according to the target parameter.
In some embodiments, the system parameters include: a master public key; the specific steps of the processing module 602 generating the digital signature information according to the target private key, the target secret value and the target parameter are:
carrying out bilinear pairing mapping on the main public key and the target parameter to obtain a first result; randomly selecting a random number; generating first digital signature information according to the random number and the first result; subtracting a modulus operation result of the first digital signature information from the random number to obtain a second result; judging whether the second result is zero or not; and if the second result is not zero, generating second digital signature information according to the second result, the target secret value and the target private key.
In some embodiments, the system parameters further include: the order; the processing module 602, according to the random number and the first result, generates first digital signature information specifically:
acquiring service data to be sent to the receiver; performing power operation on the first result according to the random number to obtain a third result; and obtaining a first splicing result of the service data and the third result, and performing hash operation on the first splicing result and the order to obtain the first digital signature information.
In some embodiments, the processing module 602 is further configured to: and if the second result is zero, returning to the step of randomly selecting the random number for re-execution.
In some embodiments, before generating the target parameter according to the target secret value and the system parameter, the processing module 602 is further configured to trigger the obtaining module 601 to obtain a target public key corresponding to the sender and provided by the key generation center;
the processing module 602 is further configured to: receiving a target public key sent by the obtaining module 601; verifying whether the target private key and the target public key meet the validity requirement; and if the target private key and the target public key both meet the validity requirement, executing a step of generating a target parameter according to the target secret value and a first generator of a first addition cycle group in the system parameter.
In some embodiments, the specific steps of the processing module 602 verifying whether the target private key and the target public key meet the validity requirement are: carrying out bilinear mapping on the first generator and the main public key in the system parameter to obtain a fourth result; performing bilinear pairing mapping on the target private key and the target public key to obtain a fifth result; if the fourth result is equal to the fifth result, the target private key and the target public key meet the validity requirement; if the fourth result is not equal to the fifth result, the target private key and the target public key do not meet the validity requirement.
The signature apparatus in fig. 6 may perform the signature method in the embodiment shown in fig. 2a, and the implementation principle and the technical effect are not described again. The specific manner in which each module and unit of the verification apparatus in the above embodiments perform operations has been described in detail in the embodiments related to the method, and will not be described in detail herein.
In addition, the signature apparatus of fig. 6 may also perform the signature method of the embodiment shown in fig. 2 b. When the signing method of the embodiment shown in fig. 2b is executed, the obtaining module 601 is configured to, in response to receiving a signing request, search whether a target private key, a target secret value, and a target parameter are locally stored; if the query result is negative, the target private key and the system parameters provided by the key generation center are obtained, and the target private key is stored locally.
A processing module 602, configured to select any positive integer as a target secret value, and locally store the target secret value; generating target parameters according to the target secret value and the system parameters, storing the target parameters locally, and sending the target parameters to a receiving party; and generating digital signature information according to the target private key, the target secret value and the target parameter, and sending the digital signature information to the receiver so that the receiver verifies the digital signature information according to the target parameter.
In some embodiments, if the query result is yes, the obtaining module 601 is further configured to obtain a locally stored target private key, a target secret value, and a target parameter.
A processing module 602, configured to generate digital signature information according to the target private key, the target secret value, and the target parameter, and send the digital signature information to the receiving party, so that the receiving party verifies the digital signature information according to the target parameter.
Fig. 7 shows a schematic structural diagram of an embodiment of the authentication device provided in the present application. Referring to fig. 7, the authentication apparatus may include:
an obtaining module 701, configured to obtain a target parameter sent by a sender; the target parameters are obtained according to the target secret value and system parameters provided by a key generation center; receiving digital signature information sent by the sender; wherein the digital signature information is generated according to a target private key, the target secret value and the target parameter;
a processing module 702, configured to verify the digital signature information according to the target parameter.
In some embodiments, the digital signature information comprises first digital signature information and second digital signature information;
the specific steps of the processing module 702 verifying the digital signature information according to the target parameter are:
acquiring system parameters provided by the key generation center; generating third digital signature information according to the system parameter, the target parameter, the first digital signature information and the second digital signature information; if the third digital signature information is equal to the first digital signature information, determining that the digital signature information is legal; and if the third digital signature information is not equal to the first digital signature information, determining that the digital signature information is illegal.
In some embodiments, the system parameters include at least: the master public key, the order, the encryption key generation function identifier and a second generation element of a second addition cycle group;
the step of generating, by the processing module 702, third digital signature information according to the system parameter, the target parameter, the first digital signature information, and the second digital signature information specifically includes: acquiring a sending side user identity corresponding to the sender, and acquiring service data sent by the sender; carrying out bilinear pairing mapping on the main public key and the target parameter to obtain a sixth result; performing power operation on the fourth result according to the first digital signature information to obtain a seventh result; acquiring a second splicing result for splicing the user identity identifier at the sending side and the encryption key generation function identifier, and performing hash operation on the second splicing result and the order to obtain an eighth result; generating an intermediate master public key according to the eighth result, the master public key and the second generator; carrying out bilinear pairing mapping on the intermediate master public key and the second digital signature information to obtain a ninth result; multiplying the seventh result and the ninth result to obtain a tenth result; and acquiring a third splicing result of the service data and the tenth result, and performing hash operation on the third splicing result and the order to obtain the third digital signature information.
In some embodiments, the processing module 702, before verifying the digital signature information according to the target parameter, is further configured to: determining that the first digital signature information belongs to a preset positive integer, and determining that the second digital signature information belongs to an element in a first addition cyclic group.
The verification apparatus in fig. 7 may perform the verification method in the embodiment shown in fig. 3, and the implementation principle and the technical effect are not described again. The specific manner in which each module and unit of the verification apparatus in the above embodiments perform operations has been described in detail in the embodiments related to the method, and will not be described in detail herein.
In one possible design, the signature apparatus of the embodiment shown in fig. 6 or the verification apparatus of the embodiment shown in fig. 7 may be implemented as an electronic device, as shown in fig. 8, which may include a storage component 801 and a processing component 802;
the storage component 801 stores one or more computer instructions for execution invoked by the processing component.
The processing component 802 is configured to:
acquiring a target private key and system parameters provided by a key generation center; selecting any positive integer as a target secret value; generating a target parameter according to the target secret value and the system parameter, and sending the target parameter to a receiving party; generating digital signature information according to the target private key, the target secret value and the target parameter, and sending the digital signature information to the receiving party so that the receiving party verifies the digital signature information according to the target parameter, or,
the processing component 802 is configured to:
searching whether a target private key, a target secret value and a target parameter are locally stored or not in response to receiving the signature request; if the query result is negative, acquiring a target private key and system parameters provided by a key generation center, and locally storing the target private key; selecting any positive integer as a target secret value, and locally storing the target secret value; generating target parameters according to the target secret value and the system parameters, storing the target parameters locally, and sending the target parameters to a receiving party; generating digital signature information according to the target private key, the target secret value and the target parameter, and sending the digital signature information to the receiving party so that the receiving party verifies the digital signature information according to the target parameter; alternatively, the first and second electrodes may be,
the processing component 802 is configured to:
acquiring target parameters sent by a sender; the target parameters are obtained according to the target secret value and system parameters provided by a key generation center; receiving digital signature information sent by the sender; wherein the digital signature information is generated according to a target private key, the target secret value and the target parameter; and verifying the digital signature information according to the target parameter.
The processing component 802 may include one or more processors executing computer instructions to perform all or some of the steps of the methods described above. Of course, the processing elements may also be implemented as one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors or other electronic components configured to perform the above-described methods.
The storage component 801 is configured to store various types of data to support operations at the terminal. The memory components may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.
The electronic device may further include a display component 803, and the display component 803 may be an electronic light Emitting (EL) element, a liquid crystal display or a microdisplay having a similar structure, or a laser scanning display where the retina can directly display or the like.
Of course, the electronic device may of course also comprise other components, such as input/output interfaces, communication components, etc.
The input/output interface provides an interface between the processing components and peripheral interface modules, which may be output devices, input devices, etc.
The communication component is configured to facilitate wired or wireless communication between the electronic device and other devices, and the like.
The electronic device may be a physical device or an elastic computing host provided by a cloud computing platform, and the electronic device may be a cloud server, and the processing component, the storage component, and the like may be basic server resources rented or purchased from the cloud computing platform.
An embodiment of the present application further provides a computer-readable storage medium, which stores a computer program, and when the computer program is executed by a computer, the signature method in the embodiment shown in fig. 2 or the verification method in the embodiment shown in fig. 3 may be implemented.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.

Claims (15)

1. A signature method, comprising:
acquiring a target private key and system parameters provided by a key generation center;
selecting any positive integer as a target secret value;
generating a target parameter according to the target secret value and the system parameter, and sending the target parameter to a receiving party;
generating digital signature information according to the target private key, the target secret value and the target parameter, and sending the digital signature information to the receiving party so that the receiving party verifies the digital signature information according to the target parameter;
wherein the system parameters include: a master public key;
generating digital signature information according to the target private key, the target secret value and the target parameter, including:
carrying out bilinear pairing mapping on the main public key and the target parameter to obtain a first result;
randomly selecting a random number;
generating first digital signature information according to the random number and the first result;
subtracting a modulus operation result of the first digital signature information from the random number to obtain a second result;
judging whether the second result is zero or not;
and if the second result is not zero, generating second digital signature information according to the second result, the target secret value and the target private key.
2. The method of claim 1, wherein the system parameters further comprise: the order;
generating first digital signature information according to the random number and the first result, including:
acquiring service data to be sent to the receiver;
performing power operation on the first result according to the random number to obtain a third result;
and obtaining a first splicing result of the service data and the third result, and performing hash operation on the first splicing result and the order to obtain the first digital signature information.
3. The method of claim 1, further comprising:
and if the second result is zero, returning to the step of randomly selecting the random number for re-execution.
4. The method of claim 1, further comprising, prior to generating target parameters from the target secret value and the system parameters:
acquiring a target public key corresponding to a sender, which is provided by the key generation center;
verifying whether the target private key and the target public key meet the validity requirement;
and if the target private key and the target public key both meet the validity requirement, executing a step of generating a target parameter according to the target secret value and a first generator of a first addition cycle group in the system parameter.
5. The method of claim 4, wherein verifying whether the target private key and the target public key meet validity requirements comprises:
carrying out bilinear mapping on the first generator and the main public key in the system parameter to obtain a fourth result;
performing bilinear pairing mapping on the target private key and the target public key to obtain a fifth result;
if the fourth result is equal to the fifth result, the target private key and the target public key meet the validity requirement;
if the fourth result is not equal to the fifth result, the target private key and the target public key do not meet the validity requirement.
6. A signature method, comprising:
searching whether a target private key, a target secret value and a target parameter are locally stored or not in response to receiving the signature request;
if the query result is negative, acquiring a target private key and system parameters provided by a key generation center, and locally storing the target private key;
selecting any positive integer as a target secret value, and locally storing the target secret value;
generating target parameters according to the target secret value and the system parameters, storing the target parameters locally, and sending the target parameters to a receiving party;
generating digital signature information according to the target private key, the target secret value and the target parameter, and sending the digital signature information to the receiving party so that the receiving party verifies the digital signature information according to the target parameter;
wherein the system parameters include: a master public key;
generating digital signature information according to the target private key, the target secret value and the target parameter, including:
carrying out bilinear pairing mapping on the main public key and the target parameter to obtain a first result;
randomly selecting a random number;
generating first digital signature information according to the random number and the first result;
subtracting a modulus operation result of the first digital signature information from the random number to obtain a second result;
judging whether the second result is zero or not;
and if the second result is not zero, generating second digital signature information according to the second result, the target secret value and the target private key.
7. The method of claim 6, further comprising:
if the query result is yes, acquiring a locally stored target private key, a target secret value and a target parameter;
and generating digital signature information according to the target private key, the target secret value and the target parameter, and sending the digital signature information to the receiver so that the receiver verifies the digital signature information according to the target parameter.
8. A method of authentication, comprising:
acquiring target parameters sent by a sender; the target parameter is obtained according to a target secret value and a system parameter provided by a key generation center, wherein the target secret value is any positive integer selected by the sender;
receiving digital signature information sent by the sender; wherein the digital signature information is generated according to a target private key, the target secret value and the target parameter;
verifying the digital signature information according to the target parameter;
the digital signature information comprises first digital signature information and second digital signature information;
verifying the digital signature information according to the target parameter, comprising:
acquiring system parameters provided by the key generation center;
generating third digital signature information according to the system parameter, the target parameter, the first digital signature information and the second digital signature information;
if the third digital signature information is equal to the first digital signature information, determining that the digital signature information is legal;
if the third digital signature information is not equal to the first digital signature information, determining that the digital signature information is illegal;
the step of generating, by the sender, the digital signature information according to the target private key, the target secret value, and the target parameter specifically includes:
carrying out bilinear mapping on the main public key and the target parameter to obtain a first result;
randomly selecting a random number;
generating first digital signature information according to the random number and the first result;
subtracting a modulus operation result of the first digital signature information from the random number to obtain a second result;
judging whether the second result is zero or not;
and if the second result is not zero, generating second digital signature information according to the second result, the target secret value and the target private key.
9. The method of claim 8, wherein the system parameters comprise at least: the master public key, the order, the encryption key generation function identifier and a second generation element of a second addition cycle group;
generating third digital signature information according to the system parameter, the target parameter, the first digital signature information and the second digital signature information, including:
acquiring a sending side user identity corresponding to the sender, and acquiring service data sent by the sender;
carrying out bilinear pairing mapping on the main public key and the target parameter to obtain a sixth result;
performing power operation on the sixth result according to the first digital signature information to obtain a seventh result;
acquiring a second splicing result for splicing the user identity identifier at the sending side and the encryption key generation function identifier, and performing hash operation on the second splicing result and the order to obtain an eighth result;
generating an intermediate master public key according to the eighth result, the master public key and the second generator;
carrying out bilinear pairing mapping on the intermediate master public key and the second digital signature information to obtain a ninth result;
multiplying the seventh result and the ninth result to obtain a tenth result;
and acquiring a third splicing result of the service data and the tenth result, and performing hash operation on the third splicing result and the order to obtain the third digital signature information.
10. The method according to any one of claims 8 to 9, further comprising, before verifying the digitally signed message according to the target parameter:
determining that the first digital signature information belongs to a preset positive integer, and determining that the second digital signature information belongs to an element in a first addition cyclic group.
11. A signature device, comprising:
the acquisition module is used for acquiring a target private key and system parameters provided by the key generation center;
the processing module is used for selecting any positive integer as a target secret value; generating a target parameter according to the target secret value and the system parameter, and sending the target parameter to a receiving party; generating digital signature information according to the target private key, the target secret value and the target parameter, and sending the digital signature information to the receiving party so that the receiving party verifies the digital signature information according to the target parameter;
wherein the system parameters include: a master public key;
when the processing module generates digital signature information according to the target private key, the target secret value and the target parameter, the processing module is specifically configured to:
carrying out bilinear pairing mapping on the main public key and the target parameter to obtain a first result;
randomly selecting a random number;
generating first digital signature information according to the random number and the first result;
subtracting a modulus operation result of the first digital signature information from the random number to obtain a second result;
judging whether the second result is zero or not;
and if the second result is not zero, generating second digital signature information according to the second result, the target secret value and the target private key.
12. A signature device, comprising:
the acquisition module is used for responding to the received signature request and searching whether a target private key, a target secret value and a target parameter are locally stored or not; if the query result is negative, acquiring a target private key and system parameters provided by a key generation center, and locally storing the target private key;
the processing module is used for selecting any positive integer as a target secret value and locally storing the target secret value; generating target parameters according to the target secret value and the system parameters, storing the target parameters locally, and sending the target parameters to a receiving party; generating digital signature information according to the target private key, the target secret value and the target parameter, and sending the digital signature information to the receiving party so that the receiving party verifies the digital signature information according to the target parameter;
wherein the system parameters include: a master public key;
when the processing module generates digital signature information according to the target private key, the target secret value and the target parameter, the processing module is specifically configured to:
carrying out bilinear pairing mapping on the main public key and the target parameter to obtain a first result;
randomly selecting a random number;
generating first digital signature information according to the random number and the first result;
subtracting a modulus operation result of the first digital signature information from the random number to obtain a second result;
judging whether the second result is zero or not;
and if the second result is not zero, generating second digital signature information according to the second result, the target secret value and the target private key.
13. An authentication apparatus, comprising:
the acquisition module is used for acquiring the target parameters sent by the sender; the target parameter is obtained according to a target secret value and a system parameter provided by a key generation center, wherein the target secret value is any positive integer selected by the sender; receiving digital signature information sent by the sender; wherein the digital signature information is generated according to a target private key, the target secret value and the target parameter;
the processing module is used for verifying the digital signature information according to the target parameter;
wherein the system parameters include: a master public key;
when the processing module generates digital signature information according to the target private key, the target secret value and the target parameter, the processing module is specifically configured to:
carrying out bilinear pairing mapping on the main public key and the target parameter to obtain a first result;
randomly selecting a random number;
generating first digital signature information according to the random number and the first result;
subtracting a modulus operation result of the first digital signature information from the random number to obtain a second result;
judging whether the second result is zero or not;
and if the second result is not zero, generating second digital signature information according to the second result, the target secret value and the target private key.
14. An electronic device comprising a processing component and a storage component;
the storage component stores one or more computer instructions; the one or more computer instructions to be invoked for execution by the processing component;
the processing component is to:
acquiring a target private key and system parameters provided by a key generation center;
selecting any positive integer as a target secret value;
generating a target parameter according to the target secret value and the system parameter, and sending the target parameter to a receiving party;
generating digital signature information according to the target private key, the target secret value and the target parameter, and sending the digital signature information to the receiving party so that the receiving party verifies the digital signature information according to the target parameter; wherein the system parameters include: a master public key;
generating digital signature information according to the target private key, the target secret value and the target parameter, including:
carrying out bilinear pairing mapping on the main public key and the target parameter to obtain a first result;
randomly selecting a random number;
generating first digital signature information according to the random number and the first result;
subtracting a modulus operation result of the first digital signature information from the random number to obtain a second result;
judging whether the second result is zero or not;
if the second result is not zero, generating second digital signature information according to the second result, the target secret value and the target private key;
alternatively, the first and second electrodes may be,
the processing component is to:
searching whether a target private key, a target secret value and a target parameter are locally stored or not in response to receiving the signature request;
if the query result is negative, acquiring a target private key and system parameters provided by a key generation center, and locally storing the target private key;
selecting any positive integer as a target secret value, and locally storing the target secret value;
generating target parameters according to the target secret value and the system parameters, storing the target parameters locally, and sending the target parameters to a receiving party;
generating digital signature information according to the target private key, the target secret value and the target parameter, and sending the digital signature information to the receiving party so that the receiving party verifies the digital signature information according to the target parameter; wherein the system parameters include: a master public key;
generating digital signature information according to the target private key, the target secret value and the target parameter, including:
carrying out bilinear pairing mapping on the main public key and the target parameter to obtain a first result;
randomly selecting a random number;
generating first digital signature information according to the random number and the first result;
subtracting a modulus operation result of the first digital signature information from the random number to obtain a second result;
judging whether the second result is zero or not;
if the second result is not zero, generating second digital signature information according to the second result, the target secret value and the target private key;
alternatively, the first and second electrodes may be,
the processing component is to:
acquiring target parameters sent by a sender; the target parameter is obtained according to a target secret value and a system parameter provided by a key generation center, wherein the target secret value is any positive integer selected by the sender;
receiving digital signature information sent by the sender; wherein the digital signature information is generated according to a target private key, the target secret value and the target parameter;
verifying the digital signature information according to the target parameter;
the step of generating, by the sender, the digital signature information according to the target private key, the target secret value, and the target parameter specifically includes:
carrying out bilinear mapping on the main public key and the target parameter to obtain a first result;
randomly selecting a random number;
generating first digital signature information according to the random number and the first result;
subtracting a modulus operation result of the first digital signature information from the random number to obtain a second result;
judging whether the second result is zero or not;
and if the second result is not zero, generating second digital signature information according to the second result, the target secret value and the target private key.
15. A computer storage medium storing a computer program which, when executed by a computer, implements a signature method according to any one of claims 1 to 5 or a signature method according to any one of claims 6 to 7 or a verification method according to any one of claims 8 to 10.
CN202110664448.3A 2021-06-16 2021-06-16 Signature method and device, verification method and device, equipment and storage medium Active CN113259103B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110664448.3A CN113259103B (en) 2021-06-16 2021-06-16 Signature method and device, verification method and device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110664448.3A CN113259103B (en) 2021-06-16 2021-06-16 Signature method and device, verification method and device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN113259103A CN113259103A (en) 2021-08-13
CN113259103B true CN113259103B (en) 2021-11-09

Family

ID=77188141

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110664448.3A Active CN113259103B (en) 2021-06-16 2021-06-16 Signature method and device, verification method and device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113259103B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102983971A (en) * 2012-10-10 2013-03-20 中国科学技术大学苏州研究院 Certificateless signature algorithm for user identity authentication in network environment
US9800411B1 (en) * 2016-05-05 2017-10-24 ISARA Corporation Using a secret generator in an elliptic curve cryptography (ECC) digital signature scheme
CN109194478A (en) * 2018-11-19 2019-01-11 武汉大学 A kind of method that joint generates SM9 digital signature in many ways under Asymmetric
CN110784314A (en) * 2019-10-11 2020-02-11 南京师范大学 Certificateless encrypted information processing method
CN112511566A (en) * 2021-02-02 2021-03-16 北京信安世纪科技股份有限公司 SM9 algorithm certificateless mechanism signature key generation method, equipment and storage medium
CN112822014A (en) * 2021-04-22 2021-05-18 北京信安世纪科技股份有限公司 Data processing method and device, electronic equipment and storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200704103A (en) * 2005-02-25 2007-01-16 Qualcomm Inc Small public-key based digital signatures for authentication

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102983971A (en) * 2012-10-10 2013-03-20 中国科学技术大学苏州研究院 Certificateless signature algorithm for user identity authentication in network environment
US9800411B1 (en) * 2016-05-05 2017-10-24 ISARA Corporation Using a secret generator in an elliptic curve cryptography (ECC) digital signature scheme
CN109194478A (en) * 2018-11-19 2019-01-11 武汉大学 A kind of method that joint generates SM9 digital signature in many ways under Asymmetric
CN110784314A (en) * 2019-10-11 2020-02-11 南京师范大学 Certificateless encrypted information processing method
CN112511566A (en) * 2021-02-02 2021-03-16 北京信安世纪科技股份有限公司 SM9 algorithm certificateless mechanism signature key generation method, equipment and storage medium
CN112822014A (en) * 2021-04-22 2021-05-18 北京信安世纪科技股份有限公司 Data processing method and device, electronic equipment and storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
A Secure Transaction Scheme With Certificateless Cryptographic Primitives for IoT-Based Mobile Payments;Kuo-Hui Yeh;《IEEE SYSTEMS JOURNAL》;20180630;第12卷(第2期);第III部分 *
无证书签名方案的分析及改进;张振超等;《密码学报》;20200615(第03期);第4.2部分、第7部分 *

Also Published As

Publication number Publication date
CN113259103A (en) 2021-08-13

Similar Documents

Publication Publication Date Title
CN112822014B (en) Data processing method and device, electronic equipment and storage medium
CN109246129B (en) SM2 collaborative signature method and system capable of verifying client identity
KR102549272B1 (en) Method and Apparatus for Authenticated Key Exchange Using Password and Identity-based Signature
CN110247757B (en) Block chain processing method, device and system based on cryptographic algorithm
US8930704B2 (en) Digital signature method and system
JP7105308B2 (en) Digital signature method, device and system
US8422670B2 (en) Password authentication method
CN107483191B (en) SM2 algorithm key segmentation signature system and method
CN110120939B (en) Encryption method and system capable of repudiation authentication based on heterogeneous system
CN110365469B (en) Data integrity verification method in cloud storage supporting data privacy protection
CN113300836B (en) Vehicle-mounted network message authentication method and system based on block chain and ECC
CN109039656B (en) SM9 joint digital signature method, device and computer equipment
CN110336664B (en) SM2 cryptographic algorithm-based cross-domain authentication method for information service entity
US10263773B2 (en) Method for updating a public key
CN105577377A (en) Identity-based authentication method and identity-based authentication system with secret key negotiation
CN111161075B (en) Blockchain transaction data proving and supervising method, system and related equipment
CN110635899B (en) IBC user key updating method and device
CN110690969A (en) Method and system for completing bidirectional SSL/TLS authentication in cooperation of multiple parties
CN112995215B (en) Decryption system, method, device, electronic equipment and storage medium
CN113259103B (en) Signature method and device, verification method and device, equipment and storage medium
CN110557260A (en) SM9 digital signature generation method and device
CN111064580B (en) Implicit certificate key expansion method and device
CN110868285B (en) Authentication method, server, system, and computer-readable storage medium
CN113918971A (en) Block chain based message transmission method, device, equipment and readable storage medium
CN108521396B (en) Blind operation method for private information

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant