CN113918979A - SM2 signature method based on mobile KEY KEY protection technology - Google Patents
SM2 signature method based on mobile KEY KEY protection technology Download PDFInfo
- Publication number
- CN113918979A CN113918979A CN202111273107.XA CN202111273107A CN113918979A CN 113918979 A CN113918979 A CN 113918979A CN 202111273107 A CN202111273107 A CN 202111273107A CN 113918979 A CN113918979 A CN 113918979A
- Authority
- CN
- China
- Prior art keywords
- communication party
- signature
- key
- sub
- party
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/58—Random or pseudo-random number generators
- G06F7/588—Random number generators, i.e. based on natural stochastic processes
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Computational Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Pure & Applied Mathematics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to the technical field of information security, in particular to an SM2 signature method based on a mobile KEY KEY protection technology. The problem that the existing SM2 digital signature method based on two-party cooperation cannot be applied to mobile equipment with limited resources due to high calculation cost and low signature efficiency is solved. The method comprises the processes of system initialization, key generation, collaborative signature and complete signature output, wherein an SM2 signature private key is divided into two parts which are respectively kept by a first communication party and a second communication party, a signature public key and a complete SM2 signature can be generated only by the cooperative calculation of the two communication parties in a key generation stage and a collaborative signature stage, and any party cannot obtain the complete private key and independently output a complete signature. The attacker can be prevented from exporting the complete private key, and the security of the private key is high. Meanwhile, a product secret segmentation technology is adopted in the collaborative signature process, so that the calculation cost is greatly saved, the signature efficiency is improved, and the method can be applied to mobile equipment with limited resources.
Description
Technical Field
The invention relates to the technical field of information security, in particular to an SM2 signature method based on a mobile KEY KEY protection technology.
Background
The SM2 digital signature algorithm is an important component of an elliptic curve cryptography algorithm standard, is used for realizing digital signature, ensuring authenticity of identity, integrity of data, non-repudiation of behavior and the like, is a core technology and a basic support of network space safety, has become an ISO/IEC international standard, and has been widely used for many years in the domestic secret business application field at present.
In recent years, with the increasing perfection of mobile internet and the rapid popularization of intelligent terminals, the traditional internet application is continuously extended and developed to the wireless field, the living habits of people are being changed all around by the mobile application, and the implementation of many applications is completed in the mobile terminal. But the safety problem is increasingly highlighted while the applications of mobile payment, mobile office and the like bring great convenience to users. For example, in identity authentication, digital signature is a main technical means, but if the private signature key is stored completely on the mobile intelligent terminal, an attacker may export the private signature key from the mobile intelligent terminal through various attack means, thereby resulting in insecurity of the whole system.
In order to improve the security of the private key, chinese patent CN108667626A discloses an SM2 digital signature method based on two-party cooperation, but the method adopts zero knowledge proof, homomorphic encryption and other technologies in the cooperative signature process, so that the calculation cost is high, the signature efficiency is low, and the method is not suitable for mobile devices with limited resources.
Disclosure of Invention
The SM2 signature method based on the mobile KEY KEY protection technology has the advantages that the product secret segmentation technology is adopted, the calculation cost is low, the signature efficiency is improved, the method can be applied to mobile equipment with limited resources, and the problem that the existing SM2 digital signature method based on two-party cooperation cannot be applied to the mobile equipment with limited resources due to high calculation cost and low signature efficiency is solved.
The technical scheme of the invention is to provide an SM2 signature method based on a mobile KEY KEY protection technology, which is characterized by comprising the following steps:
step 1, initializing a system;
the first and second communication parties share the elliptic curve parameter E (F) of the SM2 algorithmp) G and n, the elliptic curve E is defined in a finite field FpThe step G represents a base point with the order n on the elliptic curve E, n is a limited positive integer, and the value of each parameter is preset according to the SM2 algorithm;
step 2, generating a secret key;
first correspondent generates a child private key d1And a sub public key P1The second party generates a sub-private key d2And a sub public key P2The first communication party utilizes the sub-public key P of the second communication party2And its own sub-private key d1Negotiating a signature public key P, the second party using the first party's sub-public key P1And its own sub-private key d2Negotiating a signature public key P;
step 3, collaborative signature;
first communication party generates temporary sub-private key k1And a temporary sub public key Q1(ii) a Second party generates temporary child private key k2And a temporary sub public key Q2;
The first communication party and the second communication party cooperate to generate a complete signature (r, s) according to the message M to be signed, the temporary sub public key of the other party, the sub private key of the first communication party and the temporary sub private key of the second communication party respectively;
step 4, outputting a complete signature;
the first party outputs (r, s) as a full signature.
Further, step 2 specifically includes the following steps:
step 2.1, the first communication party generates a sub private key d1And a sub public key P1;
The first communication party generates a message at [1, n-1 ]]Random number d between1D is mixing1As the child private key, there are: d1∈[1,n-1]Calculating d1[*]G, taking the calculation result as a sub public key P1(ii) a Wherein [ ] A]Representing an elliptic curve point multiplication operation;
step 2.2, the second communication party generates the sub private key d2And a sub public key P2;
The second party generates a message at [1, n-1 ]]Random number d between2D is mixing2As a child private key, calculate d2[*]G, taking the calculation result as a sub public key P2;
Step 2.3, the first communication party utilizes the sub public key P of the second communication party2And its own sub-private key d1Negotiating a signature public key P, the second party using the first party's sub-public key P1And its own sub-private key d2Negotiating a signature public key P;
first communication partner calculates d1[*]P2[-]G, using the calculation result as a signature public key P, wherein [ -]Representing an elliptic curve point subtraction operation;
second communication partner calculates d2[*]P1[-]G, the result is taken as the public signature key P.
Further, step 3 specifically includes the following steps:
step 3.1, the first communication party processes the message to be signed;
the first communication party splices the identity Z and the message M which are common to the first communication party and the second communication party to form M ', calculates a hash (M'), and takes the calculation result as e;
step 3.2, the second communication party processes the message to be signed;
the second communication party splices the identity Z and the message M which are common to the second communication party and the first communication party to form M ', calculates a hash (M'), and takes the calculation result as e;
step 3.3, the first communication party generates a temporary sub-private key k1And a temporary sub public key Q1;
The first communication party generates a message at [1, n-1 ]]Random number k between1Will k is1As temporary child private key, calculate k1[*]G, taking the calculation result as a temporary sub public key Q1And Q is1Sending the information to a second communication party;
step 3.4, the second communication party generates a temporary sub private key k2And a temporary sub public key Q2;
The second party generates a message at [1, n-1 ]]Random number k between2Will k is2As temporary child private key, calculate k2[*]G, taking the calculation result as a temporary sub public key Q2And Q is2Sending the information to a first communication party;
step 3.5, the first communication party and the second communication party collaborate to sign;
step 3.51, second communication party calculatesk2[*]Q1Obtaining a calculation result (x)1,y1);
Step 3.52, the second communication party calculates (x) based on the calculation results of step 3.2 and step 3.511+ e) mod n, taking the calculation result as r, wherein mod represents the modulo operation;
step 3.53, the second party generates a message located in [1, n]Random number in between, the generated random number is taken as k3And calculate
And
taking the calculation results as c respectively1And c2Wherein r is the calculation result of step 3.52; c is to1And is sent to the first communication partner, wherein,
denotes d2At FpThe upper inverse element;
step 3.54, the first communication party calculates k1[*]Q2Obtaining a calculation result (x)1,y1);
Step 3.55, the first communication party calculates (x) according to the calculation results of step 3.1 and step 3.541+ e) mod n, taking the calculation result as r;
step 3.56, the first communication party calculates
Taking the calculation result as s1Wherein r is the calculation result of step 3.55; sending s1To the second communication party; wherein the content of the first and second substances,
denotes d1At FpThe upper inverse element;
step 3.57, second communication party calculates
Taking the calculation result as s2(ii) a Sending s2And c2To the first communication party;
step 3.58, the first communication party calculates
A partial signature s is obtained, (r, s) constituting a complete signature.
The invention has the beneficial effects that:
1. the SM2 signature private key is divided into two parts which are respectively kept by a first communication party and a second communication party, a signature public key and a complete SM2 signature can be generated only by the cooperative calculation of the two communication parties in a key generation stage and a cooperative signature stage, and any party can not obtain the complete private key and independently output a complete signature. The attacker can be prevented from exporting the complete private key, and the security of the private key is high.
2. The product secret segmentation technology is adopted in the collaborative signature process, the technology only relates to simple multiplication operation in the calculation process, and zero knowledge proof and homomorphic encryption technology are not used, so that the calculation cost is greatly saved, and the signature efficiency is improved.
Drawings
Fig. 1 is a flowchart of an SM2 signature method based on a mobile KEY protection technique in an embodiment.
Fig. 2 is a schematic process diagram of the key generation stage in the embodiment.
Fig. 3 is a schematic process diagram of the collaborative signing phase in the embodiment.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, specific embodiments accompanied with figures are described in detail below, and it is apparent that the described embodiments are a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making creative efforts based on the embodiments of the present invention, shall fall within the protection scope of the present invention.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, but the present invention may be practiced in other ways than those specifically described and will be readily apparent to those of ordinary skill in the art without departing from the spirit of the present invention, and therefore the present invention is not limited to the specific embodiments disclosed below.
For convenience of description, in the present embodiment, a first communication party and a second communication party are used to represent two communication parties, respectively, where the first communication party is a mobile terminal, and the second communication party is a server.
Fig. 1 is a flowchart of an SM2 signature method based on the mobile KEY protection technology in this embodiment. As shown in fig. 1, the method mainly includes the steps of system initialization, key generation, collaborative signature, and outputting a complete signature. The following is a detailed description of the steps:
step 1, initializing a system;
the first and second communicating parties share a limited domain FpThe above elliptic curve has the curve equation of y2=x3+ax+b(a,b∈Fp,4a3+27b2Not equal to 0), the specific values of the parameters p, a and b of the curve are the same as the values of the parameters in appendix A.2 in GB/T32918.2-2016. The two communication parties have pre-agreed that the cryptographic hash algorithm to be used is the cryptographic hash algorithm given in GB/T32905 and 2016, namely the SM3 algorithm.
Step 2, generating a secret key;
with reference to fig. 2, it can be seen that, in the key generation phase, the key generation phase mainly consists of the following three steps:
step 2.1, the first communication party generates a sub public key P1And a sub private key d1;
The first communication party generates a message at [1, n-1 ]]Random number d between1D is mixing1As a child private key, calculate d1[*]G, using the result as a sub public key P1;
Step 2.2, the second communication partner generates a sub public key P2And a sub private key d2;
The second party generates a message at [1, n-1 ]]Random number d between2D is mixing2As a child private key, computed2[*]G, taking the calculation result as a sub public key P2;
Step 2.3, the first communication party according to the sub public key P2And a sub private key d1Calculating the public signature key P ═ d1[*]P2[-]G, the second communication party according to the sub public key P1And a sub private key d2Calculating the public signature key P ═ d2[*]P1[-]G。
Step 3, collaborative signature;
in the cooperative signature stage, the first communication generates a temporary sub public key Q1And a temporary sub-private key k1The second party generates a temporary public and private key pair Q2And a temporary sub-private key k2The two communication parties respectively generate a complete signature (r, s) by the cooperation of the message M to be signed, the temporary sub private key and the sub private key of the two communication parties and the temporary sub public key of the other communication party, and the specific process of the cooperative signature is shown in fig. 3:
step 3.1, the first communication party processes the message to be signed;
the first communication party splices the identity Z common to the first communication party and the second communication party with the message M to form M ', calculates SM3 (M'), and takes the calculation result as e;
step 3.2, the second communication party processes the message to be signed;
the steps of the second communication party processing the message to be signed are the same as the steps of the first communication party processing the message to be signed;
3.3, the first communication party generates a temporary public and private key pair;
the first communication party generates a message at [1, n-1 ]]Random number k between1Will k is1As temporary child private key, calculate k1[*]G, taking the calculation result as a temporary sub public key Q1(ii) a And Q is1Sending the information to a second communication party;
step 3.4, the second communication party generates a temporary public and private key pair;
the second party generates a message at [1, n-1 ]]Random number k between2Will k is2As temporary child private key, calculate k2[*]G, taking the calculation result as a temporary sub public key Q2And Q is2Sending the information to a first communication party;
step 3.5, the two communication parties collaborate to sign;
the second communication party calculates k2[*]Q1Obtaining a calculation result (x)1,y1) Calculating (x)1+ e) mod n, taking the calculation result as r, wherein mod represents the modulo operation; generating a bit at [1, n]Random number in between, the generated random number is taken as k3And calculate
And
taking the calculation results as c respectively1And c2(ii) a C is to1And is sent to the first communication partner, wherein,
denotes d2At FpThe upper inverse element;
the first communication party calculates k1[*]Q2Obtaining a calculation result (x)1,y1) And calculate (x)1+ e) mod n, taking the calculation result as r; computing
Taking the calculation result as s1(ii) a Sending s1To the second communication party; wherein the content of the first and second substances,
denotes d1At FpThe upper inverse element;
second communication party computing
Taking the calculation result as s2(ii) a Sending s2And c2To the first communication party;
first communication party computing
Obtain a partial signature s。
Step 4, outputting a complete signature;
the first party outputs (r, s) as a full signature.
In summary, the above embodiments are only used for illustrating the present invention, and the technical solutions described in the present invention are not limited; thus, while the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted; all such modifications and variations are intended to be included herein within the scope of this disclosure and the present invention and protected by the following claims.
Claims (3)
1. An SM2 signature method based on mobile KEY KEY protection technology, characterized by comprising the following steps:
step 1, initializing a system;
the first and second communication parties share the elliptic curve parameter E (F) of the SM2 algorithmp) G and n, the elliptic curve E is defined in a finite field FpThe step G represents a base point with the order n on the elliptic curve E, n is a limited positive integer, and the value of each parameter is preset according to the SM2 algorithm;
step 2, generating a secret key;
first correspondent generates a child private key d1And a sub public key P1(ii) a Second communication party generates sub private key d2And a sub public key P2(ii) a The first communication party utilizes the sub public key P of the second communication party2And its own sub-private key d1Negotiating a signature public key P, the second party using the first party's sub-public key P1And its own sub-private key d2Negotiating a signature public key P;
step 3, collaborative signature;
first communication party generates temporary sub-private key k1And a temporary sub public key Q1(ii) a Second party generates temporary child private key k2And a temporary sub public key Q2;
The first communication party and the second communication party cooperate to generate a complete signature (r, s) according to the message M to be signed, the temporary sub public key of the other party, the sub private key of the first communication party and the temporary sub private key of the second communication party respectively;
step 4, outputting a complete signature;
the first party outputs (r, s) as a full signature.
2. The SM2 signing method based on mobile KEY protection technology of claim 1, wherein step 2 specifically comprises the following steps:
step 2.1, the first communication party generates a sub private key d1And a sub public key P1;
The first communication party generates a message at [1, n-1 ]]Random number d between1D is mixing1As the child private key, there are: d1∈[1,n-1]Calculating d1[*]G, taking the calculation result as a sub public key P1(ii) a Wherein [ ] A]Representing an elliptic curve point multiplication operation;
step 2.2, the second communication party generates the sub private key d2And a sub public key P2;
The second party generates a message at [1, n-1 ]]Random number d between2D is mixing2As a child private key, calculate d2[*]G, taking the calculation result as a sub public key P2;
Step 2.3, the first communication party utilizes the sub public key P of the second communication party2And its own sub-private key d1Negotiating a signature public key P, the second party using the first party's sub-public key P1And its own sub-private key d2Negotiating a signature public key P;
first communication partner calculates d1[*]P2[-]G, using the calculation result as a signature public key P, wherein [ -]Representing an elliptic curve point subtraction operation;
second communication partner calculates d2[*]P1[-]G, the result is taken as the public signature key P.
3. The SM2 signing method based on mobile KEY protection technology of claim 1 or 2, wherein step 3 specifically comprises the following steps:
step 3.1, the first communication party processes the message to be signed;
the first communication party splices the identity Z and the message M which are common to the first communication party and the second communication party to form M ', calculates a hash (M'), and takes the calculation result as e;
step 3.2, the second communication party processes the message to be signed;
the second communication party splices the identity Z and the message M which are common to the second communication party and the first communication party to form M ', calculates a hash (M'), and takes the calculation result as e;
step 3.3, the first communication party generates a temporary sub-private key k1And a temporary sub public key Q1;
The first communication party generates a message at [1, n-1 ]]Random number k between1Will k is1As temporary child private key, calculate k1[*]G, taking the calculation result as a temporary sub public key Q1And Q is1Sending the information to a second communication party;
step 3.4, the second communication party generates a temporary sub private key k2And a temporary sub public key Q2;
The second party generates a message at [1, n-1 ]]Random number k between2Will k is2As temporary child private key, calculate k2[*]G, taking the calculation result as a temporary sub public key Q2And Q is2Sending the information to a first communication party;
step 3.5, the first communication party and the second communication party collaborate to sign;
step 3.51, the second communication party calculates k2[*]Q1Obtaining a calculation result (x)1,y1);
Step 3.52, the second communication party calculates (x) based on the calculation results of step 3.2 and step 3.511+ e) mod n, taking the calculation result as r, wherein mod represents the modulo operation;
step 3.53, the second party generates a message located in [1, n]Random number in between, the generated random number is taken as k3And calculate
And
taking the calculation results as c respectively1And c2Wherein r is the calculation result of step 3.52; c is to1And is sent to the first communication partner, wherein,
denotes d2At FpThe upper inverse element;
step 3.54, the first communication party calculates k1[*]Q2Obtaining a calculation result (x)1,y1);
Step 3.55, the first communication party calculates (x) according to the calculation results of step 3.1 and step 3.541+ e) modn, taking the calculation result as r;
step 3.56, the first communication party calculates
Taking the calculation result as s1Wherein r is the calculation result of step 3.55; sending s1To the second communication party; wherein the content of the first and second substances,
denotes d1At FpThe upper inverse element;
step 3.57, second communication party calculates
Taking the calculation result as s2(ii) a Sending s2And c2To the first communication party;
step 3.58, the first communication party calculates
A partial signature s is obtained, (r, s) constituting a complete signature.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111273107.XA CN113918979A (en) | 2021-10-29 | 2021-10-29 | SM2 signature method based on mobile KEY KEY protection technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111273107.XA CN113918979A (en) | 2021-10-29 | 2021-10-29 | SM2 signature method based on mobile KEY KEY protection technology |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113918979A true CN113918979A (en) | 2022-01-11 |
Family
ID=79243683
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111273107.XA Pending CN113918979A (en) | 2021-10-29 | 2021-10-29 | SM2 signature method based on mobile KEY KEY protection technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113918979A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114661934A (en) * | 2022-03-21 | 2022-06-24 | 重庆市规划和自然资源信息中心 | Method for multidimensional monitoring of government affair new media public opinion early warning based on data mining analysis technology |
-
2021
- 2021-10-29 CN CN202111273107.XA patent/CN113918979A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114661934A (en) * | 2022-03-21 | 2022-06-24 | 重庆市规划和自然资源信息中心 | Method for multidimensional monitoring of government affair new media public opinion early warning based on data mining analysis technology |
| CN114661934B (en) * | 2022-03-21 | 2024-03-01 | 重庆市规划和自然资源信息中心 | Method for multidimensional monitoring of government new media public opinion early warning based on data mining analysis technology |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109088726B (en) | SM2 algorithm-based collaborative signing and decrypting method and system for two communication parties | |
| CN108667626B (en) | Secure two-party collaboration SM2 signature method | |
| CN108989047B (en) | SM2 algorithm-based cooperative signature method and system for two communication parties | |
| CN107623570B (en) | SM2 signature method based on addition key segmentation | |
| CN111147246B (en) | SM 2-based multiparty collaborative signature method and system | |
| US8422670B2 (en) | Password authentication method | |
| CN109861826B (en) | Method and device for realizing bidirectional proxy re-signature | |
| CN109639439B (en) | ECDSA digital signature method based on two-party cooperation | |
| CN103259662A (en) | Novel procuration signature and verification method based on integer factorization problems | |
| CN109743166B (en) | Multiparty signature generation method and security information verification system | |
| CN113676333A (en) | Method for generating SM2 blind signature through cooperation of two parties | |
| CN113158258B (en) | Collaborative signature method, device and system based on elliptic curve | |
| CN107171788B (en) | Identity-based online and offline aggregated signature method with constant signature length | |
| CN109981269A (en) | A kind of safe and efficient SM9 multi-party key distribution method and device | |
| CN113918979A (en) | SM2 signature method based on mobile KEY KEY protection technology | |
| Toradmalle et al. | Certificateless and provably-secure digital signature scheme based on elliptic curve | |
| CN109618348B (en) | Method and device for realizing one-way proxy re-signature | |
| CN110943826B (en) | Split key signature method and system based on SM2 algorithm | |
| Tan | An efficient pairing‐free identity‐based authenticated group key agreement protocol | |
| CN110266492B (en) | Traceable ubiquitous power internet of things identity authentication method | |
| CN115314205B (en) | Collaborative signature system and method based on key segmentation | |
| CN111669275A (en) | Master-slave cooperative signature method capable of selecting slave nodes in wireless network environment | |
| WO2023206869A1 (en) | Lattice-based proxy signature method, apparatus and device, lattice-based proxy signature verification method, apparatus and device, and storage medium | |
| CN115174056B (en) | Chameleon signature generation method and chameleon signature generation device based on SM9 signature | |
| Bicakci et al. | SAOTS: A new efficient server assisted signature scheme for pervasive computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |