CN113452529A - Adapter signature generation method based on SM2 algorithm - Google Patents

Adapter signature generation method based on SM2 algorithm Download PDF

Info

Publication number
CN113452529A
CN113452529A CN202110614929.3A CN202110614929A CN113452529A CN 113452529 A CN113452529 A CN 113452529A CN 202110614929 A CN202110614929 A CN 202110614929A CN 113452529 A CN113452529 A CN 113452529A
Authority
CN
China
Prior art keywords
signature
algorithm
value
adapter
discrete logarithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110614929.3A
Other languages
Chinese (zh)
Inventor
何德彪
彭聪
罗敏
刘丽群
崔晓晖
黄欣沂
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan University WHU
Original Assignee
Wuhan University WHU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University WHU filed Critical Wuhan University WHU
Priority to CN202110614929.3A priority Critical patent/CN113452529A/en
Publication of CN113452529A publication Critical patent/CN113452529A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes

Abstract

The invention relates to an adapter signature generation method based on SM2 algorithm, which comprises the following steps: pre-signature generation and pre-signature verification are sequentially carried out, and in the pre-signature verification, pre-signature adaptable calculation is carried out, specifically based on an adaptive algorithm
Figure DDA0003097674050000011
Inputting system parameter PP and pre-signature value
Figure DDA0003097674050000012
And a discrete logarithm solution y, calculating a complete signature value σ ═ (r, s), wherein
Figure DDA0003097674050000013
The adapter signature scheme designed by the invention not only has the correctness and the unforgeability of the traditional signature, but also has the correctness of the pre-signature, the adaptability of the pre-signature and the extractability of the evidence. Meanwhile, the invention is designed aiming at the domestic SM2 signature algorithm, and can meet the requirement of autonomous controllableDomestic commercial passwords apply compliance requirements.

Description

Adapter signature generation method based on SM2 algorithm
Technical Field
The invention relates to an adapter signature generation method, in particular to an adapter signature generation method based on an SM2 algorithm.
Background
Adapter signatures (adaptorsignation), also known as script-free scripts, have recently become an important tool to address the issues of scalability and interoperability of blockchain applications such as cryptocurrency. Adapter signatures are an extension of traditional digital signatures that can encode a cryptographically difficult problem in the signature value. Meanwhile, the composition has the following three properties: 1) a complete signature can only be generated by a user who knows a difficult problem solution; 2) the signature value may reveal difficult problem solutions; 3) the complete signature can be verified by a standard verification algorithm. Based on these characteristics, adapter signatures have been widely used in a variety of blockchain applications, such as pay channel networks, pay channel hubs, atomic switching, and discrete logarithm contracts. Its application brings the following advantages to blockchain transactions: 1) the on-chain cost is reduced; 2) improving transaction replaceability; 3) providing high level functionality beyond the limits of scripting languages.
With the development of adapter signature technology, adapter signatures based on the Schnorr algorithm and the ECDSA algorithm have been proposed. But the adapter signature based on the domestic cipher SM2 algorithm is still missing.
Disclosure of Invention
The technical problem of the invention is mainly solved by the following technical scheme:
an adapter signature generation method based on SM2 algorithm is characterized in that pre-signature generation and pre-signature verification are sequentially performed, and in the pre-signature verification, pre-signature adaptable calculation is performed, specifically based on an adaptive algorithm
Figure BDA0003097674030000011
Inputting system parameter PP and pre-signature value
Figure BDA0003097674030000012
And a discrete logarithm solution y, calculating a complete signature value σ ═ (r, s), wherein
Figure BDA0003097674030000013
In the foregoing adapter signature generation method based on SM2 algorithm, the step of proving extractability is further included in the pre-signature verification, specifically based on the extraction algorithm
Figure BDA0003097674030000014
Inputting system parameter PP and pre-signature value by algorithm
Figure BDA0003097674030000015
Signature value σ and discrete logarithm instance IYCalculating
Figure BDA0003097674030000016
Verifying whether (Y, Y) is a correct discrete logarithm example, if so, successfully extracting and outputting Y'; otherwise, the extraction fails.
In the adapter signature generation method based on the SM2 algorithm, the pre-signature generation algorithm pSignsk(m,IY) The method comprises the following steps: inputting system parameter PP, message m to be signed and discrete logarithm example I by algorithmYAnd a private key sk for generating a pre-signed value according to the following steps
Figure BDA0003097674030000021
1) Random selection
Figure BDA0003097674030000022
And calculating K ═ kG and Q ═ (1+ d) Y;
2) calculate r ═ h (m) + f (K + Q) and
Figure BDA0003097674030000023
where f (-) represents the x coordinate of the point of the elliptic curve;
3) proof of knowledge pi ═ P of zero generationY((P, Q), d, demonstration ofIs to prove to the verifier that there is one
Figure BDA0003097674030000024
Satisfies P ═ xG and Q ═ (1+ d) Y;
4) outputting a pre-signed value
Figure BDA0003097674030000025
In the adapter signature generation method based on the SM2 algorithm, the pre-signature verification algorithm
Figure BDA0003097674030000026
The method comprises the following steps: inputting system parameter PP, message m to be verified and discrete logarithm example I by algorithmYAnd a pre-signed value
Figure BDA0003097674030000027
Verifying the validity of the pre-signature value according to the following steps:
1) calculating K ' ═ sG + (r + s) P and r ' ═ h (m) + f (K ' + Q);
2) compare r' ═ r. If equal, brTrue; otherwise, br=false;
3) Verifying zero knowledge proof b ═ PY((P,Q),π);
4) If b isrIf the b is true, the signature is valid and true is output; otherwise, the signature invalid outputs false.
Therefore, the invention has the following advantages: at present, the traditional digital signature scheme has no adaptability and certificate extraction, and can support the block chain application requirement only by matching with a special protocol. The adapter signature scheme designed by the invention not only has the correctness and the unforgeability of the traditional signature, but also has the correctness of the pre-signature, the adaptability of the pre-signature and the extractability of the evidence. Meanwhile, the invention is designed aiming at the domestic SM2 signature algorithm, and can meet the requirement of the application compliance of the domestic commercial passwords which can be independently controlled.
Drawings
FIG. 1 is a schematic diagram of a process of the present invention.
Detailed Description
The technical scheme of the invention is further specifically described by the following embodiments and the accompanying drawings.
Example (b):
first, the symbols and definitions related to the present embodiment will be explained.
Figure BDA0003097674030000031
The order is a group of elliptic curves of prime number q, the elements being points on the elliptic curves.
G: circulation group
Figure BDA0003097674030000032
A generator of (2).
Figure BDA0003097674030000033
A set of integers consisting of the integers 1, 2.
mod n: modulo n arithmetic.
H (·): cryptographic hash function
m; message value
σ: signature value
L |: bit string splicing
The following describes four algorithms involved in this embodiment: a pre-signature generation algorithm, a pre-signature verification algorithm, an adaptation algorithm and an extraction algorithm.
Assuming that a safety parameter λ is input, the system parameter is
Figure BDA0003097674030000034
The signer generates a public and private key pair according to the key generation algorithm of the SM2 signature algorithm, and records the private key sk as
Figure BDA0003097674030000035
The public key pk is P ═ sP. Discrete logarithm example IYIs (Y, Y), wherein Y ═ yG.
1. Pre-signature generation algorithm pSignsk(m,IY)
Inputting system parameter PP, message m to be signed and discrete logarithm example I by algorithmYAnd a private key sk for generating a pre-signed value according to the following steps
Figure BDA0003097674030000036
1) Random selection
Figure BDA0003097674030000037
And calculating K ═ kG and Q ═ (1+ d) Y;
2) calculate r ═ h (m) + f (K + Q) and
Figure BDA0003097674030000038
where f (-) represents the x coordinate of the point of the elliptic curve;
3) proof of knowledge pi ═ P of zero generationY(P, Q), d) that proves to the verifier that there is one
Figure BDA0003097674030000039
Satisfies P ═ xG and Q ═ (1+ d) Y;
4) outputting a pre-signed value
Figure BDA00030976740300000310
2. Pre-signature verification algorithm
Figure BDA00030976740300000311
Inputting system parameter PP, message m to be verified and discrete logarithm example I by algorithmYAnd a pre-signed value
Figure BDA00030976740300000312
Verifying the validity of the pre-signature value according to the following steps:
1) calculating K ' ═ sG + (r + s) P and r ' ═ h (m) + f (K ' + Q);
2) compare r' ═ r. If equal, brTrue; otherwise, br=false;
3) Verifying zero knowledge proof b ═ PY((P,Q),π);
4) If b isrAnd b is both true, the signature is valid and the true is output; otherwise, the signature invalid outputs false.
3. Adaptation algorithm
Figure BDA0003097674030000041
Inputting system parameter PP and pre-signature value by algorithm
Figure BDA0003097674030000042
And a discrete logarithm solution y, calculating a complete signature value σ ═ (r, s), wherein
Figure BDA0003097674030000043
4. Extraction algorithm
Figure BDA0003097674030000044
Inputting system parameter PP and pre-signature value by algorithm
Figure BDA0003097674030000045
Signature value σ and discrete logarithm instance IYCalculating
Figure BDA0003097674030000046
Verifying whether (Y, Y) is a correct discrete logarithm example, if so, successfully extracting and outputting Y'; otherwise, the extraction fails.
The specific embodiments described herein are merely illustrative of the spirit of the invention. Various modifications or additions may be made to the described embodiments or alternatives may be employed by those skilled in the art without departing from the spirit or ambit of the invention as defined in the appended claims.

Claims (4)

1. An adapter signature generation method based on SM2 algorithm is characterized by comprising the following steps: pre-signature generation and pre-signature verification are performed in sequence, and in the pre-signature verification, pre-signature adaptable calculation is performed,in particular based on an adaptation algorithm
Figure FDA0003097674020000011
Inputting system parameter PP and pre-signature value
Figure FDA0003097674020000012
And a discrete logarithm solution y, calculating a complete signature value σ ═ (r, s), wherein
Figure FDA0003097674020000013
2. The SM2 algorithm-based adapter signature generation method as claimed in claim 1, further comprising a step of proof of extractability in pre-signature verification, in particular based on an extraction algorithm
Figure FDA0003097674020000014
Inputting system parameter PP and pre-signature value by algorithm
Figure FDA0003097674020000015
Signature value σ and discrete logarithm instance IYCalculating
Figure FDA0003097674020000016
Verifying whether (Y, Y) is a correct discrete logarithm example, if so, successfully extracting and outputting Y'; otherwise, the extraction fails.
3. The SM2 algorithm-based adapter signature generation method of claim 1, wherein pre-signature generation algorithm pSignsk(m,IY) The method comprises the following steps: inputting system parameter PP, message m to be signed and discrete logarithm example I by algorithmYAnd a private key sk for generating a pre-signed value according to the following steps
Figure FDA0003097674020000017
1) Random selection
Figure FDA0003097674020000018
And calculating K ═ kG and Q ═ (1+ d) Y;
2) calculate r ═ h (m) + f (K + Q) and
Figure FDA0003097674020000019
where f (-) represents the x coordinate of the point of the elliptic curve;
3) proof of knowledge pi ═ P of zero generationY(P, Q), d) that proves to the verifier that there is one
Figure FDA00030976740200000110
Satisfies P ═ xG and Q ═ (1+ d) Y;
4) outputting a pre-signed value
Figure FDA00030976740200000111
4. The SM2 algorithm-based adapter signature generation method as claimed in claim 1, wherein the pre-signature verification algorithm
Figure FDA00030976740200000112
The method comprises the following steps: inputting system parameter PP, message m to be verified and discrete logarithm example I by algorithmYAnd a pre-signed value
Figure FDA00030976740200000113
Verifying the validity of the pre-signature value according to the following steps:
1) calculating K ' ═ sG + (r + s) P and r ' ═ h (m) + f (K ' + Q);
2) comparing r' to r, if equal, brTrue; otherwise, br=false;
3) Verifying zero knowledge proof b ═ PY((P,Q),π);
4) If b isrAnd b is true, then signName valid and output true; otherwise, the signature invalid outputs false.
CN202110614929.3A 2021-06-02 2021-06-02 Adapter signature generation method based on SM2 algorithm Pending CN113452529A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110614929.3A CN113452529A (en) 2021-06-02 2021-06-02 Adapter signature generation method based on SM2 algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110614929.3A CN113452529A (en) 2021-06-02 2021-06-02 Adapter signature generation method based on SM2 algorithm

Publications (1)

Publication Number Publication Date
CN113452529A true CN113452529A (en) 2021-09-28

Family

ID=77810719

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110614929.3A Pending CN113452529A (en) 2021-06-02 2021-06-02 Adapter signature generation method based on SM2 algorithm

Country Status (1)

Country Link
CN (1) CN113452529A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115473635A (en) * 2022-08-24 2022-12-13 武汉大学 SM2 two-party adapter signature generation method and device for resisting malicious adversaries

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115473635A (en) * 2022-08-24 2022-12-13 武汉大学 SM2 two-party adapter signature generation method and device for resisting malicious adversaries
CN115473635B (en) * 2022-08-24 2024-04-19 武汉大学 SM2 two-party adapter signature generation method and device for preventing malicious enemy

Similar Documents

Publication Publication Date Title
CN108809658B (en) SM 2-based identity base digital signature method and system
CN108667626B (en) Secure two-party collaboration SM2 signature method
CN108551392B (en) Blind signature generation method and system based on SM9 digital signature
CN110912708B (en) Ring signature generation method based on SM9 digital signature algorithm
CN110880977B (en) Safe and efficient SM9 ring signature generation and verification method
CN111010272B (en) Identification private key generation and digital signature method, system and device
JP2013539295A (en) Authenticated encryption of digital signatures with message recovery
CN106936584B (en) Method for constructing certificateless public key cryptosystem
CN106899413B (en) Digital signature verification method and system
CN107911217B (en) Method and device for cooperatively generating signature based on ECDSA algorithm and data processing system
CN110896351B (en) Identity-based digital signature method based on global hash
CN111147245A (en) Algorithm for encrypting by using national password in block chain
CN112771832A (en) Computer-implemented system and method for sharing a common secret
CN114448641A (en) Privacy encryption method, electronic equipment, storage medium and chip
CN114117547A (en) SM9 digital signature accelerated generation method and digital signature accelerated verification method based on pre-calculation table
CN113452529A (en) Adapter signature generation method based on SM2 algorithm
CN112989436A (en) Multi-signature method based on block chain platform
CN115174056B (en) Chameleon signature generation method and chameleon signature generation device based on SM9 signature
CN108667619B (en) White box implementation method and device for SM9 digital signature
CN111224783A (en) Two-square elliptic curve digital signature algorithm supporting secret key refreshing
CN110932866B (en) Ring signature generation method based on SM2 digital signature algorithm
CN112383403A (en) Heterogeneous ring signature method
CN115174052B (en) Adapter signature generation method and device based on SM9 signature
CN115174053B (en) Signature generation method and device for repudiation ring authentication based on SM9 algorithm
CN115174055B (en) Certificate signature generation method and device based on SM9 signature

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20210928