CN113452529A - Adapter signature generation method based on SM2 algorithm - Google Patents
Adapter signature generation method based on SM2 algorithm Download PDFInfo
- Publication number
- CN113452529A CN113452529A CN202110614929.3A CN202110614929A CN113452529A CN 113452529 A CN113452529 A CN 113452529A CN 202110614929 A CN202110614929 A CN 202110614929A CN 113452529 A CN113452529 A CN 113452529A
- Authority
- CN
- China
- Prior art keywords
- signature
- algorithm
- value
- adapter
- discrete logarithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004422 calculation algorithm Methods 0.000 title claims abstract description 48
- 238000000034 method Methods 0.000 title claims abstract description 18
- 238000012795 verification Methods 0.000 claims abstract description 13
- 238000004364 calculation method Methods 0.000 claims abstract description 3
- 238000000605 extraction Methods 0.000 claims description 8
- 230000006978 adaptation Effects 0.000 claims description 3
- 230000003044 adaptive effect Effects 0.000 abstract description 2
- 238000007792 addition Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000013515 script Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3252—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
Abstract
The invention relates to an adapter signature generation method based on SM2 algorithm, which comprises the following steps: pre-signature generation and pre-signature verification are sequentially carried out, and in the pre-signature verification, pre-signature adaptable calculation is carried out, specifically based on an adaptive algorithmInputting system parameter PP and pre-signature valueAnd a discrete logarithm solution y, calculating a complete signature value σ ═ (r, s), whereinThe adapter signature scheme designed by the invention not only has the correctness and the unforgeability of the traditional signature, but also has the correctness of the pre-signature, the adaptability of the pre-signature and the extractability of the evidence. Meanwhile, the invention is designed aiming at the domestic SM2 signature algorithm, and can meet the requirement of autonomous controllableDomestic commercial passwords apply compliance requirements.
Description
Technical Field
The invention relates to an adapter signature generation method, in particular to an adapter signature generation method based on an SM2 algorithm.
Background
Adapter signatures (adaptorsignation), also known as script-free scripts, have recently become an important tool to address the issues of scalability and interoperability of blockchain applications such as cryptocurrency. Adapter signatures are an extension of traditional digital signatures that can encode a cryptographically difficult problem in the signature value. Meanwhile, the composition has the following three properties: 1) a complete signature can only be generated by a user who knows a difficult problem solution; 2) the signature value may reveal difficult problem solutions; 3) the complete signature can be verified by a standard verification algorithm. Based on these characteristics, adapter signatures have been widely used in a variety of blockchain applications, such as pay channel networks, pay channel hubs, atomic switching, and discrete logarithm contracts. Its application brings the following advantages to blockchain transactions: 1) the on-chain cost is reduced; 2) improving transaction replaceability; 3) providing high level functionality beyond the limits of scripting languages.
With the development of adapter signature technology, adapter signatures based on the Schnorr algorithm and the ECDSA algorithm have been proposed. But the adapter signature based on the domestic cipher SM2 algorithm is still missing.
Disclosure of Invention
The technical problem of the invention is mainly solved by the following technical scheme:
an adapter signature generation method based on SM2 algorithm is characterized in that pre-signature generation and pre-signature verification are sequentially performed, and in the pre-signature verification, pre-signature adaptable calculation is performed, specifically based on an adaptive algorithmInputting system parameter PP and pre-signature valueAnd a discrete logarithm solution y, calculating a complete signature value σ ═ (r, s), wherein
In the foregoing adapter signature generation method based on SM2 algorithm, the step of proving extractability is further included in the pre-signature verification, specifically based on the extraction algorithm
Inputting system parameter PP and pre-signature value by algorithmSignature value σ and discrete logarithm instance IYCalculatingVerifying whether (Y, Y) is a correct discrete logarithm example, if so, successfully extracting and outputting Y'; otherwise, the extraction fails.
In the adapter signature generation method based on the SM2 algorithm, the pre-signature generation algorithm pSignsk(m,IY) The method comprises the following steps: inputting system parameter PP, message m to be signed and discrete logarithm example I by algorithmYAnd a private key sk for generating a pre-signed value according to the following steps
2) calculate r ═ h (m) + f (K + Q) andwhere f (-) represents the x coordinate of the point of the elliptic curve;
3) proof of knowledge pi ═ P of zero generationY((P, Q), d, demonstration ofIs to prove to the verifier that there is oneSatisfies P ═ xG and Q ═ (1+ d) Y;
In the adapter signature generation method based on the SM2 algorithm, the pre-signature verification algorithmThe method comprises the following steps: inputting system parameter PP, message m to be verified and discrete logarithm example I by algorithmYAnd a pre-signed valueVerifying the validity of the pre-signature value according to the following steps:
1) calculating K ' ═ sG + (r + s) P and r ' ═ h (m) + f (K ' + Q);
2) compare r' ═ r. If equal, brTrue; otherwise, br=false;
3) Verifying zero knowledge proof b ═ PY((P,Q),π);
4) If b isrIf the b is true, the signature is valid and true is output; otherwise, the signature invalid outputs false.
Therefore, the invention has the following advantages: at present, the traditional digital signature scheme has no adaptability and certificate extraction, and can support the block chain application requirement only by matching with a special protocol. The adapter signature scheme designed by the invention not only has the correctness and the unforgeability of the traditional signature, but also has the correctness of the pre-signature, the adaptability of the pre-signature and the extractability of the evidence. Meanwhile, the invention is designed aiming at the domestic SM2 signature algorithm, and can meet the requirement of the application compliance of the domestic commercial passwords which can be independently controlled.
Drawings
FIG. 1 is a schematic diagram of a process of the present invention.
Detailed Description
The technical scheme of the invention is further specifically described by the following embodiments and the accompanying drawings.
Example (b):
first, the symbols and definitions related to the present embodiment will be explained.
The order is a group of elliptic curves of prime number q, the elements being points on the elliptic curves.
mod n: modulo n arithmetic.
H (·): cryptographic hash function
m; message value
σ: signature value
L |: bit string splicing
The following describes four algorithms involved in this embodiment: a pre-signature generation algorithm, a pre-signature verification algorithm, an adaptation algorithm and an extraction algorithm.
Assuming that a safety parameter λ is input, the system parameter isThe signer generates a public and private key pair according to the key generation algorithm of the SM2 signature algorithm, and records the private key sk asThe public key pk is P ═ sP. Discrete logarithm example IYIs (Y, Y), wherein Y ═ yG.
1. Pre-signature generation algorithm pSignsk(m,IY)
Inputting system parameter PP, message m to be signed and discrete logarithm example I by algorithmYAnd a private key sk for generating a pre-signed value according to the following steps
2) calculate r ═ h (m) + f (K + Q) andwhere f (-) represents the x coordinate of the point of the elliptic curve;
3) proof of knowledge pi ═ P of zero generationY(P, Q), d) that proves to the verifier that there is oneSatisfies P ═ xG and Q ═ (1+ d) Y;
Inputting system parameter PP, message m to be verified and discrete logarithm example I by algorithmYAnd a pre-signed valueVerifying the validity of the pre-signature value according to the following steps:
1) calculating K ' ═ sG + (r + s) P and r ' ═ h (m) + f (K ' + Q);
2) compare r' ═ r. If equal, brTrue; otherwise, br=false;
3) Verifying zero knowledge proof b ═ PY((P,Q),π);
4) If b isrAnd b is both true, the signature is valid and the true is output; otherwise, the signature invalid outputs false.
Inputting system parameter PP and pre-signature value by algorithmAnd a discrete logarithm solution y, calculating a complete signature value σ ═ (r, s), wherein
Inputting system parameter PP and pre-signature value by algorithmSignature value σ and discrete logarithm instance IYCalculatingVerifying whether (Y, Y) is a correct discrete logarithm example, if so, successfully extracting and outputting Y'; otherwise, the extraction fails.
The specific embodiments described herein are merely illustrative of the spirit of the invention. Various modifications or additions may be made to the described embodiments or alternatives may be employed by those skilled in the art without departing from the spirit or ambit of the invention as defined in the appended claims.
Claims (4)
1. An adapter signature generation method based on SM2 algorithm is characterized by comprising the following steps: pre-signature generation and pre-signature verification are performed in sequence, and in the pre-signature verification, pre-signature adaptable calculation is performed,in particular based on an adaptation algorithmInputting system parameter PP and pre-signature valueAnd a discrete logarithm solution y, calculating a complete signature value σ ═ (r, s), wherein
2. The SM2 algorithm-based adapter signature generation method as claimed in claim 1, further comprising a step of proof of extractability in pre-signature verification, in particular based on an extraction algorithm
3. The SM2 algorithm-based adapter signature generation method of claim 1, wherein pre-signature generation algorithm pSignsk(m,IY) The method comprises the following steps: inputting system parameter PP, message m to be signed and discrete logarithm example I by algorithmYAnd a private key sk for generating a pre-signed value according to the following steps
2) calculate r ═ h (m) + f (K + Q) andwhere f (-) represents the x coordinate of the point of the elliptic curve;
3) proof of knowledge pi ═ P of zero generationY(P, Q), d) that proves to the verifier that there is oneSatisfies P ═ xG and Q ═ (1+ d) Y;
4. The SM2 algorithm-based adapter signature generation method as claimed in claim 1, wherein the pre-signature verification algorithmThe method comprises the following steps: inputting system parameter PP, message m to be verified and discrete logarithm example I by algorithmYAnd a pre-signed valueVerifying the validity of the pre-signature value according to the following steps:
1) calculating K ' ═ sG + (r + s) P and r ' ═ h (m) + f (K ' + Q);
2) comparing r' to r, if equal, brTrue; otherwise, br=false;
3) Verifying zero knowledge proof b ═ PY((P,Q),π);
4) If b isrAnd b is true, then signName valid and output true; otherwise, the signature invalid outputs false.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110614929.3A CN113452529A (en) | 2021-06-02 | 2021-06-02 | Adapter signature generation method based on SM2 algorithm |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110614929.3A CN113452529A (en) | 2021-06-02 | 2021-06-02 | Adapter signature generation method based on SM2 algorithm |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113452529A true CN113452529A (en) | 2021-09-28 |
Family
ID=77810719
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110614929.3A Pending CN113452529A (en) | 2021-06-02 | 2021-06-02 | Adapter signature generation method based on SM2 algorithm |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113452529A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115473635A (en) * | 2022-08-24 | 2022-12-13 | 武汉大学 | SM2 two-party adapter signature generation method and device for resisting malicious adversaries |
-
2021
- 2021-06-02 CN CN202110614929.3A patent/CN113452529A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115473635A (en) * | 2022-08-24 | 2022-12-13 | 武汉大学 | SM2 two-party adapter signature generation method and device for resisting malicious adversaries |
CN115473635B (en) * | 2022-08-24 | 2024-04-19 | 武汉大学 | SM2 two-party adapter signature generation method and device for preventing malicious enemy |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108809658B (en) | SM 2-based identity base digital signature method and system | |
CN108667626B (en) | Secure two-party collaboration SM2 signature method | |
CN108551392B (en) | Blind signature generation method and system based on SM9 digital signature | |
CN110912708B (en) | Ring signature generation method based on SM9 digital signature algorithm | |
CN110880977B (en) | Safe and efficient SM9 ring signature generation and verification method | |
CN111010272B (en) | Identification private key generation and digital signature method, system and device | |
JP2013539295A (en) | Authenticated encryption of digital signatures with message recovery | |
CN106936584B (en) | Method for constructing certificateless public key cryptosystem | |
CN106899413B (en) | Digital signature verification method and system | |
CN107911217B (en) | Method and device for cooperatively generating signature based on ECDSA algorithm and data processing system | |
CN110896351B (en) | Identity-based digital signature method based on global hash | |
CN111147245A (en) | Algorithm for encrypting by using national password in block chain | |
CN112771832A (en) | Computer-implemented system and method for sharing a common secret | |
CN114448641A (en) | Privacy encryption method, electronic equipment, storage medium and chip | |
CN114117547A (en) | SM9 digital signature accelerated generation method and digital signature accelerated verification method based on pre-calculation table | |
CN113452529A (en) | Adapter signature generation method based on SM2 algorithm | |
CN112989436A (en) | Multi-signature method based on block chain platform | |
CN115174056B (en) | Chameleon signature generation method and chameleon signature generation device based on SM9 signature | |
CN108667619B (en) | White box implementation method and device for SM9 digital signature | |
CN111224783A (en) | Two-square elliptic curve digital signature algorithm supporting secret key refreshing | |
CN110932866B (en) | Ring signature generation method based on SM2 digital signature algorithm | |
CN112383403A (en) | Heterogeneous ring signature method | |
CN115174052B (en) | Adapter signature generation method and device based on SM9 signature | |
CN115174053B (en) | Signature generation method and device for repudiation ring authentication based on SM9 algorithm | |
CN115174055B (en) | Certificate signature generation method and device based on SM9 signature |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210928 |