CN114257380A - Digital signature method, system and equipment - Google Patents
Digital signature method, system and equipment Download PDFInfo
- Publication number
- CN114257380A CN114257380A CN202111565694.XA CN202111565694A CN114257380A CN 114257380 A CN114257380 A CN 114257380A CN 202111565694 A CN202111565694 A CN 202111565694A CN 114257380 A CN114257380 A CN 114257380A
- Authority
- CN
- China
- Prior art keywords
- signature
- preset rule
- random number
- intermediate number
- signature part
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3252—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a digital signature method, a system and a device, comprising: acquiring a signature key, a message digest, a first random number and elliptic curve points; based on a first preset rule, calculating the signature key to obtain a first intermediate number, wherein the first preset rule comprises inverse operation; obtaining a first signature part based on the message digest and the elliptic curve point operation; based on a second preset rule, operating the first intermediate number, the first signature part and the first random number to obtain a second signature part; a digital signature is determined based on the first signature portion and the second signature portion. Therefore, the signature key only participates in inversion operation, compared with the participation of various operations in the standard SM2 algorithm, the risk of being attacked is reduced, and the safety of the digital signature can be improved on the premise of not influencing the performance of the SM2 algorithm.
Description
Technical Field
The present application relates to the field of information security technologies, and in particular, to a digital signature method, system, and device.
Background
The SM2 algorithm is a secure algorithm that ensures that the algorithm itself is not deciphered and cannot be operated in reverse. However, the SM2 algorithm is an open source algorithm, and if the key information is obtained during the use process, the whole process of the algorithm can be copied. Therefore, protection of the key during use is crucial. At present, the main key attack means is side channel attack, for example, sensitive information is obtained by means of obtaining an energy curve, an electromagnetic curve and the like in an algorithm operation process to perform template analysis, DPA (energy) and the like. The operation process of the SM2 signing algorithm includes a message and a key, wherein the key is a private key and needs to be private to a signing authority. The private key participates in the dot multiplication and inversion processes, energy curves of the two processes are greatly different from those of point addition operation of other points, and an attacker can analyze a real private key value through extracting the dot multiplication or inversion processes for multiple times.
At present, for the key protection of the SM2 signature process, a common method is to increase the difficulty of being attacked by adding interference items, such as adding useless inversion process or dot product, and hiding the real process, wherein the purpose of confusing audio and video and thus increasing the difficulty of attack is achieved, but the performance of the SM2 algorithm is affected.
Disclosure of Invention
In view of this, an object of the present application is to provide a digital signature method, system and device, which can improve the security of digital signature without affecting the performance of SM2 algorithm. The specific scheme is as follows:
in a first aspect, the present application discloses a digital signature method, which is applied to an SM2 algorithm encryption device, and the method includes:
acquiring a signature key, a message digest, a first random number and elliptic curve points;
based on a first preset rule, calculating the signature key to obtain a first intermediate number, wherein the first preset rule comprises inverse operation;
obtaining a first signature part based on the message digest and the elliptic curve point operation;
based on a second preset rule, operating the first intermediate number, the first signature part and the first random number to obtain a second signature part;
a digital signature is determined based on the first signature portion and the second signature portion.
Alternatively to this, the first and second parts may,
the first predetermined rule is that formula S1 ═ 1+ dA)-1mod n, where s1Is a first intermediate number, dAIs a signature key, n is a modulus;
the second predetermined rule is that the formula s ═ s(s)1(k + r) -r) modn, where k is a first random number, r is a first signature part, and s is a second signature part.
Optionally, the method further includes:
acquiring a second random number;
the calculating the signature key based on the first preset rule to obtain a first intermediate number includes: calculating the signature key based on the second random number and the first preset rule to obtain a first intermediate number;
the calculating the first intermediate number, the first signature part and the first random number based on a second preset rule to obtain a second signature part comprises: and calculating the first intermediate number, the first signature part and the first random number based on the second random number and the second preset rule to obtain a second signature part.
Alternatively to this, the first and second parts may,
based on the second random number and the first preset rule, calculating the signature key to obtain a first intermediate number, including:
based on the formula s1=(r2+r2dA)-1The modn operation yields a first intermediate number, where r2Is a second random number;
based on the second random number and the second preset rule, calculating the first intermediate number, the first signature part and the first random number to obtain a second signature part, including:
based on the formula s ═ s1(k+r)r2-r) modn operation results in a second signature part.
Optionally, based on the second random number and the second preset rule, performing an operation on the first intermediate number, the first signature part, and the first random number to obtain a second signature part, including:
calculating the first signature part and the first random number based on a third preset rule to obtain a second intermediate number, wherein the third preset rule is a modulo addition operation;
calculating the second random number, the first intermediate number and the second intermediate number based on a fourth preset rule to obtain a third intermediate number, wherein the fourth preset rule is a modular multiplication operation;
and calculating the third intermediate number and the first random number based on a fifth preset rule to obtain a second signature part, wherein the fifth preset rule is a modular subtraction operation.
Alternatively to this, the first and second parts may,
the third preset rule is s2=(k+r)modn,s2Is a second intermediate number;
the fourth preset rule is s3=(s1s2r2)modn,s1Is a first intermediate number, s3Is a third intermediate number;
the fifth predetermined rule is s ═ s(s)3-r) modn, s is the second signature part.
Optionally, the calculating the first intermediate number, the first signature part, and the first random number based on the second preset rule to obtain the second signature part includes:
calculating the first signature part and the first random number based on a third preset rule to obtain a second intermediate number, wherein the third preset rule is a modulo addition operation;
calculating the first intermediate number and the second intermediate number based on a fourth preset rule to obtain a third intermediate number, wherein the fourth preset rule is a modular multiplication operation;
and calculating the third intermediate number and the first random number based on a fifth preset rule to obtain a second signature part, wherein the fifth preset rule is a modular subtraction operation.
Alternatively to this, the first and second parts may,
the third preset rule is s2=(k+r)modn,s2Is a second intermediate number;
the fourth preset rule is s3=(s1s2)modn,s1Is a first intermediate number, s3Is a third intermediate number;
the fifth predetermined rule is s ═ s(s)3-r) modn, s is the second signature part.
In a second aspect, the present application discloses a digital signature system, which is applied in an SM2 algorithm encryption device, and the system includes:
the acquisition module is used for acquiring a signature key, a message digest, a first random number and elliptic curve points;
the first intermediate number operation module is used for operating the signature key based on a first preset rule to obtain a first intermediate number, and the first preset rule comprises inverse operation;
the first signature part operation module is used for obtaining a first signature part based on the message digest and the elliptic curve point operation;
the second signature part operation module is used for operating the first intermediate number, the first signature part and the first random number based on a second preset rule to obtain a second signature part;
a digital signature determination module to determine a digital signature based on the first signature portion and the second signature portion.
In a third aspect, the present application discloses an electronic device, comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the aforementioned digital signature method.
It can be seen that, in the present application, a signature key, a message digest, a first random number, and elliptic curve points are obtained first, and then, based on a first preset rule, the signature key is operated to obtain a first intermediate number, the first preset rule includes an inverse operation, and based on the message digest and the elliptic curve points are operated to obtain a first signature part, and then, based on a second preset rule, the first intermediate number, the first signature part, and the first random number are operated to obtain a second signature part, and finally, based on the first signature part and the second signature part, a digital signature is determined. Therefore, the signature key only participates in inversion operation, compared with the participation of various operations in the standard SM2 algorithm, the risk of being attacked is reduced, and the safety of the digital signature can be improved on the premise of not influencing the performance of the SM2 algorithm.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flow chart of a digital signature method provided herein;
FIG. 2 is a flow chart of a standard SM2 algorithm provided herein;
fig. 3 is a schematic structural diagram of a digital signature apparatus provided in the present application;
fig. 4 is a block diagram of an electronic device provided in the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
At present, for the key protection of the SM2 signature process, a common method is to increase the difficulty of being attacked by adding interference items, such as adding useless inversion process or dot product, and hiding the real process, wherein the purpose of confusing audio and video and thus increasing the difficulty of attack is achieved, but the performance of the SM2 algorithm is affected. Therefore, the digital signature scheme is provided, and the safety of the digital signature can be improved on the premise of not influencing the performance of the SM2 algorithm.
Referring to fig. 1, an embodiment of the present application discloses a digital signature method, where the signature method is applied to an SM2 algorithm encryption device, and the method includes:
step S11: and acquiring a signature key, a message digest, a first random number and elliptic curve points.
In some embodiments, a cryptographic hash function may be used to compress message data including a hash value and a message to be signed to obtain a message digest.
In a specific implementation manner, the embodiment of the present application may obtain a message to be signed, and based on a formulaCalculating to obtain a message digest, wherein e is the message digest, M is the message to be signed, and ZAIs a hash value of a discernable identification about user A, partial elliptic curve system parameters and user A public key, HvIs a cryptographic hash function with a message digest length of v bits. And, a first random number k ∈ [1, n-1 ] may be generated]。
Step S12: and calculating the signature key to obtain a first intermediate number based on a first preset rule, wherein the first preset rule comprises inverse operation.
Wherein the first preset rule is a formula S1=(1+dA)-1mod n, where s1Is a first intermediate number, dAN is the modulus, which is the signing key, i.e. the private key of user a.
Step S13: and calculating to obtain a first signature part based on the message digest and the elliptic curve points.
In particular embodiments, may be based on (x)1,y1)=[k]G calculates the points of the elliptic curve, wherein G is a base point of the elliptic curve, and the order of the base point is prime number, (x)1,y1) Are elliptic curve points.
The first signature part can be obtained by operation based on the message digest and the coordinate value of the abscissa of the elliptic curve point.
Further, it may be based on r ═ e + x1) mod n yields a first signature part, where x1Is the x-axis coordinate value of the elliptic curve point, and r is the first signature part.
Step S14: and calculating the first intermediate number, the first signature part and the first random number based on a second preset rule to obtain a second signature part.
Wherein the second predetermined rule is that the formula s ═ s(s)1(k + r) -r) modn, where k is a first random number, r is a first signature part, and s is a second signature part.
Step S15: a digital signature is determined based on the first signature portion and the second signature portion.
In particular embodiments, a digital signature [ r, s ] may be obtained.
Referring to fig. 2, fig. 2 is a flowchart of a standard SM2 algorithm provided in the embodiment of the present application. The formula of the signature key participating in the operation is as follows:
s=((1+dA)-1(k-rdA))modn;
as can be seen from the above equation, d in the standard SM2 algorithm flowAWill directly participate in (1+ d)A)-1And rdAIn the dot product operation of (1). Further, the formula of the signature key participating operation in the standard SM2 algorithm can be equivalently transformed:
s=((1+dA)-1(k-rdA))modn
=((1+dA)-1(k+r-r-rdA))modn
=((1+dA)-1((k+r)-r(1+rdA)))modn
=((1+dA)-1(k+r)-((1+dA)-1r(1+rdA)))modn
=((1+dA)-1(k+r)-r)modn
so as to perform conversion d after the conversionAOnly participate in the inversion operation, and based on this, in the embodiment of the present application, firstly, based on the first preset rule, the signature key is operated to obtain the secondAnd the first preset rule comprises inverse operation, and then the first intermediate number, the first signature part and the first random number are operated to obtain a second signature part based on a second preset rule. Because of the pair d in the first predetermined ruleAThe first intermediate number is obtained by inversion operation, and the second preset rule only needs to calculate the first intermediate number, the first signature part and the first random number, and does not include dAThe operation of the method realizes the optimization of the SM2 signing process key operation process, the optimized SM2 key only participates in the inversion operation in the SM2 operation process, and the SM2 private key is effectively protected from being attacked by an external side channel attack means on the premise of not influencing the SM2 operation performance, so that the aim of improving the security of the SM2 signcryption private key is fulfilled.
In some embodiments, the operating the first intermediate number, the first signature part, and the first random number based on the second preset rule to obtain the second signature part specifically includes:
step 001: calculating the first signature part and the first random number based on a third preset rule to obtain a second intermediate number, wherein the third preset rule is a modulo addition operation;
step 002: calculating the first intermediate number and the second intermediate number based on a fourth preset rule to obtain a third intermediate number, wherein the fourth preset rule is a modular multiplication operation;
step 003: and calculating the third intermediate number and the first random number based on a fifth preset rule to obtain a second signature part, wherein the fifth preset rule is a modular subtraction operation.
Wherein the third predetermined rule is s2=(k+r)modn,s2Is a second intermediate number; the fourth preset rule is s3=(s1s2)modn,s1Is a first intermediate number, s3Is a third intermediate number; the fifth predetermined rule is s ═ s(s)3-r) modn, s is the second signature part.
That is, the embodiment of the present application may be based on formula S1=(1+dA)-1modn、r=(e+x1)modn、s2=(k+r)modn、s3=(s1s2)modn、s=(s3-r) modn calculation resulting in a first signature part and a second signature part of the digital signature.
It should be noted that the curves of the operation types on the energy curve have large differences, and the curves of the same operation type have large similarities. Therefore, in order to protect the first signature part in the standard algorithm, i.e. to determine the intermediate variables of the second signature part, the present application prevents interception of the information of the first signature part by a modulo addition operation. The calculation process of the first signature part is placed in S1=(1+dA)-1mod n and s2The number of the modules is (k + r) mod n, so that the two-time modular addition operation can achieve a good shielding effect, and the attack difficulty is improved.
Further, in the embodiment of the present application, a second random number may be obtained; correspondingly, the calculating the signature key based on the first preset rule to obtain a first intermediate number includes: calculating the signature key based on the second random number and the first preset rule to obtain a first intermediate number; the calculating the first intermediate number, the first signature part and the first random number based on a second preset rule to obtain a second signature part comprises: and calculating the first intermediate number, the first signature part and the first random number based on the second random number and the second preset rule to obtain a second signature part.
In a specific embodiment, the operating the signing key based on the second random number and the first preset rule to obtain a first intermediate number includes: based on the formula s1=(r2+r2dA)-1The modn operation yields a first intermediate number, where r2Is a second random number; based on the second random number and the second preset rule, calculating the first intermediate number, the first signature part and the first random number to obtain a second signature part, including: based on the formula s ═ s1(k+r)r2-r) modn operation results in a second signature part.
Note that for s ((1+ d)A)-1The inversion operation in (k + r) -r) modn may further be performed with a randomized masking operation as follows:
s=((1+dA)-1(k+r)-r)modn
=((r2)-1(1+dA)-1(k+r)r2-r)modn
=((r2+r2dA)-1(k+r)r2-r)modn
based on this, the embodiment of the present application is based on the formula s1=(r2+r2dA)-1The modn operation yields a first intermediate number, where r2Is a second random number; then based on the formula s ═ s(s)1(k+r)r2-r) modn operation results in a second signature part. Thus, after passing through the randomized mask, dAOnly directly participate in r2dAIs calculated, and r is2Is a random number, so the operation result of the dot product operation is the random number r2The difference occurs each time, and the attack difficulty is greatly improved from the method of side channel attack such as electromagnetic attack or template attack, so that the secret key dAThe safety of the device is greatly improved.
Further, in some embodiments, the calculating the first intermediate number, the first signature part, and the first random number based on the second random number and the second preset rule to obtain the second signature part specifically includes:
step 011: calculating the first signature part and the first random number based on a third preset rule to obtain a second intermediate number, wherein the third preset rule is a modulo addition operation;
step 012: calculating the second random number, the first intermediate number and the second intermediate number based on a fourth preset rule to obtain a third intermediate number, wherein the fourth preset rule is a modular multiplication operation;
step 013: and calculating the third intermediate number and the first random number based on a fifth preset rule to obtain a second signature part, wherein the fifth preset rule is a modular subtraction operation.
Wherein the third presetRule is s2=(k+r)modn,s2Is a second intermediate number; the fourth preset rule is s3=(s1s2r2)modn,s1Is a first intermediate number, s3Is a third intermediate number; the fifth predetermined rule is s ═ s(s)3-r) modn, s is the second signature part.
That is, the embodiments of the present application may be based on the formula s1=(r2+r2dA)-1modn、r=(e+x1)modn、s2=(k+r)modn、s3=(s1s2r2)modn、s=(s3-r) modn calculation resulting in a first signature part and a second signature part of the digital signature.
It can be seen that, in the embodiments of the present application, in order to protect the first signature part, that is, determine the intermediate variable of the second signature part, the information of the first signature part is prevented from being intercepted by the modulo addition operation. Determining that the formula for the first signature part is hidden to s2Before the operation, the two modulo addition operations can achieve good shielding effect, and the attack difficulty is improved.
Taking SOC chip as an example, based on the formula s1=(r2+r2dA)-1modn、r=(e+x1)modn、s2=(k+r)modn、s3=(s1s2r2)modn、s=(s3-r) modn compiles an SM2 signature algorithm program, wherein r is for a second random number2The random number generating function of the SOC chip can be called to generate, and a software random number interface in an algorithm library (such as a C library) can be called to generate. And, edit the test case test SM2 whether the signature result is normal. The scheme provided by the application improves the safety on the premise of not influencing the performance of the SM2 algorithm.
Further, in some embodiments, the fourth preset rule may comprise s'3=(s2r2)modn、s3=(s1s’3) mod n, i.e. may be based on the formula s1=(r2+r2dA)-1modn、r=(e+x1)modn、s2=(k+r)modn、s’3=(s2r2)modn、s3=(s1s’3)modn、s=(s3-r) modn calculation resulting in a first signature part and a second signature part of the digital signature.
Referring to fig. 3, an embodiment of the present application discloses a digital signature system, where the signature system is applied to an SM2 algorithm encryption device, and the system includes:
an obtaining module 11, configured to obtain a signature key, a message digest, a first random number, and elliptic curve points;
a first median operation module 12, configured to perform an operation on the signature key based on a first preset rule to obtain a first median, where the first preset rule includes an inverse operation;
a first signature part operation module 13, configured to obtain a first signature part based on the message digest and the elliptic curve point operation;
a second signature part operation module 14, configured to perform operation on the first intermediate number, the first signature part, and the first random number based on a second preset rule to obtain a second signature part;
a digital signature determination module 15 for determining a digital signature based on the first signature part and the second signature part.
Therefore, in the embodiment of the application, the signature key only participates in the inversion operation, compared with the participation in various operations in the standard SM2 algorithm, the risk of being attacked is reduced, and the security of the digital signature can be improved on the premise of not influencing the performance of the SM2 algorithm.
Wherein the first preset rule is a formula S1=(1+dA)-1mod n, where s1Is a first intermediate number, dAIs a signature key, n is a modulus; the second predetermined rule is that the formula s ═ s(s)1(k + r) -r) modn, where k is a first random number, r is a first signature part, and s is a second signature part.
Further, the system further comprises: and the second random number acquisition module is used for acquiring a second random number.
Correspondingly, the first intermediate number operation module 12 is specifically configured to operate the signature key based on the second random number and the first preset rule to obtain a first intermediate number; the second signature part operation module 14 is specifically configured to perform operation on the first intermediate number, the first signature part, and the first random number based on the second random number and the second preset rule to obtain a second signature part.
And, the first intermediate number operation module 12 is specifically configured to operate based on the formula s1=(r2+r2dA)-1The modn operation yields a first intermediate number, where r2Is a second random number; the second signature part operation module 14 is specifically configured to calculate(s) based on the formula s ═ s1(k+r)r2-r) modn operation results in a second signature part.
In an embodiment, the second signature part operation module 14 specifically includes:
a second intermediate number operation sub-module, configured to operate on the first signature part and the first random number based on a third preset rule to obtain a second intermediate number, where the third preset rule is a modulo addition operation;
a third intermediate number operation sub-module, configured to operate the second random number, the first intermediate number, and the second intermediate number based on a fourth preset rule to obtain a third intermediate number, where the fourth preset rule is a modular multiplication operation;
and the second signature part operation submodule is used for operating the third intermediate number and the first random number based on a fifth preset rule to obtain a second signature part, and the fifth preset rule is a modulo reduction operation.
Wherein the third predetermined rule is s2=(k+r)modn,s2Is a second intermediate number; the fourth preset rule is s3=(s1s2r2)modn,s1Is a first intermediate number, s3Is a third intermediate number; the fifth predetermined rule is s ═ s(s)3-r) modn, s is the second signature part.
In another embodiment, the second signature part operation module 14 specifically includes:
a second intermediate number operation sub-module, configured to operate on the first signature part and the first random number based on a third preset rule to obtain a second intermediate number, where the third preset rule is a modulo addition operation;
a third intermediate number operation sub-module, configured to perform an operation on the first intermediate number and the second intermediate number based on a fourth preset rule to obtain a third intermediate number, where the fourth preset rule is a modular multiplication operation;
and the second signature part operation submodule is used for operating the third intermediate number and the first random number based on a fifth preset rule to obtain a second signature part, and the fifth preset rule is a modulo reduction operation.
Wherein the third predetermined rule is s2=(k+r)modn,s2Is a second intermediate number; the fourth preset rule is s3=(s1s2)modn,s1Is a first intermediate number, s3Is a third intermediate number; the fifth predetermined rule is s ═ s(s)3-r) modn, s is the second signature part.
Referring to fig. 4, an embodiment of the present application discloses an electronic device 20, which includes a processor 21 and a memory 22; wherein, the memory 22 is used for saving computer programs; the processor 21 is configured to execute the computer program and the digital signature method disclosed in the foregoing embodiments.
For the specific process of the digital signature method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.
The memory 22 is used as a carrier for resource storage, and may be a read-only memory, a random access memory, a magnetic disk or an optical disk, and the storage mode may be a transient storage mode or a permanent storage mode.
In addition, the electronic device 20 further includes a power supply 23, a communication interface 24, an input-output interface 25, and a communication bus 26; the power supply 23 is configured to provide an operating voltage for each hardware device on the electronic device 20; the communication interface 24 can create a data transmission channel between the electronic device 20 and an external device, and a communication protocol followed by the communication interface is any communication protocol applicable to the technical solution of the present application, and is not specifically limited herein; the input/output interface 25 is configured to obtain external input data or output data to the outside, and a specific interface type thereof may be selected according to a specific application requirement, which is not specifically limited herein.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. For the system disclosed by the embodiment, the description is relatively simple because the system corresponds to the method disclosed by the embodiment, and the relevant points can be referred to the method part for description.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The above detailed description is provided for a digital signature method, system and device, and specific examples are applied in this document to explain the principle and implementation of the present application, and the description of the above embodiments is only used to help understand the method and core ideas of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (10)
1. A digital signature method, wherein the signature method is applied to an SM2 algorithm encryption device, and the method comprises:
acquiring a signature key, a message digest, a first random number and elliptic curve points;
based on a first preset rule, calculating the signature key to obtain a first intermediate number, wherein the first preset rule comprises inverse operation;
obtaining a first signature part based on the message digest and the elliptic curve point operation;
based on a second preset rule, operating the first intermediate number, the first signature part and the first random number to obtain a second signature part;
a digital signature is determined based on the first signature portion and the second signature portion.
2. The digital signature method as claimed in claim 1,
the first preset rule is a formula S1=(1+dA)-1mod n, where s1Is a first intermediate number, dAIs a signature key, n is a modulus;
the second predetermined rule is that the formula s ═ s(s)1(k + r) -r) mod n, where k is a first random number, r is a first signature part, and s is a second signature part.
3. The digital signature method of claim 1, wherein the method further comprises:
acquiring a second random number;
the calculating the signature key based on the first preset rule to obtain a first intermediate number includes: calculating the signature key based on the second random number and the first preset rule to obtain a first intermediate number;
the calculating the first intermediate number, the first signature part and the first random number based on a second preset rule to obtain a second signature part comprises: and calculating the first intermediate number, the first signature part and the first random number based on the second random number and the second preset rule to obtain a second signature part.
4. The digital signature method as claimed in claim 3,
based on the second random number and the first preset rule, calculating the signature key to obtain a first intermediate number, including:
based on the formula s1=(r2+r2dA)-1The modn operation yields a first intermediate number, where r2Is a second random number;
based on the second random number and the second preset rule, calculating the first intermediate number, the first signature part and the first random number to obtain a second signature part, including:
based on the formula s ═ s1(k+r)r2-r) mod n operation results in a second signature part.
5. The digital signature method of claim 3, wherein computing the first intermediate number, the first signature part and the first random number to obtain a second signature part based on the second random number and the second preset rule comprises:
calculating the first signature part and the first random number based on a third preset rule to obtain a second intermediate number, wherein the third preset rule is a modulo addition operation;
calculating the second random number, the first intermediate number and the second intermediate number based on a fourth preset rule to obtain a third intermediate number, wherein the fourth preset rule is a modular multiplication operation;
and calculating the third intermediate number and the first random number based on a fifth preset rule to obtain a second signature part, wherein the fifth preset rule is a modular subtraction operation.
6. The digital signature method as claimed in claim 5,
the third preset rule is s2=(k+r)modn,s2Is a second intermediate number;
the fourth preset rule is s3=(s1s2r2)mod n,s1Is a first intermediate number, s3Is a third intermediate number;
the fifth predetermined rule is s ═ s(s)3-r) mod n, s is the second signature part.
7. The method according to claim 1, wherein the operating the first intermediate number, the first signature part, and the first random number based on a second preset rule to obtain a second signature part comprises:
calculating the first signature part and the first random number based on a third preset rule to obtain a second intermediate number, wherein the third preset rule is a modulo addition operation;
calculating the first intermediate number and the second intermediate number based on a fourth preset rule to obtain a third intermediate number, wherein the fourth preset rule is a modular multiplication operation;
and calculating the third intermediate number and the first random number based on a fifth preset rule to obtain a second signature part, wherein the fifth preset rule is a modular subtraction operation.
8. The digital signature method as claimed in claim 7,
the third preset rule is s2=(k+r)modn,s2Is a second intermediate number;
the fourth preset rule is s3=(s1s2)mod n,s1Is a first intermediate number, s3Is a third intermediate number;
the fifth predetermined rule is s ═ s(s)3-r) mod n, s is the second signature part.
9. A digital signature system, wherein the signature system is applied to an SM2 algorithm encryption device, and the system comprises:
the acquisition module is used for acquiring a signature key, a message digest, a first random number and elliptic curve points;
the first intermediate number operation module is used for operating the signature key based on a first preset rule to obtain a first intermediate number, and the first preset rule comprises inverse operation;
the first signature part operation module is used for obtaining a first signature part based on the message digest and the elliptic curve point operation;
the second signature part operation module is used for operating the first intermediate number, the first signature part and the first random number based on a second preset rule to obtain a second signature part;
a digital signature determination module to determine a digital signature based on the first signature portion and the second signature portion.
10. An electronic device, comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the digital signature method of any one of claims 1 to 8.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111565694.XA CN114257380A (en) | 2021-12-20 | 2021-12-20 | Digital signature method, system and equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111565694.XA CN114257380A (en) | 2021-12-20 | 2021-12-20 | Digital signature method, system and equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114257380A true CN114257380A (en) | 2022-03-29 |
Family
ID=80796131
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111565694.XA Pending CN114257380A (en) | 2021-12-20 | 2021-12-20 | Digital signature method, system and equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114257380A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114844650A (en) * | 2022-05-24 | 2022-08-02 | 北京宏思电子技术有限责任公司 | Equipment signature method and system |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120069994A1 (en) * | 2010-09-16 | 2012-03-22 | Stmicroelectronics S.R.L. | Method for genertaing a digital signature |
CN103427997A (en) * | 2013-08-16 | 2013-12-04 | 西安西电捷通无线网络通信股份有限公司 | Method and device for generating digital signature |
CN103546288A (en) * | 2013-09-25 | 2014-01-29 | 中国科学院数据与通信保护研究教育中心 | SM2 (streaming multiprocessor 2) digital signature generating algorithm realizing method and device |
CN109309569A (en) * | 2018-09-29 | 2019-02-05 | 北京信安世纪科技股份有限公司 | The method, apparatus and storage medium of collaboration signature based on SM2 algorithm |
CN112118111A (en) * | 2020-09-04 | 2020-12-22 | 中国科学院大学 | SM2 digital signature method suitable for threshold calculation |
US20210028946A1 (en) * | 2019-07-25 | 2021-01-28 | EMC IP Holding Company LLC | Blinding Techniques for Protection of Private Keys in Message Signing Based on Elliptic Curve Cryptography |
CN113158258A (en) * | 2021-03-31 | 2021-07-23 | 郑州信大捷安信息技术股份有限公司 | Collaborative signature method, device and system based on elliptic curve |
-
2021
- 2021-12-20 CN CN202111565694.XA patent/CN114257380A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120069994A1 (en) * | 2010-09-16 | 2012-03-22 | Stmicroelectronics S.R.L. | Method for genertaing a digital signature |
CN103427997A (en) * | 2013-08-16 | 2013-12-04 | 西安西电捷通无线网络通信股份有限公司 | Method and device for generating digital signature |
CN103546288A (en) * | 2013-09-25 | 2014-01-29 | 中国科学院数据与通信保护研究教育中心 | SM2 (streaming multiprocessor 2) digital signature generating algorithm realizing method and device |
CN109309569A (en) * | 2018-09-29 | 2019-02-05 | 北京信安世纪科技股份有限公司 | The method, apparatus and storage medium of collaboration signature based on SM2 algorithm |
US20210028946A1 (en) * | 2019-07-25 | 2021-01-28 | EMC IP Holding Company LLC | Blinding Techniques for Protection of Private Keys in Message Signing Based on Elliptic Curve Cryptography |
CN112118111A (en) * | 2020-09-04 | 2020-12-22 | 中国科学院大学 | SM2 digital signature method suitable for threshold calculation |
CN113158258A (en) * | 2021-03-31 | 2021-07-23 | 郑州信大捷安信息技术股份有限公司 | Collaborative signature method, device and system based on elliptic curve |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114844650A (en) * | 2022-05-24 | 2022-08-02 | 北京宏思电子技术有限责任公司 | Equipment signature method and system |
CN114844650B (en) * | 2022-05-24 | 2023-12-01 | 北京宏思电子技术有限责任公司 | Equipment signature method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3424175B1 (en) | Converting a boolean masked value to an arithmetically masked value for cryptographic operations | |
US7603560B2 (en) | Method and apparatus for digital signature authentication | |
US7908641B2 (en) | Modular exponentiation with randomized exponent | |
EP2813029B1 (en) | System and method for generating and protecting cryptographic keys | |
CA2542556A1 (en) | An authentication system executing an elliptic curve digital signature cryptographic process | |
CN107004084B (en) | Multiplicative mask for cryptographic operations | |
Al-Kadei et al. | Speed up image encryption by using RSA algorithm | |
JP2004501385A (en) | Elliptic curve encryption method | |
CN113158258A (en) | Collaborative signature method, device and system based on elliptic curve | |
CN114257380A (en) | Digital signature method, system and equipment | |
JP2006259735A (en) | Elliptic curve point octupling using single instruction multiple data processing | |
Arunachalam et al. | FPGA implementation of time-area-efficient Elliptic Curve Cryptography for entity authentication | |
CN112906059B (en) | Proxy signature and verification method, device, system and storage medium | |
CN112769539B (en) | Method and system for generating RSA key and cooperating with RSA signature and decryption | |
CN114567448A (en) | Collaborative signature method and collaborative signature system | |
CN117910024B (en) | Key generation method and device, electronic equipment and storage medium | |
EP4024755B1 (en) | Secured performance of an elliptic curve cryptographic process | |
WO2023151171A1 (en) | Elliptic curve digital signature calculation method resistant to memory information leakage attacks, and apparatus | |
CN117278213B (en) | Polynomial commitment based method, electronic device and readable storage medium | |
Han et al. | Algorithm-Based Countermeasures against Power Analysis Attacks for Public-Key Cryptography SM2 | |
CN115426113A (en) | Digital signature operation method and intellectual property IP core | |
US20240137216A1 (en) | Simplified masking for signed cryptography operations | |
US20230396436A1 (en) | Masked decomposition of polynomials for lattice-based cryptography | |
CN116827547A (en) | Elliptic curve point multiplication operation method, signature method and device, medium and equipment | |
JP2008141385A (en) | Encryption method, encryption device, and encryption program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |