CN113904777B - SM2 digital signature algorithm-based signcryption method - Google Patents
SM2 digital signature algorithm-based signcryption method Download PDFInfo
- Publication number
- CN113904777B CN113904777B CN202111110965.2A CN202111110965A CN113904777B CN 113904777 B CN113904777 B CN 113904777B CN 202111110965 A CN202111110965 A CN 202111110965A CN 113904777 B CN113904777 B CN 113904777B
- Authority
- CN
- China
- Prior art keywords
- calculating
- random number
- elliptic curve
- signcryption
- algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3252—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Algebra (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a signcryption method based on SM2 digital signature algorithm, which is based on domestic commercial cipher algorithm and comprises four algorithms of initializing algorithm, key generating algorithm, signcryption algorithm and signcryption algorithm, thereby realizing autonomous and controllable data storage and sharing, promoting the application of domestic commercial cipher algorithm, realizing the data storage and sharing which can prove safe under the environments of cloud computing, internet of things, blockchain and the like, meeting the security requirements of confidentiality, authentication, integrity, non-counterfeitability and the like of transmitted information, and simultaneously meeting the compliance requirements of domestic commercial cipher application.
Description
Technical Field
The invention relates to the field of computers, in particular to a signcryption method based on an SM2 digital signature algorithm.
Background
The signcryption is an important cryptography primitive, can simultaneously complete two functions of digital signature and encryption in a reasonable logic step, has higher efficiency than a scheme of encryption before signature, and can simultaneously realize data confidentiality and integrity protection. The SM2 algorithm is an elliptic curve public key cryptographic algorithm, and includes a digital signature algorithm, a key exchange protocol and a public key encryption algorithm. The SM2 algorithm has become a national public key algorithm standard GM/T0003.2-2012 and enters an international standard ISO/IEC 14888-3:2016, the method has important significance for information security establishment in China.
With the wide application of technologies such as cloud computing, internet of things, blockchain, etc., security and privacy of data storage and sharing have become an increasingly focused issue for researchers. Unlike traditional encryption-before-signature schemes, the signcryption scheme reduces the amount of computation and ciphertext expansion while meeting the security requirements of confidentiality, authentication, non-counterfeitability and the like of data storage and sharing. However, the design of the existing signcryption schemes is based on foreign cryptographic algorithms/standards, and the design of the signcryption schemes based on domestic commercial cryptographic algorithms, so as to realize autonomous and controllable data security sharing/transmission, is a problem to be solved.
Disclosure of Invention
The technical problems of the invention are mainly solved by the following technical proposal:
a signcryption method based on an SM2 digital signature algorithm, comprising:
an administrator defines an elliptic curve, a plurality of hash functions and two prime numbers, generates a generating element with one order as one prime number based on the elliptic curve, and finally outputs a system function with parameters in the generating element, the two prime numbers, the hash functions and the elliptic curve;
a step of generating a secret key, in which a sender generates a random number and a sender public key containing a generator; the receiver generates a random number and a receiver public key containing the generator;
a signcryption step of calculating and outputting a signcryption text comprising elliptic parameters, plaintext data, a sender private key, a receiver public key and a random number according to given plaintext data, a sender private key and a random number;
and (3) a decryption step: and the decryption user sends out a decryption request, calculates partial parameters in the signcryption and verifies, and outputs clear text data if the verification is passed, otherwise, refuses the decryption request.
The above-mentioned signcryption method based on SM2 digital signature algorithm, the initialization step specifically includes:
step 2.1, selecting the length l as a large prime number p and q;
step 2.2, selecting the definition in finite field F p Elliptic curve E: y 2 =x 3 +a·x+bmodq;
Step 2.3, selecting a generator G with the order q on the elliptic curve E;
step 2.4, selecting 3 hash functions H 0 :{0,1} * →{0,1} 256 ,H 1 :{0,1} * →{0,1} n And
step 2.5, outputting system parameters params= { p, q, a, b, G, H 0 ,H 1 ,H 2 };
In the above-mentioned signcryption method based on SM2 digital signature algorithm, the key generation step specifically includes:
step 3.1, the sender generates a random number with a random number generator
Step 3.3 sender computes public Key P S =d S ·G;
Step 3.3, the receiver generates a random number using a random number generator
Step 3.4, the receiver calculates the public key P R =d R ·G。
The signcryption method based on the SM2 digital signature algorithm specifically comprises the following steps:
step 4.1, generating random number by random number generator
Step 4.2, calculating elliptic curve point T 1 =k·G=(x 1 ,y 1 );
Step 4.3, calculating elliptic curve point T 2 =k·P R ;
Step 4.4, calculating the hash value Z S =H 0 (ENTL S ||ID S ||a||b||P S );
Step 4.5, calculating bit string
Step 4.6, calculating the hash value e=h 2 (Z S ||c);
Step 4.7, calculating the integer r=e+x 1 mod q;
Step 4.8, calculating the integer s= (1+d) S ) -1 ·(k-r·d S )mod q;
Step 4.9, outputting the signcrypt text ct= (c, r, s).
The signature method based on the SM2 digital signature algorithm specifically comprises the following steps:
step 5.1, calculating the hash value Z S =H 0 (ENTL S ||ID S ||a||b||P S );
Step 5.2, calculating the hash value e=h 2 (Z S ||c);
Step 5.3, calculating an integer t=r+smod q;
step 5.4, calculating elliptic curve point T 1 =s·G+t·P S =(x 1 ,y 1 );
Step 5.5, verification equation r=e+x 1 Whether mod q is true, if not, rejecting the message, and terminating;
step 5.6, calculating elliptic curve point T 2 =d R ·T 1 ;
Step 5.7, calculating and outputting the plaintext data
Compared with the prior art, the invention has the following advantages and beneficial effects: at present, the design of the signcryption scheme adopts foreign password algorithms/standards, and the domestic commercial password algorithm has not been applied to the design of the signcryption scheme. In the signature scheme designed by the invention, based on an SM2 digital signature algorithm, autonomous and controllable data safe storage and sharing under the environments of cloud computing, the Internet of things, block chains and the like are realized, the security requirements of confidentiality, authentication, integrity, non-counterfeitability and the like of transmission information are met, and the compliance requirements of domestic and commercial password application are met.
Drawings
Fig. 1 is a flow chart of a method of the present invention.
Detailed Description
The technical scheme of the invention is further specifically described below through examples and with reference to the accompanying drawings.
Examples:
1. first, the symbols and definitions according to the present embodiment will be explained
q: large prime number
F q : a finite field containing q elements.
a,b:F q Elements of (a) defining F q An elliptic curve E.
E(F q ):F q The set of all rational points of the upper elliptic curve E, including the infinity point O.
#E(F q ):E(F q ) The number of upper points, called elliptic curve E (F q ) Is a step of (a).
O: a particular point on the elliptic curve is called the infinity point or zero point.
A cyclic group containing all points of the elliptic curve E and infinity points.
G: group ofIs a generator of (1).
H (.): secure cryptographic hash functions such as SM3 algorithm.
M: message value.
n: message length.
I: and splicing bit strings.
2. The scheme comprises four algorithms: initializing algorithm, key generation algorithm, signcryption algorithm and decryption algorithm.
Initializing an algorithm Setup: the system administrator executes the following algorithm to generate the system parameters.
1) Selecting the length l as a large prime number p and q;
2) The selection is defined in a finite field F p Elliptic curve E: y 2 =x 3 +a·x+bmodq;
3) Selecting a generator G with the order q on an elliptic curve E;
4) Selecting 3 hash functions H 0 :{0,1} * →{0,1} 256 ,H 1 :{0,1} * →{0,1} n And
5) Outputting system parameters params= { p, q, a, b, G, H 0 ,H 1 ,H 2 };
Key generation algorithm KeyGen: the sender and the receiver execute the algorithm to generate respective public and private keys.
1) Sender generates random numbers using a random number generator
2) Sender calculates public key P S =d S ·G;
3) Random number generator for generating random number by receiver
4) The receiver calculates the public key P R =d R ·G;
The signcryption algorithm Signcrypt: given plaintext data M ε {0,1} n Receiver public key P R And sender private key d S The following operation steps are executed:
1) Random number generation by random number generator
2) Calculating elliptic curve point T 1 =k·G=(x 1 ,y 1 );
3) Calculating elliptic curve point T 2 =k·P R ;
4) Computing hash value Z S =H 0 (ENTL S ||ID S ||a||b||P S );
5) Calculating bit strings
6) Calculating a hash value e=h 2 (Z S ||c);
7) Calculating the integer r=e+x 1 mod q;
8) Calculate the integer s= (1+d) S ) -1 ·(k-r·d S )mod q;
9) Output signcrypt text ct= (c, r, s);
the decryption algorithm un signncrypt: in order to decrypt and verify the signcryption ciphertext ct= (c, r, s), the decrypting user performs the following operation steps:
1) Computing hash value Z S =H 0 (ENTL S ||ID S ||a||b||P S );
2) Calculating a hash value e=h 2 (Z S ||c);
3) Calculating an integer t=r+smod q;
4) Calculating elliptic curve point T 1 =s·G+t·P S =(x 1 ,y 1 );
5) Verification equation r=e+x 1 Whether mod q is true, if not, rejecting the message, and terminating;
6) Calculating elliptic curve point T 2 =d R ·T 1 ;
7) Calculate and output plaintext data
The specific embodiments described herein are offered by way of example only to illustrate the spirit of the invention. Those skilled in the art may make various modifications or additions to the described embodiments or substitutions thereof without departing from the spirit of the invention or exceeding the scope of the invention as defined in the accompanying claims.
Claims (2)
1. A signcryption method based on an SM2 digital signature algorithm, comprising:
an administrator defines an elliptic curve, a plurality of hash functions and two prime numbers, generates a generating element with one order as one prime number based on the elliptic curve, and finally outputs a system function with parameters in the generating element, the two prime numbers, the hash functions and the elliptic curve; the initialization step specifically comprises the following steps:
step 2.1, selecting the length l as a large prime number p and q;
step 2.2, selecting the definition in finite field F p Elliptic curve E: y 2 =x 3 +a·x+bmodq;
Step 2.3, selecting a generator G with the order q on the elliptic curve E;
step 2.4, selecting 3 hash functions H 0 :{0,1} * →{0,1} 256 ,H 1 :{0,1} * →{0,1} n And
step 2.5, outputting system parameters params= { p, q, a, b, G, H 0 ,H 1 ,H 2 };
A step of generating a secret key, in which a sender generates a random number and a sender public key containing a generator; the receiver generates a random number and a receiver public key containing the generator; the key generation step specifically comprises the following steps:
step 3.1, the sender generates a random number with a random number generator
Step 3.3 sender computes public Key P S =d S ·G;
Step 3.3, the receiver generates a random number using a random number generator
Step 3.4, the receiver calculates the public key P R =d R ·G;
A signcryption step of calculating and outputting a signcryption text comprising elliptic parameters, plaintext data, a sender private key, a receiver public key and a random number according to given plaintext data, a sender private key and a random number; the signcryption step specifically comprises the following steps:
step 4.1, generating random number by random number generator
Step 4.2, calculating elliptic curve point T 1 =k·G=(x 1 ,y 1 );
Step 4.3, calculating elliptic curve point T 2 =k·P R ;
Step 4.4, calculating the hash value Z S =H 0 (ENTL S ||ID S ||a||b||P S );
Step 4.5, calculating bit string
Step 4.6, calculating the hash value e=h 2 (Z S ||c);
Step 4.7, calculating the integer r=e+x 1 mod q;
Step 4.8, calculating the integer s= (1+d) S ) -1 ·(k-r·d S )mod q;
Step 4.9, outputting a signcrypt text ct= (c, r, s);
and (3) a decryption step: and the decryption user sends out a decryption request, calculates partial parameters in the signcryption and verifies, and outputs clear text data if the verification is passed, otherwise, refuses the decryption request.
2. The method for decrypting the signature based on the SM2 digital signature algorithm as recited in claim 1, wherein the step of decrypting the signature specifically comprises:
step 5.1, calculating the hash value Z S =H 0 (ENTL S ||ID S ||a||b||P S );
Step 5.2,Calculating a hash value e=h 2 (Z S ||c);
Step 5.3, calculating an integer t=r+smod q;
step 5.4, calculating elliptic curve point T 1 =s·G+t·P S =(x 1 ,y 1 );
Step 5.5, verification equation r=e+x 1 Whether mod q is true, if not, rejecting the message, and terminating;
step 5.6, calculating elliptic curve point T 2 =d R ·T 1 ;
Step 5.7, calculating and outputting the plaintext data
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111110965.2A CN113904777B (en) | 2021-09-23 | 2021-09-23 | SM2 digital signature algorithm-based signcryption method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111110965.2A CN113904777B (en) | 2021-09-23 | 2021-09-23 | SM2 digital signature algorithm-based signcryption method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113904777A CN113904777A (en) | 2022-01-07 |
CN113904777B true CN113904777B (en) | 2023-10-03 |
Family
ID=79028863
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111110965.2A Active CN113904777B (en) | 2021-09-23 | 2021-09-23 | SM2 digital signature algorithm-based signcryption method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113904777B (en) |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001166687A (en) * | 1999-09-29 | 2001-06-22 | Hitachi Software Eng Co Ltd | Group signature generating method and system |
CN104811302A (en) * | 2015-05-15 | 2015-07-29 | 陕西师范大学 | Oval curve mixing signcryption method based on certificateless effect |
CN107196763A (en) * | 2017-07-06 | 2017-09-22 | 数安时代科技股份有限公司 | SM2 algorithms collaboration signature and decryption method, device and system |
CN107612680A (en) * | 2017-09-14 | 2018-01-19 | 哈尔滨理工大学 | A kind of national secret algorithm in mobile network's payment |
WO2018119670A1 (en) * | 2016-12-27 | 2018-07-05 | 深圳大学 | Method and device for certificateless partially blind signature |
CN110365487A (en) * | 2019-07-19 | 2019-10-22 | 北京向芯力科技有限公司 | A kind of collaboration endorsement method and device based on SM2 algorithm |
CN112118111A (en) * | 2020-09-04 | 2020-12-22 | 中国科学院大学 | SM2 digital signature method suitable for threshold calculation |
CN112367175A (en) * | 2020-11-12 | 2021-02-12 | 西安电子科技大学 | Implicit certificate key generation method based on SM2 digital signature |
CN113055161A (en) * | 2021-03-09 | 2021-06-29 | 武汉大学 | Mobile terminal authentication method and system based on SM2 and SM9 digital signature algorithms |
-
2021
- 2021-09-23 CN CN202111110965.2A patent/CN113904777B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001166687A (en) * | 1999-09-29 | 2001-06-22 | Hitachi Software Eng Co Ltd | Group signature generating method and system |
CN104811302A (en) * | 2015-05-15 | 2015-07-29 | 陕西师范大学 | Oval curve mixing signcryption method based on certificateless effect |
WO2018119670A1 (en) * | 2016-12-27 | 2018-07-05 | 深圳大学 | Method and device for certificateless partially blind signature |
CN107196763A (en) * | 2017-07-06 | 2017-09-22 | 数安时代科技股份有限公司 | SM2 algorithms collaboration signature and decryption method, device and system |
CN107612680A (en) * | 2017-09-14 | 2018-01-19 | 哈尔滨理工大学 | A kind of national secret algorithm in mobile network's payment |
CN110365487A (en) * | 2019-07-19 | 2019-10-22 | 北京向芯力科技有限公司 | A kind of collaboration endorsement method and device based on SM2 algorithm |
CN112118111A (en) * | 2020-09-04 | 2020-12-22 | 中国科学院大学 | SM2 digital signature method suitable for threshold calculation |
CN112367175A (en) * | 2020-11-12 | 2021-02-12 | 西安电子科技大学 | Implicit certificate key generation method based on SM2 digital signature |
CN113055161A (en) * | 2021-03-09 | 2021-06-29 | 武汉大学 | Mobile terminal authentication method and system based on SM2 and SM9 digital signature algorithms |
Non-Patent Citations (1)
Title |
---|
冯琦等.移动互联网环境下轻量级SM2两方协同签名.计算机研究与发展.2020,(10),130-140. * |
Also Published As
Publication number | Publication date |
---|---|
CN113904777A (en) | 2022-01-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108173639B (en) | Two-party cooperative signature method based on SM9 signature algorithm | |
JP4527358B2 (en) | An authenticated individual cryptographic system that does not use key escrow | |
CN111314089B (en) | SM 2-based two-party collaborative signature method and decryption method | |
CN105024994B (en) | Without the safety to computing label decryption method is mixed without certificate | |
CN110830236B (en) | Identity-based encryption method based on global hash | |
CN109462481B (en) | Secret signcryption method based on asymmetric bilinear pairings | |
CN107395368B (en) | Digital signature method, decapsulation method and decryption method in media-free environment | |
CN111106936A (en) | SM 9-based attribute encryption method and system | |
CN110120939B (en) | Encryption method and system capable of repudiation authentication based on heterogeneous system | |
CN110535626B (en) | Secret communication method and system for identity-based quantum communication service station | |
CN114268439B (en) | Identity-based authentication key negotiation method based on grid | |
CN110519226B (en) | Quantum communication server secret communication method and system based on asymmetric key pool and implicit certificate | |
CN113285959A (en) | Mail encryption method, decryption method and encryption and decryption system | |
CN106713349B (en) | Inter-group proxy re-encryption method capable of resisting attack of selecting cipher text | |
CN107086912B (en) | Ciphertext conversion method, decryption method and system in heterogeneous storage system | |
CN111030801A (en) | Multi-party distributed SM9 key generation and ciphertext decryption method and medium | |
CN117879833A (en) | Digital signature generation method based on improved elliptic curve | |
CN113660087A (en) | SM9 identification cryptographic algorithm hardware implementation system based on finite field | |
CN106453253B (en) | A kind of hideing for efficient identity-based signs decryption method | |
CN114065247A (en) | Quantum digital mixed signcryption method | |
CN111756537B (en) | Two-party cooperative decryption method, system and storage medium based on SM2 standard | |
Aydos et al. | Implementing network security protocols based on elliptic curve cryptography | |
CN110224835B (en) | Certificateless identity hiding authentication encryption method | |
CN109981254B (en) | Micro public key encryption and decryption method based on finite lie type group decomposition problem | |
CN113904777B (en) | SM2 digital signature algorithm-based signcryption method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |