CN113904777A - Signcryption method based on SM2 digital signature algorithm - Google Patents
Signcryption method based on SM2 digital signature algorithm Download PDFInfo
- Publication number
- CN113904777A CN113904777A CN202111110965.2A CN202111110965A CN113904777A CN 113904777 A CN113904777 A CN 113904777A CN 202111110965 A CN202111110965 A CN 202111110965A CN 113904777 A CN113904777 A CN 113904777A
- Authority
- CN
- China
- Prior art keywords
- calculating
- elliptic curve
- signcryption
- algorithm
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3252—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Algebra (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a signing and encrypting method based on SM2 digital signature algorithm, which is based on domestic commercial cipher algorithm and comprises four algorithms of initialization algorithm, secret key generation algorithm, signing and encrypting algorithm and signing and decrypting algorithm, thereby realizing autonomous control of data storage and sharing, promoting the application of domestic commercial cipher algorithm, realizing data storage and sharing which can prove safe in the environments of cloud computing, Internet of things, block chain and the like, meeting the safety requirements of confidentiality, authentication, integrity, unforgeability and the like of transmitted information, and simultaneously meeting the compliance requirement of domestic commercial cipher application.
Description
Technical Field
The invention relates to the field of computers, in particular to a signcryption method based on an SM2 digital signature algorithm.
Background
The signcryption is an important cryptology primitive, can simultaneously complete two functions of digital signature and encryption in a reasonable logic step, has higher efficiency than a scheme of firstly encrypting and then signing, and can simultaneously realize data confidentiality and integrity protection. The SM2 algorithm is an elliptic curve public key cryptographic algorithm released by the national crypto authority in 2010, and includes a digital signature algorithm, a key exchange protocol and a public key encryption algorithm. The SM2 algorithm has become the standard GM/T0003.2-2012 of the public key algorithm in China, and enters the international standard ISO/IEC 14888-3: 2016, it has important meaning to the information security construction of our country.
With the wide application of technologies such as cloud computing, internet of things, block chaining and the like, security and privacy of data storage and sharing become more and more concerned issues for researchers. Different from the traditional scheme of firstly encrypting and then signing, the signing and encrypting scheme reduces the calculation amount and ciphertext expansion while meeting the security requirements of confidentiality, authentication, unforgeability and the like of data storage and sharing. However, the existing signcryption schemes are designed based on foreign cryptographic algorithms/standards, and the signcryption schemes based on domestic commercial cryptographic algorithms are designed, so that autonomous and controllable data security sharing/transmission is realized.
Disclosure of Invention
The technical problem of the invention is mainly solved by the following technical scheme:
a signcryption method based on SM2 digital signature algorithm is characterized by comprising the following steps:
the method comprises the following steps of initialization, wherein an administrator defines an elliptic curve, a plurality of hash functions and two prime numbers, generates a generation element with an order as one of the prime numbers based on the elliptic curve, and finally outputs a system function with parameters of the generation element, the two prime numbers, the hash functions and the elliptic curve;
a step of generating a secret key, in which a sender generates a random number and a sender public key containing a generator; the receiver generates a random number and a receiver public key containing a generator;
a signing and encrypting step, namely calculating and outputting a signing and encrypting ciphertext containing the elliptic parameter, the plaintext data, the sender private key, the receiver public key and the random number according to the given plaintext data, the sender private key and the random number;
and (3) a decryption step: and the decryption user sends a decryption request, calculates partial parameters in the signcryption text and verifies the partial parameters, and if the partial parameters pass the verification, the clear text data is output, otherwise, the decryption request is rejected.
In the foregoing signcryption method based on the SM2 digital signature algorithm, the initialization step specifically includes:
step 2.1, selecting the length l as large prime numbers p and q;
step 2.2, selecting and defining in a finite field FpUpper elliptic curve E: y2=x3+a·x+bmodq;
Step 2.3, selecting a generator G with the order q on the elliptic curve E;
step 2.5, outputting system parameter params ═ { p, q, a, b, G, H0,H1,H2};
In the foregoing signcryption method based on the SM2 digital signature algorithm, the key generation step specifically includes:
Step 3.3, sender calculates public key PS=dS·G;
Step 3.4, the receiver calculates the public key PR=dR·G。
In the foregoing signcryption method based on the SM2 digital signature algorithm, the signcryption step specifically includes:
Step 4.2, calculating elliptic curve point T1=k·G=(x1,y1);
Step 4.3, calculating elliptic curve point T2=k·PR;
Step 4.4, calculating the hash value ZS=H0(ENTLS||IDS||a||b||PS);
Step 4.6, calculating the hash value e ═ H2(ZS||c);
Step 4.7, calculate integer r ═ e + x1mod q;
Step 4.8, calculate integer s ═ 1+ dS)-1·(k-r·dS)mod q;
And 4.9, outputting the signed cipher text CT (c, r, s).
In the foregoing signcryption method based on the SM2 digital signature algorithm, the step of unfastening specifically includes:
step 5.1, calculating the hash value ZS=H0(ENTLS||IDS||a||b||PS);
Step 5.2, calculating the hash value e ═ H2(ZS||c);
Step 5.3, calculating an integer t ═ r + smod q;
step 5.4, calculating an elliptic curve point T1=s·G+t·PS=(x1,y1);
Step 5.5, verify the equation r ═ e + x1Whether mod q is true or not, if not, rejecting the message and terminating;
step 5.6, calculating elliptic curve point T2=dR·T1;
Compared with the prior art, the invention has the following advantages and beneficial effects: at present, the signcryption scheme is designed by adopting foreign cryptographic algorithms/standards, and domestic commercial cryptographic algorithms are not applied to the design of the signcryption scheme. In the signcryption scheme designed by the invention, based on an SM2 digital signature algorithm, the autonomous and controllable data security storage and sharing under the environments of cloud computing, the Internet of things, a block chain and the like are realized, the security requirements of confidentiality, authentication, integrity, non-forgeability and the like of transmission information are met, and the requirement of the application compliance of domestic commercial passwords is met.
Drawings
FIG. 1 is a flow chart of a method of the present invention.
Detailed Description
The technical scheme of the invention is further specifically described by the following embodiments and the accompanying drawings.
Example (b):
first, the symbols and definitions related to the present embodiment will be explained
q: big prime number
Fq: a finite field containing q elements.
a,b:FqThe elements in (1), which define FqAn elliptic curve E above.
E(Fq):FqThe set of all rational points of the upper elliptic curve E, including the point of infinity O.
#E(Fq):E(Fq) The number of points, called elliptic curve E (F)q) The order of (a).
O: a particular point on the elliptic curve is called the infinity point or the null point.
H (·): a secure cryptographic hash function, such as the SM3 algorithm.
M: a message value.
n: the message length.
L |: and (5) splicing bit strings.
The scheme comprises four algorithms: an initialization algorithm, a key generation algorithm, a signcryption algorithm, and a signcryption algorithm.
Initialization algorithm Setup: the system administrator executes the following algorithm to generate system parameters.
1) Selecting the length l as large prime numbers p and q;
2) selection is defined in a finite field FpUpper elliptic curve E: y2=x3+a·x+bmodq;
3) Selecting a generator G with the order q on the elliptic curve E;
5) output system parameter params ═ { p, q, a, b, G, H0,H1,H2};
Key generation algorithm KeyGen: the sender and the receiver respectively execute the algorithm to generate respective public and private keys.
2) Sender calculates public key PS=dS·G;
4) The receiver calculates the public key PR=dR·G;
Signcrypt algorithm Signcrypt: given plaintext data M e {0,1}nRecipient public key PRAnd sender private key dSExecuting the following operation steps:
2) Calculating elliptic curve point T1=k·G=(x1,y1);
3) Calculating elliptic curve point T2=k·PR;
4) Computing a hash value ZS=H0(ENTLS||IDS||a||b||PS);
6) Calculating the hash value e ═ H2(ZS||c);
7) Calculating the integer r ═ e + x1mod q;
8) Calculating the integer s ═ 1+ dS)-1·(k-r·dS)mod q;
9) Outputting a signcryption ciphertext CT ═ c, r, s;
the Unsigncrypt algorithm Unsigncrypt: in order to decrypt and verify the signed cipher text CT ═ c, r, s, the decryption user performs the following operation steps:
1) computing a hash value ZS=H0(ENTLS||IDS||a||b||PS);
2) Calculating the hash value e ═ H2(ZS||c);
3) Calculating an integer t ═ r + smod q;
4) calculating elliptic curve point T1=s·G+t·PS=(x1,y1);
5) Verify equation r ═ e + x1Whether mod q is true or not, if not, rejecting the message and terminating;
6) calculating elliptic curve point T2=dR·T1;
The specific embodiments described herein are merely illustrative of the spirit of the invention. Various modifications or additions may be made to the described embodiments or alternatives may be employed by those skilled in the art without departing from the spirit or ambit of the invention as defined in the appended claims.
Claims (5)
1. A signcryption method based on SM2 digital signature algorithm is characterized by comprising the following steps:
the method comprises the following steps of initialization, wherein an administrator defines an elliptic curve, a plurality of hash functions and two prime numbers, generates a generation element with an order as one of the prime numbers based on the elliptic curve, and finally outputs a system function with parameters of the generation element, the two prime numbers, the hash functions and the elliptic curve;
a step of generating a secret key, in which a sender generates a random number and a sender public key containing a generator; the receiver generates a random number and a receiver public key containing a generator;
a signing and encrypting step, namely calculating and outputting a signing and encrypting ciphertext containing the elliptic parameter, the plaintext data, the sender private key, the receiver public key and the random number according to the given plaintext data, the sender private key and the random number;
and (3) a decryption step: and the decryption user sends a decryption request, calculates partial parameters in the signcryption text and verifies the partial parameters, and if the partial parameters pass the verification, the clear text data is output, otherwise, the decryption request is rejected.
2. The signcryption method based on the SM2 digital signature algorithm as claimed in claim 1, wherein the initialization step specifically comprises:
step 2.1, selecting the length l as large prime numbers p and q;
step 2.2, selecting and defining in a finite field FpUpper elliptic curve E: y2=x3+a·x+bmodq;
Step 2.3, selecting a generator G with the order q on the elliptic curve E;
step 2.5, outputting system parameter params ═ { p, q, a, b, G, H0,H1,H2}。
3. The signcryption method based on the SM2 digital signature algorithm of claim 1, wherein the key generation step specifically includes:
Step 3.3, sender calculates public key PS=dS·G;
Step 3.4, the receiver calculates the public key PR=dR·G。
4. The signcryption method based on the SM2 digital signature algorithm of claim 1, wherein the signcryption step specifically includes:
Step 4.2, calculating elliptic curve point T1=k·G=(x1,y1);
Step 4.3, calculating elliptic curve point T2=k·PR;
Step 4.4, calculating the hash value ZS=H0(ENTLS||IDS||a||b||PS);
Step 4.6, calculating the hash value e ═ H2(ZS||c);
Step 4.7, calculate integer r ═ e + x1mod q;
Step 4.8, calculate integer s ═ 1+ dS)-1·(k-r·dS)mod q;
And 4.9, outputting the signed cipher text CT (c, r, s).
5. The signcryption method based on the SM2 digital signature algorithm of claim 1, wherein the signcryption step specifically includes:
step 5.1, calculating the hash value ZS=H0(ENTLS||IDS||a||b||PS);
Step 5.2, calculating the hash value e ═ H2(ZS||c);
Step 5.3, calculating an integer t ═ r + smod q;
step 5.4, calculating an elliptic curve point T1=s·G+t·PS=(x1,y1);
Step 5.5, verify the equation r ═ e + x1Whether mod q is true or not, if not, rejecting the message and terminating;
step 5.6, calculating the elliptic curveLine point T2=dR·T1;
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111110965.2A CN113904777B (en) | 2021-09-23 | 2021-09-23 | SM2 digital signature algorithm-based signcryption method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111110965.2A CN113904777B (en) | 2021-09-23 | 2021-09-23 | SM2 digital signature algorithm-based signcryption method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113904777A true CN113904777A (en) | 2022-01-07 |
CN113904777B CN113904777B (en) | 2023-10-03 |
Family
ID=79028863
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111110965.2A Active CN113904777B (en) | 2021-09-23 | 2021-09-23 | SM2 digital signature algorithm-based signcryption method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113904777B (en) |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001166687A (en) * | 1999-09-29 | 2001-06-22 | Hitachi Software Eng Co Ltd | Group signature generating method and system |
CN104811302A (en) * | 2015-05-15 | 2015-07-29 | 陕西师范大学 | Oval curve mixing signcryption method based on certificateless effect |
CN107196763A (en) * | 2017-07-06 | 2017-09-22 | 数安时代科技股份有限公司 | SM2 algorithms collaboration signature and decryption method, device and system |
CN107612680A (en) * | 2017-09-14 | 2018-01-19 | 哈尔滨理工大学 | A kind of national secret algorithm in mobile network's payment |
WO2018119670A1 (en) * | 2016-12-27 | 2018-07-05 | 深圳大学 | Method and device for certificateless partially blind signature |
CN110365487A (en) * | 2019-07-19 | 2019-10-22 | 北京向芯力科技有限公司 | A kind of collaboration endorsement method and device based on SM2 algorithm |
CN112118111A (en) * | 2020-09-04 | 2020-12-22 | 中国科学院大学 | SM2 digital signature method suitable for threshold calculation |
CN112367175A (en) * | 2020-11-12 | 2021-02-12 | 西安电子科技大学 | Implicit certificate key generation method based on SM2 digital signature |
CN113055161A (en) * | 2021-03-09 | 2021-06-29 | 武汉大学 | Mobile terminal authentication method and system based on SM2 and SM9 digital signature algorithms |
-
2021
- 2021-09-23 CN CN202111110965.2A patent/CN113904777B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001166687A (en) * | 1999-09-29 | 2001-06-22 | Hitachi Software Eng Co Ltd | Group signature generating method and system |
CN104811302A (en) * | 2015-05-15 | 2015-07-29 | 陕西师范大学 | Oval curve mixing signcryption method based on certificateless effect |
WO2018119670A1 (en) * | 2016-12-27 | 2018-07-05 | 深圳大学 | Method and device for certificateless partially blind signature |
CN107196763A (en) * | 2017-07-06 | 2017-09-22 | 数安时代科技股份有限公司 | SM2 algorithms collaboration signature and decryption method, device and system |
CN107612680A (en) * | 2017-09-14 | 2018-01-19 | 哈尔滨理工大学 | A kind of national secret algorithm in mobile network's payment |
CN110365487A (en) * | 2019-07-19 | 2019-10-22 | 北京向芯力科技有限公司 | A kind of collaboration endorsement method and device based on SM2 algorithm |
CN112118111A (en) * | 2020-09-04 | 2020-12-22 | 中国科学院大学 | SM2 digital signature method suitable for threshold calculation |
CN112367175A (en) * | 2020-11-12 | 2021-02-12 | 西安电子科技大学 | Implicit certificate key generation method based on SM2 digital signature |
CN113055161A (en) * | 2021-03-09 | 2021-06-29 | 武汉大学 | Mobile terminal authentication method and system based on SM2 and SM9 digital signature algorithms |
Non-Patent Citations (1)
Title |
---|
冯琦等: "移动互联网环境下轻量级SM2两方协同签名", 计算机研究与发展, no. 10, pages 130 - 140 * |
Also Published As
Publication number | Publication date |
---|---|
CN113904777B (en) | 2023-10-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108173639B (en) | Two-party cooperative signature method based on SM9 signature algorithm | |
CN103647642B (en) | A kind of based on certification agency re-encryption method and system | |
JP4809598B2 (en) | Use of isojani in the design of cryptographic systems | |
CN110830236B (en) | Identity-based encryption method based on global hash | |
CN110120939B (en) | Encryption method and system capable of repudiation authentication based on heterogeneous system | |
CN109462481B (en) | Secret signcryption method based on asymmetric bilinear pairings | |
US20080052521A1 (en) | Hierarchical identity-based encryption and signature schemes | |
CN109995509B (en) | Authentication key exchange method based on message recovery signature | |
CN110113150B (en) | Encryption method and system based on non-certificate environment and capable of repudiation authentication | |
JP2003298568A (en) | Authenticated identification-based cryptosystem with no key escrow | |
CN109274502B (en) | Method and device for creating public key encryption and key signature and readable storage medium | |
CN109873699B (en) | Revocable identity public key encryption method | |
CN104767611B (en) | It is a kind of from PKIX environment to the label decryption method without certificate environment | |
CN110535626B (en) | Secret communication method and system for identity-based quantum communication service station | |
CN106713349B (en) | Inter-group proxy re-encryption method capable of resisting attack of selecting cipher text | |
CN107086912B (en) | Ciphertext conversion method, decryption method and system in heterogeneous storage system | |
CN113285959A (en) | Mail encryption method, decryption method and encryption and decryption system | |
CN114065247A (en) | Quantum digital mixed signcryption method | |
CN110932863B (en) | Generalized signcryption method based on coding | |
Aydos et al. | Implementing network security protocols based on elliptic curve cryptography | |
CN112511310B (en) | Confusion method for encrypted identity blind signature | |
Amounas et al. | An efficient signcryption scheme based on the elliptic curve discrete logarithm problem | |
CN113904777B (en) | SM2 digital signature algorithm-based signcryption method | |
Shah et al. | Efficient Cryptography for data security | |
CN112733176A (en) | Identification password encryption method based on global hash |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |