CN113849831A - Two-party collaborative signature and decryption method and system based on SM2 algorithm - Google Patents
Two-party collaborative signature and decryption method and system based on SM2 algorithm Download PDFInfo
- Publication number
- CN113849831A CN113849831A CN202110994073.7A CN202110994073A CN113849831A CN 113849831 A CN113849831 A CN 113849831A CN 202110994073 A CN202110994073 A CN 202110994073A CN 113849831 A CN113849831 A CN 113849831A
- Authority
- CN
- China
- Prior art keywords
- party
- sub
- communication
- communication party
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004422 calculation algorithm Methods 0.000 title claims abstract description 84
- 238000000034 method Methods 0.000 title claims abstract description 71
- 230000006854 communication Effects 0.000 claims abstract description 185
- 238000004891 communication Methods 0.000 claims abstract description 183
- 230000008569 process Effects 0.000 claims description 17
- 238000004364 calculation method Methods 0.000 claims description 15
- 239000000284 extract Substances 0.000 claims description 12
- 238000009795 derivation Methods 0.000 claims description 4
- 230000001172 regenerating effect Effects 0.000 claims description 4
- 230000003993 interaction Effects 0.000 abstract description 5
- 230000005540 biological transmission Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Databases & Information Systems (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to a two-party cooperative signature and decryption method and system based on SM2 algorithm, belonging to the technical field of cryptography application, wherein the cooperative signature method comprises the following steps: the two communication parties generate own sub-private keys, wherein one party calculates a part of public keys according to the own sub-private keys and sends the public keys to the other communication party; the other communication party calculates and discloses a complete public key according to the self-sub private key and the partial public key; the first communication party calculates the abstract of the message to be signed, generates a first part signature according to the own sub private key and sends the first part signature to the second communication party; the second communication party calculates a second part signature according to the received data and the own sub private key and sends the second part signature to the first communication party; and the first communication party generates a complete signature according to the self sub private key and the second partial signature and outputs the complete signature. Meanwhile, the invention relates to a two-party cooperative decryption method. The invention can fully ensure the safety of the SM2 algorithm private key; the communication and computing cost is low, the practical operability is strong, and the cloud computing environment with low delay and less interaction can be met.
Description
Technical Field
The invention belongs to the technical field of cryptography application, and particularly relates to a two-party collaborative signature and decryption method and system based on SM2 algorithm.
Background
The cryptographic technology is a core technology of information security, wherein a public key cryptosystem is more suitable for application scenarios such as digital signatures and the like due to asymmetry of a public key and a private key, and can effectively solve the problem of key distribution. Digital signature and encryption and decryption technologies based on a public key cryptosystem are widely applied to electronic commerce, identity authentication and the like, and in the public key cryptosystem, how to ensure the safety of a user private key is a very important problem. Often the user's private key needs to be securely generated, stored and used in specialized hardware. However, with the popularization of public key cryptographic algorithms and the popularization of SM2 elliptic curve public key cryptographic algorithms independently developed in China, the SM2 algorithm also plays an increasingly important role in Internet of things applications such as car networking, intelligent medical systems and intelligent home systems, and cloud computing systems. Many systems and terminals using the SM2 algorithm, especially mobile intelligent terminals, do not have hardware cryptographic modules configured in the forms of cryptographic chips, secure elements, etc., and we call "weak terminals", which can only rely on software cryptographic modules to complete cryptographic operations, and the private key needs to be stored in the local storage medium of the user terminal. Although the private key can be protected by means of encryption, PIN code protection and the like, the private key is still easily stolen by attackers.
How to protect the security of the private key in the 'weak terminal' is a very important problem in the implementation process of the cryptographic algorithm. One possible solution to this problem is to use a multi-party cooperative signature or decryption method, where the private key is split into multiple shares and stored separately in different terminals. When the private key operation is carried out, each terminal uses the own sub-private key to carry out operation and interacts partial operation results, so that a final private key operation result is finally obtained at a certain party. In the processes of private key generation and private key operation, the complete private key can be avoided, so that the safety of the private key can be effectively improved.
At present, some schemes for two-party collaborative signing or decryption based on the SM2 algorithm exist, however, the problems of large calculation amount, large interactive data amount, large storage space, low signing or decryption efficiency and the like exist, the performance overhead is large, and a better technical solution needs to be sought.
Disclosure of Invention
Aiming at the problems in the prior art, the invention aims to provide a two-party collaborative signing and decryption method and system based on an SM2 algorithm, and the method and system can fully ensure the security of an SM2 algorithm private key; the communication and calculation cost is low, the basic operation module of the SM2 algorithm can be multiplexed, the actual operability is strong, and the cloud computing environment with low delay and less interaction can be met.
In order to achieve the above object, in a first aspect, the present invention provides a two-party cooperative signature method based on SM2 algorithm, involving a first communication party and a second communication party, the method including a public key generation phase and a cooperative signature phase, where the public key generation phase includes the following steps:
the two communication parties respectively generate own sub-private keys, one of the two communication parties calculates a part of public keys according to the own sub-private keys and sends the part of public keys to the other communication party;
the other communication party calculates and opens a complete public key according to the own sub-private key and the received partial public key;
the co-signing stage comprises the following steps:
the first communication party calculates the message digest of the message to be signed, generates a first part signature according to a self sub private key, and sends the message digest and the first part signature to the second communication party;
the second communication party calculates a second part of signature according to the received message digest, the first part of signature and the own sub private key, and sends the second part of signature to the first communication party;
and the first communication party generates a complete signature according to the own sub private key and the received second partial signature and outputs the complete signature.
Further, as described above, in the two-party cooperative signature method based on the SM2 algorithm, the calculation method of the complete public key is:
the first communication party generates a random number D1∈[1,n-2]As its own sub-private key, based on the sub-private key D1Calculating a partial public key P1=D1[*]G, wherein G is the base point of the SM2 algorithm elliptic curve E shared by the two communication parties, n is the order of the base point [. X [ ]]Represents a dot product operation on the elliptic curve E;
the second party generates a random number D2∈[1,n-2]As its own sub-private key, based on the sub-private key D2And the received partial public key P1Calculating complete public key P ═ D2[*](P1+G)+P1;
If P is O, regenerating a random number, otherwise, disclosing P as a complete public key, wherein O is an infinite point of the elliptic curve E;
or the calculation method of the complete public key comprises the following steps:
the second party generates a random number D2∈[1,n-2]As its own sub-private key, based on the sub-private key D2Calculating a partial public key P2=D2[*]G, wherein G is the base point of the SM2 algorithm elliptic curve E shared by the two communication parties, n is the order of the base point [. X [ ]]Represents a dot product operation on the elliptic curve E;
the first communication party generates a random number D1∈[1,n-2]As its own sub-private key, based on the sub-private key D1And the received partial public key P2Calculating complete public key P ═ D1[*](P2+G)+P2;
If P ═ O, then the random number is regenerated, otherwise P is published as the complete public key, where O is the infinity point of the elliptic curve E.
Further, according to the two-party cooperative signing method based on the SM2 algorithm, the first communication party calculates the message digest of the message to be signed, and the specific steps of generating the first partial signature according to the own sub-private key based on the SM2 algorithm are as follows:
for a message M to be signed, a first communication party splices a corresponding Z value in an SM2 algorithm and the message M to be signed into M ', namely M ' ═ Z | | M, and then calculates a message digest e ═ H (M '), wherein Z represents an identity common to the first communication party and a second communication party, and H () represents a predetermined cryptographic hash function;
the first communication party generates a random number k1∈[1,n-1]According to k1Calculating a first partial signature Q1=k1(1+D1)[*]G。
Further, as described above, in the two-party cooperative signature method based on the SM2 algorithm, the second partial signature is calculated by:
the second party generates a random number k2∈[1,n-1]According to k2And the received first partial signature Q1Calculating Q2=(1+D2)[*]Q1+k2[*]G=(x1,y1) And calculating r ═ x1mod n, if r is 0, the second communication party regenerates the random number, wherein mod is modulo operation;
if r ≠ 0, the second party calculates s2=(1+D2)-1(r+k2) mod n to obtain a second partial signature r and s2。
Further, in the two-party cooperative signature method based on the SM2 algorithm, the generating, by the first communication party, a complete signature according to the own sub-private key and the received second partial signature and outputting specifically are:
the first communication party according to the sub-private key D1And the received second partial signatures r and s2Calculating the signature component s ═ 1+ D1)-1s2+k1-r mod n;
And if s is 0 or n-r, restarting the signature process, otherwise, outputting (r, s) as a complete signature.
In a second aspect, the present invention provides a two-party cooperative decryption method based on SM2 algorithm, involving a first communication party and a second communication party, the method includes a public key generation phase and a cooperative decryption phase, wherein the public key generation phase includes the following steps:
the two communication parties respectively generate own sub-private keys, one of the two communication parties calculates a part of public keys according to the own sub-private keys and sends the part of public keys to the other communication party;
the other communication party calculates and opens a complete public key according to the own sub-private key and the received partial public key;
the collaborative decryption phase comprises the following steps:
the first communication party extracts a first part of ciphertext from the acquired ciphertext and sends the first part of ciphertext to the second communication party;
the second communication party carries out partial decryption on the first part of ciphertext according to the own sub private key to obtain a part of ciphertext and sends the part of ciphertext to the first communication party;
and the first communication party decrypts the ciphertext completely according to the own sub private key and the received partial ciphertext to obtain a complete plaintext and outputs the complete plaintext.
Further, as described above, in the two-party cooperative decryption method based on the SM2 algorithm, the calculation method of the complete public key is:
the first communication party generates a random number D1∈[1,n-2]As its own sub-private key, based on the sub-private key D1Calculating a partial public key P1=D1[*]G, wherein G is the base point of the SM2 algorithm elliptic curve E shared by the two communication parties, n is the order of the base point [. X [ ]]Represents a dot product operation on the elliptic curve E;
the second party generates a random number D2∈[1,n-2]As its own sub-private key, based on the sub-private key D2And the received partial public key P1Calculating complete public key P ═ D2[*](P1+G)+P1;
If P is O, regenerating a random number, otherwise, disclosing P as a complete public key, wherein O is an infinite point of the elliptic curve E;
or the calculation method of the complete public key comprises the following steps:
the second party generates a random number D2∈[1,n-2]As its own sub-private key, based on the sub-private key D2Calculating a partial public key P2=D2[*]G, wherein G is SM2 algorithm ellipse shared by both communication partiesBase point of the circular curve E, n is the order of the base point [. X ]]Represents a dot product operation on the elliptic curve E;
the first communication party generates a random number D1∈[1,n-2]As its own sub-private key, based on the sub-private key D1And the received partial public key P2Calculating complete public key P ═ D1[*](P2+G)+P2;
If P ═ O, then the random number is regenerated, otherwise P is published as the complete public key, where O is the infinity point of the elliptic curve E.
Further, in the two-party cooperative decryption method based on the SM2 algorithm, the extracting, by the first communication party, the first part of the ciphertext from the obtained ciphertext, and sending the first part of the ciphertext to the second communication party specifically includes:
the first communication party slave cipher text C ═ C1||C3||C2Extract the first part of the ciphertext C1And C is1Is converted into a point on the elliptic curve E, and C is judged1If the point is not the infinite point, if so, C is added1To a second communication party, where C1、C3、C2Is a bit string.
Further, in the two-party cooperative decryption method based on the SM2 algorithm, a calculation formula for the second communication party to obtain a partial ciphertext is as follows: t ═ D2[*]C1。
Further, in the two-party cooperative decryption method based on the SM2 algorithm, the specific process that the first communication party completely decrypts the ciphertext according to the sub private key of the first communication party and the received partial ciphertext to obtain a complete plaintext and outputs the complete plaintext includes:
first communication partner calculates D1[*]C1+(1+D1)[*]T=(x2,y2) And will coordinate x2,y2Converting into a bit string;
the first communication partner calculates t ═ KDF (x)2||y2Klen), where KDF () represents a predetermined key derivation function and klen represents the length of key data to be obtained, reports an error and exits if t is an all-zero bit string;
If t ≠ 0, the first communication party follows the ciphertext C ═ C1||C3||C2Extract the second part of the ciphertext C2Calculating M ═ C2⊕t;
The first communication party calculates u ═ H (x)2||M”||y2) From the ciphertext C ═ C1||C3||C2Extract a third portion of ciphertext C3If u ≠ C3If not, the complete plaintext M' is output.
In a third aspect, the present invention provides a two-party cooperative signature system based on SM2 algorithm, including a first communication party and a second communication party, where the first communication party and the second communication party are in communication connection, and the two-party cooperative signature system is configured to execute the two-party cooperative signature method based on SM2 algorithm of the first aspect.
In a fourth aspect, the present invention provides a two-party cooperative decryption system based on SM2 algorithm, including a first communication party and a second communication party, where the first communication party and the second communication party are connected in communication, and the two-party cooperative decryption system is configured to execute the two-party cooperative decryption method based on SM2 algorithm described in the second aspect.
The two-party collaborative signing and decryption method and system based on the SM2 algorithm can independently generate and store part of private keys at two communication parties, and then carry out two-party collaborative signing and decryption. Compared with the prior art, the invention has the beneficial effects that:
1. the whole private key of the SM2 algorithm never appears in the whole process, so that the safety of the private key of the SM2 algorithm is improved;
2. the private key is divided into two parts which can be respectively stored in different terminals, so that the method is more suitable for application scenes in which a plurality of mobile intelligent terminals participate at present;
3. the two parties need less computation in the signing or decryption operation process, and the transmitted data in the communication process are less, so that the method is more suitable for the cloud computing environment requiring low delay and high interaction;
4. the basic operation module of the SM2 algorithm can be multiplexed, a new operation module is not required to be added, the realization is simple, and the arrangement cost is low.
Drawings
Fig. 1 is a flowchart of a two-party cooperative signature method based on SM2 algorithm according to an embodiment of the present invention;
fig. 2 is an implementation mechanism of a public key generation phase provided in the embodiment of the present invention;
FIG. 3 is a mechanism for implementing the collaborative signing phase according to an embodiment of the present invention;
fig. 4 is a flowchart of a two-party cooperative decryption method based on the SM2 algorithm according to an embodiment of the present invention;
fig. 5 is a mechanism for implementing the cooperative decryption phase according to an embodiment of the present invention.
Detailed Description
In order to make the technical problems solved, the technical solutions adopted, and the technical effects achieved by the present invention clearer, the technical solutions of the embodiments of the present invention will be further described in detail with reference to the accompanying drawings. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
For convenience of understanding, the basic concepts and terms involved in the embodiments of the present invention will be briefly described.
Both communication parties share SM2 algorithm elliptic curve parameter E (F)q) The elliptic curve E is defined in a finite field FqThe elliptic curve above, wherein G is a base point of the elliptic curve, the order of the base point is n, and O is an infinite point of the elliptic curve. The invention uses]Denotes the dot-product operation on E, k [. sup. ]]G represents a k-fold point of G; mod n represents a modulo n operation; for elliptic curve point addition and numerical addition, the addition is represented by a plus sign +: if the addition is the point addition of the elliptic curve, the + represents the point addition operation; if the numerical value is added, the + represents the addition operation of the numerical value; h () represents a predetermined cryptographic hash function, KDF () represents a predetermined key derivation function, klen represents the length of key data to be obtained, and | represents concatenation。
For convenience of description, a first communication party and a second communication party are used to represent two communication parties respectively, wherein the first communication party may be a client or a server, and correspondingly, when the first communication party is a client, the second communication party is a server; and when the first communication party is the server side, the second communication party is the client side.
Fig. 1 shows a flow chart of a two-party cooperative signature method based on SM2 algorithm, which mainly includes a public key generation phase and a cooperative signature phase;
the public key generation stage mainly comprises the following steps:
and step S11, the two communication parties respectively generate own sub private keys, one party calculates a part of public keys according to the own sub private keys and sends the part of public keys to the other communication party.
And step S12, the other communication party calculates and opens the complete public key according to the own sub private key and the received partial public key.
In an alternative embodiment, the specific steps of generating the complete public key are as follows:
as shown in fig. 2, the first communication party generates a random number D1As its own private sub-key, D1Belong to [1, n-2 ]]Any integer in the range, and then according to the sub-private key D1Calculating partial public key P1And sends it to the second party. Partial public key P1The calculation formula of (2) is as follows: p1=D1[*]G
Wherein, G is the base point of the SM2 algorithm elliptic curve E shared by both communication parties, n is the order of the base point, and [ ] represents the dot multiplication operation on the elliptic curve E;
the second party generates a random number D2As its own private sub-key, D2Belong to [1, n-2 ]]Any integer within the range and according to the sub-private key D2And P1And (3) calculating a complete public key P, wherein the calculation formula of P is as follows:
P=D2[*](P1+G)+P1
if P ═ O, then the random number needs to be regenerated, otherwise P is published as the complete public key, where O is the infinite point of the elliptic curve E.
In the public key generation phase, the identities of the first communication party and the second communication party are interchangeable, that is, the method for generating the complete public key may also be:
the second party generates a random number D2As its own private sub-key, D2Belong to [1, n-2 ]]Any integer in the range, and then according to the sub-private key D2Calculating partial public key P2And sends it to the second party. Partial public key P2The calculation formula of (2) is as follows: p2=D2[*]G
Wherein, G is the base point of the SM2 algorithm elliptic curve E shared by both communication parties, n is the order of the base point, and [ ] represents the dot multiplication operation on the elliptic curve E;
the first communication party generates a random number D1As its own private sub-key, D1Belong to [1, n-2 ]]Any integer within the range and according to the sub-private key D1And P2And (3) calculating a complete public key P, wherein the calculation formula of P is as follows:
P=D1[*](P2+G)+P2
if P ═ O, then the random number needs to be regenerated, otherwise P is published as the complete public key, where O is the infinite point of the elliptic curve E.
Referring to fig. 3, the collaborative signing phase mainly includes the following steps:
step S13, the first communication party calculates the message digest of the message to be signed, generates the first part signature according to the own sub private key, and sends the message digest and the first part signature to the second communication party.
In an optional implementation manner, the step S13 of calculating the message digest of the message to be signed and generating the first partial signature specifically includes:
for a message M to be signed, a first communication party splices a corresponding Z value in an SM2 algorithm and the message M to be signed into M ', namely M ' ═ Z | | M, and then calculates a message digest e ═ H (M '), wherein Z represents an identity common to the first communication party and a second communication party, and H () represents a predetermined cryptographic hash function;
the first communication party generates a random number k1∈[1,n-1]According to k1Calculating a first partial signature Q1=k1(1+D1)[*]G。
And step S14, the second communication party calculates a second part signature according to the received message digest, the first part signature and the own sub private key, and sends the second part signature to the first communication party.
In an alternative embodiment, the specific step of calculating the second partial signature in step S14 includes:
the second party generates a random number k2∈[1,n-1]According to k2And the received first partial signature Q1Calculating Q2=(1+D2)[*]Q1+k2[*]G=(x1,y1) And calculating r ═ x1mod n, if r is 0, the second communication party regenerates the random number, wherein mod is modulo operation;
if r ≠ 0, the second party calculates s2=(1+D2)-1(r+k2) mod n to obtain a second partial signature r and s2。
And step S15, the first communication party generates a complete signature according to the sub private key and the received second partial signature and outputs the complete signature.
In an optional implementation manner, the step of generating the complete signature in step S15 specifically includes:
the first communication party according to the sub-private key D1And the received second partial signatures r and s2Calculating the signature component s ═ 1+ D1)-1s2+k1-r mod n;
And if s is 0 or n-r, restarting the signature process, otherwise, outputting (r, s) as a complete signature.
The subsequent signature verification process is consistent with the signature verification process in the SM2 algorithm.
In the embodiment, in the public key generation stage, both communication parties independently generate own sub-private keys respectively, one party can calculate and disclose the public key through one round of information transmission, and the complete private key of SM2 does not appear in the whole process, so that the safety of the SM2 private key is improved; in the cooperative signature stage, two communication parties use respective sub private keys to generate a complete signature on one communication party through two rounds of information transmission, and any third party obtaining the signature can verify the signature through public key information and an SM2 algorithm.
The public key generation stage only needs to transmit one data, and only two data are transmitted in each round in the collaborative signature stage, so that the communication data amount is small; the public key generation stage does not use point subtraction operation or modular inverse budget which is high in consumption, only two point multiplication operations are needed, and only three point multiplication operations are used in the collaborative signature stage, so that the calculation cost is greatly reduced.
Fig. 4 shows a flowchart of a two-party cooperative decryption method based on SM2 algorithm, which mainly includes a public key generation phase and a cooperative decryption phase;
the public key generation phase is the same as the steps S11 and S12 in the public key generation phase in the two-party collaborative signing method based on the SM2 algorithm, and will not be described in detail here.
Referring to fig. 5, the collaborative decryption phase mainly includes the following steps:
step S23, the first communication party extracts a first part of the ciphertext from the obtained ciphertext, and sends the first part of the ciphertext to the second communication party.
In an alternative embodiment, the first communication partner reads the ciphertext C ═ C from the ciphertext C1||C3||C2Extract the first part of the ciphertext C1And C is1Is converted into a point on the elliptic curve E, and C is judged1If the point is not the infinite point, if so, C is added1To a second communication party, where C1、C3、C2Is a bit string.
And step S24, the second communication party partially decrypts the first part of ciphertext according to the own sub private key to obtain a part of ciphertext and sends the part of ciphertext to the first communication party.
In an alternative embodiment, the partial ciphertext is calculated as: t ═ D2[*]C1。
And step S25, the first communication party decrypts the ciphertext completely according to the own sub private key and the received partial ciphertext to obtain a complete plaintext and outputs the complete plaintext.
In an alternative embodiment, the specific decryption process in step S25 is:
first communication partner calculates D1[*]C1+(1+D1)[*]T=(x2,y2) And will coordinate x2,y2Converting into a bit string;
the first communication partner calculates t ═ KDF (x)2||y2Klen), if t is an all-zero bit string, reporting an error and exiting, where KDF () represents a predetermined key derivation function, and klen represents the length of key data to be obtained;
if t ≠ 0, the first communication party follows the ciphertext C ═ C1||C3||C2Extract the second part of the ciphertext C2Calculating M ═ C2⊕t;
The first communication party calculates u ═ H (x)2||M”||y2) From the ciphertext C ═ C1||C3||C2Extract a third portion of ciphertext C3If u ≠ C3If not, the complete plaintext M' is output.
In this embodiment, the two communicating parties can decrypt the legal ciphertext encrypted by the public key information and the SM2 algorithm disclosed by any third party at one party through two rounds of information transfer by using respective sub private keys. The whole decryption process (including a key generation stage and a cooperative decryption stage) does not need modular inverse operation, only one data needs to be transmitted in each round, the computation is less, and the method is more suitable for a cloud computing environment requiring low delay and high interaction.
According to the two-party collaborative signing method based on the SM2 algorithm, the invention provides a two-party collaborative signing system based on the SM2 algorithm, which comprises a first communication party and a second communication party, wherein the first communication party and the second communication party are in communication connection, and the two-party collaborative signing system is configured to execute the two-party collaborative signing method based on the SM2 algorithm.
According to the two-party cooperative decryption method based on the SM2 algorithm, the invention provides a two-party cooperative decryption system based on the SM2 algorithm, the system comprises a first communication party and a second communication party, the first communication party and the second communication party are in communication connection, and the two-party cooperative decryption system is configured to execute the two-party cooperative decryption method based on the SM2 algorithm.
The invention provides a two-party cooperative signature and decryption method and a two-party cooperative signature and decryption system based on SM2 algorithm, and simultaneously provides a technical scheme of cooperative signature and cooperative decryption, wherein in a public key generation stage, two communication parties respectively and independently generate own sub private keys, and one party can calculate and disclose a public key through one round of information transmission; in the cooperative signature stage, both communication parties use respective sub-private keys to generate a complete signature on one communication party through two rounds of information transmission, any third party obtaining the signature can check the signature through public key information and an SM2 algorithm, and the signature checking process is consistent with that in the SM2 algorithm; in the cooperative decryption stage, both communication parties use respective sub private keys, and through two rounds of information transmission, any third party can decrypt a legal ciphertext encrypted by public key information and an SM2 algorithm through the public key information and the SM2 algorithm. Through the above means, the beneficial effects obtained are as follows:
in the whole process, the complete private key of the SM2 algorithm never appears, so that the security of the private key of the SM2 algorithm is improved; the private key is divided into two parts which can be respectively stored in different terminals, so that the method is more suitable for application scenes in which a plurality of mobile intelligent terminals participate at present; the two parties need less computation in the signing or decryption operation process, and transmit less data in the communication process, so that the method is more suitable for the cloud computing environment requiring low delay and high interaction; the basic operation module of the SM2 algorithm can be multiplexed, a new operation module is not required to be added, the realization is simple, and the arrangement cost is low.
It will be understood by those skilled in the art that the present invention is not limited to the embodiments described in the detailed description, and the detailed description is for the purpose of explanation and not limitation. Other embodiments will be apparent to those skilled in the art from the following detailed description, which is intended to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention as defined by the appended claims.
Claims (12)
1. A two-party cooperative signature method based on SM2 algorithm, involving a first communication party and a second communication party, the method comprising a public key generation phase and a cooperative signature phase, wherein the public key generation phase comprises the steps of:
the two communication parties respectively generate own sub-private keys, one of the two communication parties calculates a part of public keys according to the own sub-private keys and sends the part of public keys to the other communication party;
the other communication party calculates and opens a complete public key according to the own sub-private key and the received partial public key;
the co-signing stage comprises the following steps:
the first communication party calculates the message digest of the message to be signed, generates a first part signature according to a self sub private key, and sends the message digest and the first part signature to the second communication party;
the second communication party calculates a second part of signature according to the received message digest, the first part of signature and the own sub private key, and sends the second part of signature to the first communication party;
and the first communication party generates a complete signature according to the own sub private key and the received second partial signature and outputs the complete signature.
2. The SM2 algorithm-based two-party cooperative signature method of claim 1, wherein the complete public key is calculated by:
the first communication party generates a random number D1∈[1,n-2]As its own sub-private key, based on the sub-private key D1Calculating a partial public key P1=D1[*]G, wherein G is the base point of the SM2 algorithm elliptic curve E shared by the two communication parties, n is the order of the base point [. X [ ]]Represents a dot product operation on the elliptic curve E;
the second party generates a random number D2∈[1,n-2]As its own sub-private key, based on the sub-private key D2And the received partial public key P1Calculate the complete publicThe key P is D2[*](P1+G)+P1;
If P is O, regenerating a random number, otherwise, disclosing P as a complete public key, wherein O is an infinite point of the elliptic curve E;
or the calculation method of the complete public key comprises the following steps:
the second party generates a random number D2∈[1,n-2]As its own sub-private key, based on the sub-private key D2Calculating a partial public key P2=D2[*]G, wherein G is the base point of the SM2 algorithm elliptic curve E shared by the two communication parties, n is the order of the base point [. X [ ]]Represents a dot product operation on the elliptic curve E;
the first communication party generates a random number D1∈[1,n-2]As its own sub-private key, based on the sub-private key D1And the received partial public key P2Calculating complete public key P ═ D1[*](P2+G)+P2;
If P ═ O, then the random number is regenerated, otherwise P is published as the complete public key, where O is the infinity point of the elliptic curve E.
3. The two-party cooperative signing method based on SM2 algorithm of claim 2, wherein the first communication party calculates the message digest of the message to be signed, and the specific steps of generating the first partial signature based on SM2 algorithm according to its own sub-private key are:
for a message M to be signed, a first communication party splices a corresponding Z value in an SM2 algorithm and the message M to be signed into M ', namely M ' ═ Z | | M, and then calculates a message digest e ═ H (M '), wherein Z represents an identity common to the first communication party and a second communication party, and H () represents a predetermined cryptographic hash function;
the first communication party generates a random number k1∈[1,n-1]According to k1Calculating a first partial signature Q1=k1(1+D1)[*]G。
4. The SM2 algorithm-based two-party cooperative signature method of claim 3, wherein the second partial signature is calculated by:
the second party generates a random number k2∈[1,n-1]According to k2And the received first partial signature Q1Calculating Q2=(1+D2)[*]Q1+k2[*]G=(x1,y1) And calculating r ═ x1mod n, if r is 0, the second communication party regenerates the random number, wherein mod is modulo operation;
if r ≠ 0, the second party calculates s2=(1+D2)-1(r+k2) mod n to obtain a second partial signature r and s2。
5. The two-party cooperative signature method based on the SM2 algorithm of claim 4, wherein the first communication party generates a complete signature from its own sub-private key and the received second partial signature and outputs:
the first communication party according to the sub-private key D1And the received second partial signatures r and s2Calculating the signature component s ═ 1+ D1)-1s2+k1-r mod n;
And if s is 0 or n-r, restarting the signature process, otherwise, outputting (r, s) as a complete signature.
6. A two-party cooperative decryption method based on SM2 algorithm, which relates to a first communication party and a second communication party, the method comprises a public key generation phase and a cooperative decryption phase, wherein the public key generation phase comprises the following steps:
the two communication parties respectively generate own sub-private keys, one of the two communication parties calculates a part of public keys according to the own sub-private keys and sends the part of public keys to the other communication party;
the other communication party calculates and opens a complete public key according to the own sub-private key and the received partial public key;
the collaborative decryption phase comprises the following steps:
the first communication party extracts a first part of ciphertext from the acquired ciphertext and sends the first part of ciphertext to the second communication party;
the second communication party carries out partial decryption on the first part of ciphertext according to the own sub private key to obtain a part of ciphertext and sends the part of ciphertext to the first communication party;
and the first communication party decrypts the ciphertext completely according to the own sub private key and the received partial ciphertext to obtain a complete plaintext and outputs the complete plaintext.
7. The two-party cooperative decryption method based on the SM2 algorithm of claim 6, wherein the complete public key is calculated by:
the first communication party generates a random number D1∈[1,n-2]As its own sub-private key, based on the sub-private key D1Calculating a partial public key P1=D1[*]G, wherein G is the base point of the SM2 algorithm elliptic curve E shared by the two communication parties, n is the order of the base point [. X [ ]]Represents a dot product operation on the elliptic curve E;
the second party generates a random number D2∈[1,n-2]As its own sub-private key, based on the sub-private key D2And the received partial public key P1Calculating complete public key P ═ D2[*](P1+G)+P1;
If P is O, regenerating a random number, otherwise, disclosing P as a complete public key, wherein O is an infinite point of the elliptic curve E;
or the calculation method of the complete public key comprises the following steps:
the second party generates a random number D2∈[1,n-2]As its own sub-private key, based on the sub-private key D2Calculating a partial public key P2=D2[*]G, wherein G is the base point of the SM2 algorithm elliptic curve E shared by the two communication parties, n is the order of the base point [. X [ ]]Represents a dot product operation on the elliptic curve E;
the first communication party generates a random number D1∈[1,n-2]As its own sub-private key, based on the sub-private key D1And the received partial public key P2Calculating complete public key P ═ D1[*](P2+G)+P2;
If P ═ O, then the random number is regenerated, otherwise P is published as the complete public key, where O is the infinity point of the elliptic curve E.
8. The two-party cooperative decryption method based on the SM2 algorithm of claim 7, wherein the extracting, by the first communication party, the first part of the ciphertext from the obtained ciphertext, and sending the first part of the ciphertext to the second communication party specifically includes:
the first communication party slave cipher text C ═ C1||C3||C2Extract the first part of the ciphertext C1And C is1Is converted into a point on the elliptic curve E, and C is judged1If the point is not the infinite point, if so, C is added1To a second communication party, where C1、C3、C2Is a bit string.
9. The two-party cooperative decryption method based on the SM2 algorithm of claim 8, wherein the calculation formula for the second communication party to obtain the partial ciphertext is as follows: t ═ D2[*]C1。
10. The two-party cooperative decryption method based on the SM2 algorithm of claim 9, wherein the specific process of the first communication party completely decrypting the ciphertext according to its own sub-private key and the received partial ciphertext to obtain a complete plaintext and outputting the complete plaintext is as follows:
first communication partner calculates D1[*]C1+(1+D1)[*]T=(x2,y2) And will coordinate x2,y2Converting into a bit string;
the first communication partner calculates t ═ KDF (x)2||y2Klen), if t is an all-zero bit string, reporting an error and exiting, where KDF () represents a predetermined key derivation function, and klen represents the length of key data to be obtained;
if t ≠ 0, the first communication party follows the ciphertext C ═ C1||C3||C2Extract the second part of the ciphertext C2Calculating the complete plaintext M ═ C2⊕t;
The first communication party calculates u ═ H (x)2||M”||y2) From the ciphertext C ═ C1||C3||C2Extract a third portion of ciphertext C3If u ≠ C3If not, the complete plaintext M' is output.
11. A two-party collaborative signing system based on SM2 algorithm, comprising a first communication party and a second communication party, the first and second communication parties being communicatively connected, the two-party collaborative signing system being configured to perform the two-party collaborative signing method based on SM2 algorithm as recited in any one of claims 1-5.
12. A two-party cooperative decryption system based on SM2 algorithm, comprising a first communication party and a second communication party, the first communication party and the second communication party being communicatively connected, the two-party cooperative decryption system being configured to perform the two-party cooperative decryption method based on SM2 algorithm of any one of claims 6 to 10.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110994073.7A CN113849831A (en) | 2021-08-27 | 2021-08-27 | Two-party collaborative signature and decryption method and system based on SM2 algorithm |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110994073.7A CN113849831A (en) | 2021-08-27 | 2021-08-27 | Two-party collaborative signature and decryption method and system based on SM2 algorithm |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113849831A true CN113849831A (en) | 2021-12-28 |
Family
ID=78976281
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110994073.7A Pending CN113849831A (en) | 2021-08-27 | 2021-08-27 | Two-party collaborative signature and decryption method and system based on SM2 algorithm |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113849831A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115314205A (en) * | 2022-10-11 | 2022-11-08 | 中安网脉(北京)技术股份有限公司 | Collaborative signature system and method based on key segmentation |
-
2021
- 2021-08-27 CN CN202110994073.7A patent/CN113849831A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115314205A (en) * | 2022-10-11 | 2022-11-08 | 中安网脉(北京)技术股份有限公司 | Collaborative signature system and method based on key segmentation |
CN115314205B (en) * | 2022-10-11 | 2023-01-03 | 中安网脉(北京)技术股份有限公司 | Collaborative signature system and method based on key segmentation |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109088726B (en) | SM2 algorithm-based collaborative signing and decrypting method and system for two communication parties | |
CN108667626B (en) | Secure two-party collaboration SM2 signature method | |
CN107196763B (en) | SM2 algorithm collaborative signature and decryption method, device and system | |
CN108768607B (en) | Voting method, device, equipment and medium based on block chain | |
CN104243456B (en) | Suitable for signature of the cloud computing based on SM2 algorithms and decryption method and system | |
CN109309569B (en) | SM2 algorithm-based collaborative signature method and device and storage medium | |
CN108418686B (en) | Multi-distributed SM9 decryption method and medium, and key generation method and medium | |
CN111314089B (en) | SM 2-based two-party collaborative signature method and decryption method | |
CN111049650B (en) | SM2 algorithm-based collaborative decryption method, device, system and medium | |
Li et al. | Anonymity enhancement on robust and efficient password-authenticated key agreement using smart cards | |
CN107395368B (en) | Digital signature method, decapsulation method and decryption method in media-free environment | |
CN108667625B (en) | Digital signature method of cooperative SM2 | |
CN111130804B (en) | SM2 algorithm-based collaborative signature method, device, system and medium | |
Khader et al. | Preventing man-in-the-middle attack in Diffie-Hellman key exchange protocol | |
US11223486B2 (en) | Digital signature method, device, and system | |
CN109450640B (en) | SM 2-based two-party signature method and system | |
WO2014205570A1 (en) | Key agreement protocol | |
CN111030801A (en) | Multi-party distributed SM9 key generation and ciphertext decryption method and medium | |
CN110855425A (en) | Lightweight multiparty cooperative SM9 key generation and ciphertext decryption method and medium | |
CN113162773A (en) | Heterogeneous blind signcryption method capable of proving safety | |
CN113132104A (en) | Active and safe ECDSA (electronic signature SA) digital signature two-party generation method | |
Zhang et al. | Robust and efficient password authenticated key agreement with user anonymity for session initiation protocol‐based communications | |
CN114070549B (en) | Key generation method, device, equipment and storage medium | |
CN113849831A (en) | Two-party collaborative signature and decryption method and system based on SM2 algorithm | |
CN115361109B (en) | Homomorphic encryption method supporting bidirectional proxy re-encryption |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |