CN114285577A - Multi-party collaborative signature method and system - Google Patents
Multi-party collaborative signature method and system Download PDFInfo
- Publication number
- CN114285577A CN114285577A CN202110459318.6A CN202110459318A CN114285577A CN 114285577 A CN114285577 A CN 114285577A CN 202110459318 A CN202110459318 A CN 202110459318A CN 114285577 A CN114285577 A CN 114285577A
- Authority
- CN
- China
- Prior art keywords
- participant
- signature value
- random number
- party
- nth
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- GGMMWVHTLAENAS-UHFFFAOYSA-M (1,1-diethylpyrrolidin-1-ium-3-yl) 2-hydroxy-2,2-diphenylacetate;bromide Chemical compound [Br-].C1[N+](CC)(CC)CCC1OC(=O)C(O)(C=1C=CC=CC=1)C1=CC=CC=C1 GGMMWVHTLAENAS-UHFFFAOYSA-M 0.000 claims description 3
- 230000001172 regenerating effect Effects 0.000 claims 4
- 101100134058 Caenorhabditis elegans nth-1 gene Proteins 0.000 claims 1
- 230000008569 process Effects 0.000 abstract description 7
- 230000002452 interceptive effect Effects 0.000 abstract description 5
- 230000003993 interaction Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 238000007781 pre-processing Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- JHIVVAPYMSGYDF-UHFFFAOYSA-N cyclohexanone Chemical compound O=C1CCCCC1 JHIVVAPYMSGYDF-UHFFFAOYSA-N 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000002194 synthesizing effect Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a multi-party collaborative signature method and a system, wherein the method comprises the following steps: the first party preprocesses the information to be signed to obtain a message digest; the first participant calculates a first signature value of the first participant, the second participant calculates a first signature value of the second participant according to the first signature value of the first participant, and so on; the Nth participant obtains a first signature value of the message to be signed according to the first signature value and the message digest of the Nth participant, sends the first signature value to the first participant when the first signature value is not zero, calculates a second signature value of the Nth participant according to the first signature value of the message to be signed, calculates a second signature value of the Nth participant according to the second signature value of the Nth participant, and so on; and the first participant calculates a second signature value of the message to be signed according to the second signature value of the second participant and the first signature value of the message to be signed, and takes the first signature value and the second signature value of the message to be signed as a collaborative signature result when the first participant determines that the first signature value and the second signature value are not zero. Thereby making less data interactive in the signing process.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a multi-party collaborative signature method and system.
Background
The digital signature is an important part in a public key cryptosystem, meets safety requirements of integrity, tamper resistance, repudiation resistance and the like, and plays an important role in many occasions. The existing digital signature application is mostly based on a security key carrier (such as an intelligent USBKey, an intelligent card, a Bluetooth key and the like), a user key is stored in the security key carrier, the security key carrier is kept by a user and is provided with a use password, and when a signature is needed, the user connects the security key carrier to a computer to perform a signature operation.
With the popularization of mobile applications, more and more digital signature applications are migrated from a computer end to a mobile end (such as a mobile phone, a tablet computer, and the like), and digital signatures based on a secure key carrier require a user to carry the secure key carrier and a communication conversion head between the secure key carrier and the mobile end, which results in poor user experience.
In the related art, a distributed signature method is provided, but two variables in a signature value obtained by the method are originated from a signature agent center, and the interaction time is long due to more interactive data in the signature process, so that the generation speed of the signature value is influenced, and the signature time is increased; meanwhile, the existing distributed signature method only supports two parties (one collaborative signature client and one collaborative signature server) and does not support a scenario with more than two parties (one collaborative signature client and a plurality of collaborative signature servers).
Disclosure of Invention
The present invention is directed to solving, at least to some extent, one of the technical problems in the related art. Therefore, the first objective of the present invention is to provide a multi-party collaborative signing method, where only one piece of data of the obtained second signature value of the message to be signed originates from other parties, so that the number of data interacted in the signing process is reduced, thereby reducing the interaction duration, increasing the generation speed of the signature value, reducing the signature duration, and realizing collaborative signing by more parties, so as to improve the security of the secret key and meet the situation with high requirements for protecting the secret key.
The second objective of the present invention is to provide a multi-party collaborative signature system.
In order to achieve the above object, an embodiment of a first aspect of the present invention provides a multi-party cooperative signature method, where a plurality of parties includes N participants, where N is an integer greater than or equal to 2, and the method includes: each participant in the N participants generates a private key thereof; a first participant in the N participants preprocesses the information to be signed to obtain a message digest, and sends the message digest to an Nth participant in the N participants; a first participant generates a first random number, calculates a first signature value of the first participant according to the first random number, sends the first signature value of the first participant to a second participant in N participants, generates a second random number, calculates a first signature value of the second participant according to a self private key, the second random number and the first signature value of the first participant, sends the first signature value of the second participant to a third participant in N participants, and so on until an Nth participant in N participants receives the first signature value of an N-1 participant, generates an Nth random number, and calculates the first signature value of the Nth participant according to a self private key, the Nth random number and the first signature value of the N-1 participant; the Nth participant calculates the first signature value and the message digest of the Nth participant to obtain a first signature value of the message to be signed; when the first signature value of the message to be signed is determined to be not zero, the Nth participant sends the first signature value of the message to be signed to the first participant; the N participant calculates a second signature value of the N participant according to the first signature value of the message to be signed, the N random number and the self private key, the second signature value of the N participant is sent to the N-1 participant in the N participants, the N-1 participant calculates the second signature value of the N-1 participant according to the second signature value of the N participant, the N-1 random number and the self private key, the second signature value of the N-1 participant is sent to the N-2 participant in the N participants, and the rest is done until the first participant receives the second signature value of the second participant, the second signature value of the message to be signed, the first random number and the self private key are calculated; and when the second signature value of the message to be signed is determined to be not zero, the first participant takes the first signature value of the message to be signed and the second signature value of the message to be signed as a co-signing result.
According to the multiparty collaborative signing method of the embodiment of the invention, a first participant preprocesses information to be signed to obtain a message digest, the message digest is sent to an Nth participant, a first random number is generated, a first signature value of the first participant is calculated according to the first random number, the first signature value is sent to a second participant, the second participant calculates a first signature value of the second participant according to a self private key, the second random number and the first signature value of the first participant, the first signature value is sent to a third participant, and so on until the Nth participant receives the first signature value of the N-1 st participant, the first signature value of the Nth participant is calculated according to the self private key, the Nth random number and the first signature value of the N-1 st participant, and then the first signature value and the message digest of the N-th participant are calculated to obtain the first signature value of the information to be signed, and when determining that the first signature value of the message to be signed is not zero, the Nth participant sends the first signature value of the message to be signed to the first participant, calculates a second signature value of the Nth participant according to the first signature value of the message to be signed, the Nth random number and the self private key, sends the second signature value to the N-1 st participant, calculates a second signature value of the N-1 st participant according to the second signature value of the Nth participant, the N-1 st random number and the self private key, sends the second signature value to the N-2 nd participant, and so on until the first participant receives the second signature value of the second participant, calculates the second signature value of the message to be signed according to the second signature value of the second participant, the first signature value of the message to be signed, the first random number and the self private key, and when determining that the second signature value of the message to be signed is not zero, and taking the first signature value of the message to be signed and the second signature value of the message to be signed as a co-signature result. Therefore, only one piece of data of the obtained second signature value of the message to be signed is originated from other parties, so that the number of the data interacted in the signature process is reduced, the interaction time duration is reduced, the signature value generation speed is increased, the signature time duration is reduced, and more parties can collaborate to sign, so that the security of the secret key is improved, and the occasion with high requirements on the protection of the secret key is met.
According to one embodiment of the invention, the first signature value V of the first party1=[k1]G, a first signature value V of a second party2=(1+d2)*(V1+[k2]G) …, first signature value V of the N-1 st participantN-1=(1+dN-1)*(VN-2+[kN-1]G) First signature value V of the Nth participantN=(1+dN)*(VN-1+[kN]G) Wherein k is1、k2、…、kN-1、kNRespectively, a first random number, a second random number, …, an N-1 random number, an Nth random number, d2、d3、…、dN-1、dNThe self-private key of the second participant, the self-private key of the third participant, …, the self-private key of the N-1 th participant and the self-private key of the nth participant are respectively, G is an N-th base point on an elliptic curve E, and x represents a modular multiplication operation.
According to one embodiment of the invention, the second signature value W of the Nth participantN=[kN+r*(1+dN)-1]mod N, second signature value W of the N-1 th participantN-1=[kN-1+WN*(1+dN-1)-1]mod n, …, second signature value W of the second participant2=[k2+W3*(1+d2)-1]modn, second signature value s ═ 1+ d for the message to be signed1)-1*(k1+W2)-r]mod n, where k1、k2、…、kN-1、kNRespectively, a first random number, a second random number, …, an N-1 random number, an Nth random number key, d1、d2、…、dN-1、dNThe first party's own private key, the second party's own private key, …, the N-1 party's own private key and the Nth party's own private key are respectively, r is the first signature value of the message to be signed, which represents the modular multiplication operation, mod represents the solving of the solutionModulo operation, (1+ d)N)-1、(1+dN-1)-1、…、(1+d2)-1、(1+d1)-1Are respectively (1+ d)N) Inverse of modulo n, (1+ d) over a finite field FqN-1) Inverse of modulo n, …, (1+ d) over the finite field Fq2) Inverse of modulo n, (1+ d) over a finite field Fq1) The inverse of modulo n over the finite field Fq.
According to one embodiment of the present invention, when it is determined that the first signature value of the message to be signed is zero, the first participant regenerates the first random number and calculates the first signature value of the first participant based on the first random number, and sends the first signature value of the first participant to the second participant of the N participants, the second participant regenerates the second random number and calculates the first signature value of the second participant based on the own private key, the second random number and the first signature value of the first participant, and sends the first signature value of the second participant to the third participant of the N participants, and so on until the nth participant of the N participants receives the first signature value of the N-1 participant, regenerates the nth random number and calculates the first signature value of the nth participant based on the own private key, the nth random number and the first signature value of the N-1 participant, and calculating the first signature value and the message digest of the Nth participant to obtain a first signature value of the message to be signed.
According to one embodiment of the present invention, when it is determined that the second signature value of the message to be signed is zero, the first participant regenerates the first random number and calculates the first signature value of the first participant based on the first random number, and sends the first signature value of the first participant to the second participant of the N participants, the second participant regenerates the second random number and calculates the first signature value of the second participant based on the own private key, the second random number and the first signature value of the first participant, and sends the first signature value of the second participant to the third participant of the N participants, and so on until the nth participant of the N participants receives the first signature value of the N-1 participant, regenerates the nth random number and calculates the first signature value of the nth participant based on the own private key, the nth random number and the first signature value of the N-1 participant, and calculating the first signature value and the message digest of the Nth participant to obtain a first signature value of the message to be signed.
In order to achieve the above object, an embodiment of a second aspect of the present invention provides a multi-party collaborative signature system, which includes N participants, where N is an integer greater than or equal to 2, and each of the N participants generates its own private key respectively; a first participant in the N participants preprocesses the information to be signed to obtain a message digest, and sends the message digest to an Nth participant in the N participants; a first participant generates a first random number, calculates a first signature value of the first participant according to the first random number, sends the first signature value of the first participant to a second participant in N participants, generates a second random number, calculates a first signature value of the second participant according to a self private key, the second random number and the first signature value of the first participant, sends the first signature value of the second participant to a third participant in N participants, and so on until an Nth participant in N participants receives the first signature value of an N-1 participant, generates an Nth random number, and calculates the first signature value of the Nth participant according to a self private key, the Nth random number and the first signature value of the N-1 participant; the Nth participant calculates the first signature value and the message digest of the Nth participant to obtain a first signature value of the message to be signed; when the first signature value of the message to be signed is determined to be not zero, the Nth participant sends the first signature value of the message to be signed to the first participant; the N participant calculates a second signature value of the N participant according to the first signature value of the message to be signed, the N random number and the self private key, the second signature value of the N participant is sent to the N-1 participant in the N participants, the N-1 participant calculates the second signature value of the N-1 participant according to the second signature value of the N participant, the N-1 random number and the self private key, the second signature value of the N-1 participant is sent to the N-2 participant in the N participants, and the rest is done until the first participant receives the second signature value of the second participant, the second signature value of the message to be signed, the first random number and the self private key are calculated; and when the second signature value of the message to be signed is determined to be not zero, the first participant takes the first signature value of the message to be signed and the second signature value of the message to be signed as a co-signing result.
According to the multi-party collaborative signing system of the embodiment of the invention, a first participant preprocesses information to be signed to obtain a message digest, the message digest is sent to an Nth participant, a first random number is generated, a first signature value of the first participant is calculated according to the first random number, the first signature value is sent to a second participant, the second participant calculates a first signature value of the second participant according to a self private key, the second random number and the first signature value of the first participant, the first signature value is sent to a third participant, and so on until the Nth participant receives the first signature value of the N-1 st participant, the first signature value of the Nth participant is calculated according to the self private key, the Nth random number and the first signature value of the N-1 st participant, and then the first signature value and the message digest of the N-th participant are calculated to obtain the first signature value of the information to be signed, and when determining that the first signature value of the message to be signed is not zero, the Nth participant sends the first signature value of the message to be signed to the first participant, calculates a second signature value of the Nth participant according to the first signature value of the message to be signed, the Nth random number and the self private key, sends the second signature value to the N-1 st participant, calculates a second signature value of the N-1 st participant according to the second signature value of the Nth participant, the N-1 st random number and the self private key, sends the second signature value to the N-2 nd participant, and so on until the first participant receives the second signature value of the second participant, calculates the second signature value of the message to be signed according to the second signature value of the second participant, the first signature value of the message to be signed, the first random number and the self private key, and when determining that the second signature value of the message to be signed is not zero, and taking the first signature value of the message to be signed and the second signature value of the message to be signed as a co-signature result. Therefore, only one piece of data of the obtained second signature value of the message to be signed is originated from other parties, so that the number of the data interacted in the signature process is reduced, the interaction time duration is reduced, the signature value generation speed is increased, the signature time duration is reduced, and more parties can collaborate to sign, so that the security of the secret key is improved, and the occasion with high requirements on the protection of the secret key is met.
According to one embodiment of the invention, the first signature value V of the first party1=[k1]G, a first signature value V of a second party2=(1+d2)*(V1+[k2]G) …, first signature value V of the N-1 st participantN-1=(1+dN-1)*(VN-2+[kN-1]G) First signature value V of the Nth participantN=(1+dN)*(VN-1+[kN]G) Wherein k is1、k2、…、kN-1、kNRespectively, a first random number, a second random number, …, an N-1 random number, an Nth random number, d2、d3、…、dN-1、dNThe self-private key of the second participant, the self-private key of the third participant, …, the self-private key of the N-1 th participant and the self-private key of the nth participant are respectively, G is an N-th base point on an elliptic curve E, and x represents a modular multiplication operation.
According to one embodiment of the invention, the second signature value W of the Nth participantN=[kN+r*(1+dN)-1]mod N, second signature value W of the N-1 th participantN-1=[kN-1+WN*(1+dN-1)-1]mod n, …, second signature value W of the second participant2=[k2+W3*(1+d2)-1]modn, second signature value s ═ 1+ d for the message to be signed1)-1*(k1+W2)-r]mod n, where k1、k2、…、kN-1、kNRespectively, a first random number, a second random number, …, an N-1 random number, an Nth random number, d1、d2、…、dN-1、dNThe first private key of the first participant, the second private key of the second participant, …, the self private key of the N-1 participant and the self private key of the Nth participant respectively, r is a first signature value of the message to be signed, and represents a modular multiplication operationMod denotes the modulo operation, (1+ d)N)-1、(1+dN-1)-1、…、(1+d2)-1、(1+d1)-1Are respectively (1+ d)N) Inverse of modulo n, (1+ d) over a finite field FqN-1) Inverse of modulo n, …, (1+ d) over the finite field Fq2) Inverse of modulo n, (1+ d) over a finite field Fq1) The inverse of modulo n over the finite field Fq.
According to one embodiment of the invention, when the first signature value of the message to be signed is zero, the first participant regenerates the first random number and calculates the first signature value of the first participant according to the first random number, and sends the first signature value of the first participant to the second participant of the N participants, the second participant regenerates the second random number and calculates the first signature value of the second participant according to the own private key, the second random number and the first signature value of the first participant, and sends the first signature value of the second participant to the third participant of the N participants, and so on, until the nth participant of the N participants receives the first signature value of the N-1 participant, the nth random number is regenerated and the first signature value of the nth participant is calculated according to the own private key, the nth random number and the first signature value of the N-1 participant, and calculating the first signature value and the message digest of the Nth participant to obtain a first signature value of the message to be signed.
According to one embodiment of the invention, when the second signature value of the message to be signed is zero, the first participant regenerates the first random number and calculates the first signature value of the first participant according to the first random number, and sends the first signature value of the first participant to the second participant of the N participants, the second participant regenerates the second random number and calculates the first signature value of the second participant according to the own private key, the second random number and the first signature value of the first participant, and sends the first signature value of the second participant to the third participant of the N participants, and so on, until the nth participant of the N participants receives the first signature value of the N-1 participant, the nth random number is regenerated and the first signature value of the nth participant is calculated according to the own private key, the nth random number and the first signature value of the N-1 participant, and calculating the first signature value and the message digest of the Nth participant to obtain a first signature value of the message to be signed.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
Fig. 1 is a flow diagram of a multi-party co-signing method according to one embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
The following describes a multi-party cooperative signature method and system according to an embodiment of the present invention with reference to the drawings.
Fig. 1 is a flow diagram of a multi-party co-signing method according to one embodiment of the present invention. Referring to fig. 1, the multiparty collaborative signature method includes the following steps:
step S101, each participant in the N participants generates own private key respectively.
For example, each of the N participants may generate its own private key separately using random number generation. As a specific example, N participants may share the elliptic curve parameters E (Fq), G and N of the SM2 algorithm, where the elliptic curve E is an elliptic curve defined over a finite field Fq, and G is an N-th order base point on the elliptic curve E, and each participant may randomly select a large integer between [1, N-2] as its own private key.
And S102, a first participant in the N participants preprocesses the information to be signed to obtain a message digest, and sends the message digest to an Nth participant in the N participants.
Optionally, the information to be signed M may be preprocessed by a hash algorithm to obtain the message digest e.
Step S103, a first participant generates a first random number, calculates a first signature value of the first participant according to the first random number, sends the first signature value of the first participant to a second participant of N participants, generates a second random number, calculates a first signature value of the second participant according to a self private key, the second random number and the first signature value of the first participant, sends the first signature value of the second participant to a third participant of the N participants, and so on until an N participant of the N participants receives the first signature value of an N-1 participant, generates an N random number, and calculates the first signature value of the N participant according to the self, the N random number and the first signature value of the N-1 participant.
Alternatively, N participants may share the elliptic curve parameters e (fq), G and N of the SM2 algorithm, and each participant may randomly select a number between [1, N-1] as its own random number.
And step S104, the Nth participant calculates the first signature value and the message digest of the Nth participant to obtain a first signature value of the message to be signed.
Step S105, when the first signature value of the message to be signed is determined not to be zero, the Nth participant sends the first signature value of the message to be signed to the first participant.
According to one embodiment of the present invention, when it is determined that the first signature value of the message to be signed is zero, the first participant regenerates the first random number and calculates the first signature value of the first participant based on the first random number, and sends the first signature value of the first participant to the second participant of the N participants, the second participant regenerates the second random number and calculates the first signature value of the second participant based on the own private key, the second random number and the first signature value of the first participant, and sends the first signature value of the second participant to the third participant of the N participants, and so on until the nth participant of the N participants receives the first signature value of the N-1 participant, regenerates the nth random number and calculates the first signature value of the nth participant based on the own private key, the nth random number and the first signature value of the N-1 participant, and calculating the first signature value and the message digest of the Nth participant to obtain a first signature value of the message to be signed.
Step S106, the Nth participant calculates a second signature value of the Nth participant according to the first signature value of the message to be signed, the Nth random number and the own private key, and sends the second signature value of the Nth participant to the N-1 st participant in the N participants, the N-1 st participant calculates the second signature value of the N-1 st participant according to the second signature value of the Nth participant, the N-1 th random number and the own private key, and sends the second signature value of the N-1 st participant to the N-2 nd participant in the N participants, and so on until the first participant receives the second signature value of the second participant, the second signature value of the message to be signed is calculated according to the second signature value of the second participant, the first signature value of the message to be signed, the first random number and the own private key.
And step S107, when the second signature value of the message to be signed is determined not to be zero, the first participant takes the first signature value of the message to be signed and the second signature value of the message to be signed as a co-signing result.
According to one embodiment of the present invention, when it is determined that the second signature value of the message to be signed is zero, the first participant regenerates the first random number and calculates the first signature value of the first participant based on the first random number, and sends the first signature value of the first participant to the second participant of the N participants, the second participant regenerates the second random number and calculates the first signature value of the second participant based on the own private key, the second random number and the first signature value of the first participant, and sends the first signature value of the second participant to the third participant of the N participants, and so on until the nth participant of the N participants receives the first signature value of the N-1 participant, regenerates the nth random number and calculates the first signature value of the nth participant based on the own private key, the nth random number and the first signature value of the N-1 participant, and calculating the first signature value and the message digest of the Nth participant to obtain a first signature value of the message to be signed.
As a specific example, when N equals 2, i.e., the parties include the first party A1(e.g., a co-signed client) and a second party a2(e.g., a co-signed server), the first party A1And a second party A2The elliptic curve parameters e (fq), G and n of the SM2 algorithm can be shared, wherein the first participant a1One can be randomly selected to be located at [1, n-2]]A large integer d between1As a first party A1Of the second party A2One can be randomly selected to be located at [1, n-2]]A large integer d between2As a second party A2The own private key of (2).
Then, the first party A1Preprocessing the information M to be signed to obtain a message digest e, and randomly selecting one message digest to be positioned in [1, n-1]]A number in between as the first random number k1And according to the first random number k1Computing a first Party A1First signature value V1Optionally, the first party A1First signature value V1=[k1]G, and then the first signature value V1And message digest e to second party a2。
Second Party A2Randomly selecting one to be located in [1, n-1]]A number in between as a second random number k2And according to its own private key d2A second random number k2And a first party A1First signature value V1Computing the second Party A2First signature value V2Optionally, the second party A2First signature value V2=(1+d2)*(V1+[k2]G) Where denotes a modular multiplication operation.
Then, the second party A2To the second party A2First signature value V2And calculating the message digest e to obtain a first signature value r of the message to be signed. Optionally, V ═ V can be written2And the coordinate of V is (x1, y1), and a first signature value r of the message to be signed can be calculated according to x1 and e, wherein the first signature value r is (x1+ e) mod n, and mod represents the modulo operation. Next, the second party A2Judgment ofWhether the first signature value r of the message to be signed is zero or not, if so, returning to the first participant A1Randomly selecting one to be located in [1, n-1]]A number in between as the first random number k1A step (2); if not, according to the first signature value r and the second random number k of the message to be signed2And its own private key d2Computing the second Party A2Second signature value W2Optionally, the second party A2Second signature value W2=[k2+r*(1+d2)-1]modn, wherein (1+ d)2)-1Is (1+ d)2) The inverse of modulo n over the finite field Fq. Then, the second party A2A message to be signed is signed by a first signature value r and a second signature value W2To the first party a1。
First party A1According to the second party A2Second signature value W2A first signature value r of the message to be signed and a first random number k1And its own private key d1And calculating a second signature value s of the message to be signed. Optionally, the second signature value s ═ 1+ d for the message to be signed1)-1*(k1+W2)-r]modn, wherein (1+ d)1)-1Is (1+ d)1) The inverse of modulo n over the finite field Fq. Next, the first party A1Judging whether the second signature value s of the message to be signed is zero or not, if so, returning to the first participant A1Randomly selecting one to be located in [1, n-1]]A number in between as the first random number k1A step (2); if not, taking the first signature value r of the message to be signed and the second signature value s of the message to be signed as a co-signature result, and optionally, synthesizing the first signature value r of the message to be signed and the second signature value s of the message to be signed to obtain a final co-signature result.
In this example, the obtained second signature value s ═ 1+ d of the message to be signed is calculated1)-1*(k1+W2)-r]modn, where only W2Originating from other participants (e.g., the co-signing server), the W2Has a data length of 32 bytes, compared with the signature value obtained by the distributed signature method in the related art, the two signature values existThe variable comes from the signature agent center, wherein the data length of each variable is 32 bytes, and the signature method provided by the application has less interactive data in the signature process, so that the interactive time length is reduced, the signature value generation speed is increased, and the signature time length is reduced.
As another specific example, when N is an integer greater than 2, i.e., the parties include the first party A1(e.g., a co-signed client), second party A2(e.g., first collaborative signature server), third party A3(e.g., second co-signed server),. and (N) partyN(e.g., N-1 co-signed server), N participants may share the elliptic curve parameters E (Fq), G, and N of the SM2 algorithm, where the first participant A1One can be randomly selected to be located at [1, n-2]]A large integer d between1As a first party A1Of the second party A2One can be randomly selected to be located at [1, n-2]]A large integer d between2As a second party A2Of the third party A3One can be randomly selected to be located at [1, n-2]]A large integer d between3As a third party A3Is the nth party aNOne can be randomly selected to be located at [1, n-2]]A large integer d betweenNAs the Nth party ANThe own private key of (2).
Then, the first party A1Preprocessing the information M to be signed to obtain a message digest e, and sending the message digest e to the Nth participant AN. In addition, the first party A1And also randomly selects one to be positioned in [1, n-1]]A number in between as the first random number k1And according to the first random number k1Computing a first Party A1First signature value V1Optionally, the first party A1First signature value V1=[k1]G, and then the first signature value V1To the second party a2。
Second Party A2Randomly selecting one to be located in [1, n-1]]A number in between as a second random number k2And according to its own private key d2A second random number k2And a first party A1First signature value V1Computing the second Party A2First signature value V2Optionally, the second party A2First signature value V2=(1+d2)*(V1+[k2]G) Wherein, the first signature value V represents a modular multiplication operation2To a third party a3。
Third Party A3Randomly selecting one to be located in [1, n-1]]A number in between as a third random number k3And according to its own private key d3A third random number k3And a second party A2First signature value V2Computing a third Party A3First signature value V3Optionally, a third party A3First signature value V3=(1+d3)*(V2+[k3]G) Wherein, the first signature value V represents a modular multiplication operation3To the fourth party a4。
And so on in the above manner.
N-1 th Party AN-1Randomly selecting one to be located in [1, n-1]]The number in between is used as the N-1 random number kN-1And according to its own private key dN-1N-1 random number kN-1And the N-2 th party AN-2First signature value VN-2Calculate the N-1 st Party AN-1First signature value VN-1Optionally, the N-1 st participant AN-1First signature value VN-1=(1+dN-1)*(VN-2+[kN-1]G) Wherein, the first signature value V represents a modular multiplication operationN-1To the Nth party AN。
Nth Party ANRandomly selecting one to be located in [1, n-1]]The number in between is used as the Nth random number kNAnd according to its own private key dNN random number kNAnd the N-1 st Party AN-1First signature value VN-1Calculate Nth Party ANFirst signature value VNOptionally, the Nth participant ANFirst signature value VN=(1+dN)*(VN-1+[kN]G) Where denotes a modular multiplication operation. Then, the Nth party ANTo Nth participant ANFirst signature value VNAnd calculating the message digest e to obtain a first signature value r of the message to be signed. Optionally, V ═ V can be writtenNAnd the coordinate of V is (x1, y1), and a first signature value r of the message to be signed can be calculated according to x1 and e, wherein the first signature value r is (x1+ e) mod n, and mod represents the modulo operation. Next, the Nth participant ANJudging whether the first signature value r of the message to be signed is zero or not, if so, returning to the first participant A1Randomly selecting one to be located in [1, n-1]]A number in between as the first random number k1A step (2); if not, according to the first signature value r and the Nth random number k of the message to be signedNAnd its own private key dNCalculate Nth Party ANSecond signature value WNOptionally, the Nth participant ANSecond signature value WN=[kN+r*(1+dN)-1]modn, wherein (1+ d)N)-1Is (1+ d)N) The inverse of modulo n over the finite field Fq. Then, the Nth party ANSending a first signature value r of a message to be signed to a first participant A1And applying the second signature value WNTo the (N-1) th party AN-1。
N-1 th Party AN-1According to the second signature value W of the Nth participantNN-1 random number kN-1And its own private key dN-1Computing a second signature value W for the N-1 st participantN-1Optionally, a second signature value W of the N-1 st participantN-1=[kN-1+WN*(1+dN-1)-1]modn, wherein (1+ d)N-1)-1Is (1+ d)N-1) Inverse of modulo n over the finite field Fq and applying the second signature value WN-1To the N-2 nd party AN-2。
N-2 th Party AN-2According to the second signature value W of the N-1 st participantN-1N-2 random number kN-2And its own private key dN-2Computing a second signature value W for the N-2 th participantN-2Optionally, a second signature value W of the N-2 th partyN-2=[kN-2+WN-1*(1+dN-2)-1]modn, wherein (1+ d)N-2)-1Is (1+ d)N-2) Inverse of modulo n over the finite field Fq and applying the second signature value WN-2To the N-3 rd party AN-3。
And so on in the above manner.
Third Party A3According to the second signature value W of the fourth party4A third random number k3And its own private key d3Calculating a second signature value W of the third party3Optionally, a second signature value W of the third party3=[k3+W4*(1+d3)-1]modn, wherein (1+ d)3)-1Is (1+ d)3) Inverse of modulo n over the finite field Fq and applying the second signature value W3To the second party a2。
Second Party A2According to the second signature value W of the third party3A second random number k2And its own private key d2Calculating a second signature value W for the second party2Optionally, a second signature value W of the second party2=[k2+W3*(1+d2)-1]modn, wherein (1+ d)2)-1Is (1+ d)2) Inverse of modulo n over the finite field Fq and applying the second signature value W2To the first party a1。
First party A1According to the second signature value W of the second party2A first signature value r of the message to be signed and a first random number k1And its own private key d1And calculating a second signature value s of the message to be signed. Optionally, the second signature value s ═ 1+ d for the message to be signed1)-1*(k1+W2)-r]modn, wherein (1+ d)1)-1Is (1+ d)1) The inverse of modulo n over the finite field Fq. Next, the first party A1Judging whether the second signature value s of the message to be signed is zero or not, if so, returning to the first participant A1Randomly selecting one to be located in [1, n-1]]A number in between as the first random number k1A step (2); if notIf the result is zero, the first signature value r of the message to be signed and the second signature value s of the message to be signed are used as the co-signature result, and optionally, the first signature value r of the message to be signed and the second signature value s of the message to be signed can be synthesized to obtain a final co-signature result.
In this example, more participator collaborative signatures can be realized to improve the security of the secret key and satisfy the situation with high requirement on secret key protection, that is, the collaborative signature method of the present application can expand to support more participator collaborative signatures, when the requirement on secret key protection of the user is high, more than two collaborative signature service terminals can be set according to the requirement on secret key protection, and then three or more parties can jointly complete signatures, thereby ensuring the security of digital signatures.
It should be noted that, in the above example, the random number and the first signature value generated by each of the N participants are destroyed after the usage is completed.
In summary, according to the multi-party cooperative signing method of the embodiment of the present invention, only one data of the second signature value of the message to be signed obtained through the above cooperative signing is originated from other parties, so that the interactive data in the signing process is less, the interaction duration is reduced, the signature value generation speed is increased, the signature duration is reduced, and more party cooperative signing can be realized, so as to improve the security of the secret key and meet the situation with high requirement on the protection of the secret key.
In addition, the embodiment of the invention also provides a multi-party collaborative signature system, which comprises N participants, wherein N is an integer greater than or equal to 2.
Each participant in the N participants generates a private key thereof; a first participant in the N participants preprocesses the information to be signed to obtain a message digest, and sends the message digest to an Nth participant in the N participants; a first participant generates a first random number, calculates a first signature value of the first participant according to the first random number, sends the first signature value of the first participant to a second participant in N participants, generates a second random number, calculates a first signature value of the second participant according to a self private key, the second random number and the first signature value of the first participant, sends the first signature value of the second participant to a third participant in N participants, and so on until an Nth participant in N participants receives the first signature value of an N-1 participant, generates an Nth random number, and calculates the first signature value of the Nth participant according to a self private key, the Nth random number and the first signature value of the N-1 participant; the Nth participant calculates the first signature value and the message digest of the Nth participant to obtain a first signature value of the message to be signed; when the first signature value of the message to be signed is determined to be not zero, the Nth participant sends the first signature value of the message to be signed to the first participant; the N participant calculates a second signature value of the N participant according to the first signature value of the message to be signed, the N random number and the self private key, the second signature value of the N participant is sent to the N-1 participant in the N participants, the N-1 participant calculates the second signature value of the N-1 participant according to the second signature value of the N participant, the N-1 random number and the self private key, the second signature value of the N-1 participant is sent to the N-2 participant in the N participants, and the rest is done until the first participant receives the second signature value of the second participant, the second signature value of the message to be signed, the first random number and the self private key are calculated; and when the second signature value of the message to be signed is determined to be not zero, the first participant takes the first signature value of the message to be signed and the second signature value of the message to be signed as a co-signing result.
According to one embodiment of the invention, the first signature value V of the first party1=[k1]G, a first signature value V of a second party2=(1+d2)*(V1+[k2]G) …, first signature value V of the N-1 st participantN-1=(1+dN-1)*(VN-2+[kN-1]G) First signature value V of the Nth participantN=(1+dN)*(VN-1+[kN]G) Wherein k is1、k2、…、kN-1、kNRespectively, a first random number, a second random number, …, an N-1Random number, Nth random number, d2、d3、…、dN-1、dNThe self-private key of the second participant, the self-private key of the third participant, …, the self-private key of the N-1 th participant and the self-private key of the nth participant are respectively, G is an N-th base point on an elliptic curve E, and x represents a modular multiplication operation.
According to one embodiment of the invention, the second signature value W of the Nth participantN=[kN+r*(1+dN)-1]mod N, second signature value W of the N-1 th participantN-1=[kN-1+WN*(1+dN-1)-1]mod n, …, second signature value W of the second participant2=[k2+W3*(1+d2)-1]modn, second signature value s ═ 1+ d for the message to be signed1)-1*(k1+W2)-r]mod n, where k1、k2、…、kN-1、kNRespectively, a first random number, a second random number, …, an N-1 random number, an Nth random number, d1、d2、…、dN-1、dNThe first party private key, the second party private key, …, the N-1 party private key and the Nth party private key are respectively, r is a first signature value of the message to be signed, a represents a modular multiplication operation, mod represents a modular operation, and (1+ d) represents a modular operationN)-1、(1+dN-1)-1、…、(1+d2)-1、(1+d1)-1Are respectively (1+ d)N) Inverse of modulo n, (1+ d) over a finite field FqN-1) Inverse of modulo n, …, (1+ d) over the finite field Fq2) Inverse of modulo n, (1+ d) over a finite field Fq1) The inverse of modulo n over the finite field Fq.
According to one embodiment of the invention, when the first signature value of the message to be signed is zero, the first participant regenerates the first random number and calculates the first signature value of the first participant according to the first random number, and sends the first signature value of the first participant to the second participant of the N participants, the second participant regenerates the second random number and calculates the first signature value of the second participant according to the own private key, the second random number and the first signature value of the first participant, and sends the first signature value of the second participant to the third participant of the N participants, and so on, until the nth participant of the N participants receives the first signature value of the N-1 participant, the nth random number is regenerated and the first signature value of the nth participant is calculated according to the own private key, the nth random number and the first signature value of the N-1 participant, and calculating the first signature value and the message digest of the Nth participant to obtain a first signature value of the message to be signed.
According to one embodiment of the invention, when the second signature value of the message to be signed is zero, the first participant regenerates the first random number and calculates the first signature value of the first participant according to the first random number, and sends the first signature value of the first participant to the second participant of the N participants, the second participant regenerates the second random number and calculates the first signature value of the second participant according to the own private key, the second random number and the first signature value of the first participant, and sends the first signature value of the second participant to the third participant of the N participants, and so on, until the nth participant of the N participants receives the first signature value of the N-1 participant, the nth random number is regenerated and the first signature value of the nth participant is calculated according to the own private key, the nth random number and the first signature value of the N-1 participant, and calculating the first signature value and the message digest of the Nth participant to obtain a first signature value of the message to be signed.
It should be noted that, for the description of the multi-party cooperative signature system in the present application, please refer to the description of the multi-party cooperative signature method in the present application, and details are not repeated here.
It should be noted that the logic and/or steps represented in the flowcharts or otherwise described herein, such as an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
In the present invention, unless otherwise expressly stated or limited, the terms "mounted," "connected," "secured," and the like are to be construed broadly and can, for example, be fixedly connected, detachably connected, or integrally formed; can be mechanically or electrically connected; they may be directly connected or indirectly connected through intervening media, or they may be connected internally or in any other suitable relationship, unless expressly stated otherwise. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations. Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.
Claims (10)
1. A multi-party cooperative signature method, wherein the multi-party includes N participants, where N is an integer greater than or equal to 2, the method comprising:
each participant in the N participants generates a private key thereof;
a first participant in the N participants preprocesses information to be signed to obtain a message digest, and sends the message digest to an Nth participant in the N participants;
the first party generating a first random number and calculating a first signature value of the first party from the first random number, and sending a first signature value of the first party to a second party of the N parties, the second party generating a second random number, and calculates a first signature value of the second party from a private key of the second party, the second random number and the first signature value of the first party, and sending the first signature value of the second party to a third party of the N parties, and so on, until the Nth participant in the N participants receives the first signature value of the (N-1) th participant, generating an Nth random number, calculating a first signature value of the Nth participant according to a self private key, the Nth random number and the first signature value of the N-1 th participant;
the Nth participant calculates the first signature value of the Nth participant and the message digest to obtain a first signature value of the message to be signed;
when the message to be signed is determined to be not zero, the Nth participant sends the message to be signed first signature value to the first participant;
the Nth participant calculates a second signature value of the Nth participant according to the first signature value of the message to be signed, the Nth random number and a self private key, and transmitting the second signature value of the nth participant to an N-1 th participant among the N participants, the N-1 st participant calculates a second signature value of the N-1 st participant according to the second signature value of the N-1 st participant, the N-1 st random number and the self private key, and transmitting the second signature value of the N-1 st participant to an N-2 nd participant of the N participants, and so on, until the first party receives the second signature value of the second party, calculating a second signature value of the message to be signed according to a second signature value of the second party, the first signature value of the message to be signed, the first random number and a self private key;
and when the second signature value of the message to be signed is determined to be not zero, the first participant takes the first signature value of the message to be signed and the second signature value of the message to be signed as a co-signing result.
2. The multi-party collaborative signing method of claim 1, wherein the first signature value V of the first party1=[k1]G, a first signature value V of the second party2=(1+d2)*(V1+[k2]G) …, the first signature value V of the N-1 st participantN-1=(1+dN-1)*(VN-2+[kN-1]G) A first signature value V of the Nth participantN=(1+dN)*(VN-1+[kN]G) Wherein k is1、k2、…、kN-1、kNThe first random number, the second random number, …, the N-1 random number, the Nth random number, d2、d3、…、dN-1、dNThe private keys of the second participant, the third participant, …, the private key of the N-1 participant, and the private key of the nth participant, respectively, G is an N-th base point on an elliptic curve E, and x represents a modular multiplication operation.
3. The multi-party collaborative signing method of claim 1, wherein the second signature value W of the nth partyN=[kN+r*(1+dN)-1]mod N, second signature value W of the N-1 st participantN-1=[kN-1+WN*(1+dN-1)-1]mod n, …, a second signature value W of the second party2=[k2+W3*(1+d2)-1]mod n, the second signature value s ═ 1+ d for the message to be signed1)-1*(k1+W2)-r]mod n, where k1、k2、…、kN-1、kNThe first random number, the second random number, …, the N-1 random number, the Nth random number, d1、d2、…、dN-1、dNRespectively of the first partyA private key of the second party, …, a private key of the N-1 party, and a private key of the N party, r is a first signature value of the message to be signed, r represents a modular multiplication operation, mod represents a modular operation, (1+ d) represents a modular operationN)-1、(1+dN-1)-1、…、(1+d2)-1、(1+d1)-1Are respectively (1+ d)N) Inverse of modulo n, (1+ d) over a finite field FqN-1) Inverse of modulo n, …, (1+ d) over the finite field Fq2) Inverse of modulo n, (1+ d) over a finite field Fq1) The inverse of modulo n over the finite field Fq.
4. The multi-party cooperative signing method according to any one of claims 1-3, wherein upon determining that the first signature value of the message to be signed is zero, the first participant regenerates a first random number and calculates a first signature value of the first participant based on the first random number, and sends the first signature value of the first participant to a second participant of the N participants, the second participant regenerates a second random number and calculates a first signature value of the second participant based on its own private key, the second random number and the first signature value of the first participant, and sends the first signature value of the second participant to a third participant of the N participants, and so on until the N participant of the N participants receives the first signature value of the N-1 participant, and regenerating an Nth random number, calculating a first signature value of the Nth participant according to a self private key, the Nth random number and the first signature value of the (N-1) th participant, and calculating the first signature value of the to-be-signed message and the message digest to obtain the first signature value of the to-be-signed message.
5. The multi-party cooperative signing method according to any one of claims 1 to 3, wherein upon determining that the second signature value of the message to be signed is zero, the first participant regenerates a first random number and calculates a first signature value of the first participant based on the first random number, and sends the first signature value of the first participant to a second participant of the N participants, the second participant regenerates a second random number and calculates a first signature value of the second participant based on its own private key, the second random number and the first signature value of the first participant, and sends the first signature value of the second participant to a third participant of the N participants, and so on until the N participant of the N participants receives the first signature value of the N-1 participant, and regenerating an Nth random number, calculating a first signature value of the Nth participant according to a self private key, the Nth random number and the first signature value of the (N-1) th participant, and calculating the first signature value of the to-be-signed message and the message digest to obtain the first signature value of the to-be-signed message.
6. A multi-party collaborative signature system is characterized in that the system comprises N participants, wherein N is an integer greater than or equal to 2,
each participant in the N participants generates a private key thereof;
a first participant in the N participants preprocesses information to be signed to obtain a message digest, and sends the message digest to an Nth participant in the N participants;
the first party generating a first random number and calculating a first signature value of the first party from the first random number, and sending a first signature value of the first party to a second party of the N parties, the second party generating a second random number, and calculates a first signature value of the second party from a private key of the second party, the second random number and the first signature value of the first party, and sending the first signature value of the second party to a third party of the N parties, and so on, until the Nth participant in the N participants receives the first signature value of the (N-1) th participant, generating an Nth random number, calculating a first signature value of the Nth participant according to a self private key, the Nth random number and the first signature value of the N-1 th participant;
the Nth participant calculates the first signature value of the Nth participant and the message digest to obtain a first signature value of the message to be signed;
when the message to be signed is determined to be not zero, the Nth participant sends the message to be signed first signature value to the first participant;
the Nth participant calculates a second signature value of the Nth participant according to the first signature value of the message to be signed, the Nth random number and a self private key, and transmitting the second signature value of the nth participant to an N-1 th participant among the N participants, the N-1 st participant calculates a second signature value of the N-1 st participant according to the second signature value of the N-1 st participant, the N-1 st random number and the self private key, and transmitting the second signature value of the N-1 st participant to an N-2 nd participant of the N participants, and so on, until the first party receives the second signature value of the second party, calculating a second signature value of the message to be signed according to a second signature value of the second party, the first signature value of the message to be signed, the first random number and a self private key;
and when the second signature value of the message to be signed is determined to be not zero, the first participant takes the first signature value of the message to be signed and the second signature value of the message to be signed as a co-signing result.
7. The multi-party collaborative signing system of claim 6, wherein the first signature value V of the first party1=[k1]G, a first signature value V of the second party2=(1+d2)*(V1+[k2]G) …, the first signature value V of the N-1 st participantN-1=(1+dN-1)*(VN-2+[kN-1]G) A first signature value V of the Nth participantN=(1+dN)*(VN-1+[kN]G) Wherein k is1、k2、…、kN-1、kNRespectively the first random number,The second random number, …, the Nth-1 random number, the Nth random number, d2、d3、…、dN-1、dNThe private keys of the second participant, the third participant, …, the private key of the N-1 participant, and the private key of the nth participant, respectively, G is an N-th base point on an elliptic curve E, and x represents a modular multiplication operation.
8. The multi-party collaborative signing system of claim 6, wherein the second signature value W of the nth partyN=[kN+r*(1+dN)-1]mod N, second signature value W of the N-1 st participantN-1=[kN-1+WN*(1+dN-1)-1]mod n, …, a second signature value W of the second party2=[k2+W3*(1+d2)-1]mod n, the second signature value s ═ 1+ d for the message to be signed1)-1*(k1+W2)-r]mod n, where k1、k2、…、kN-1、kNThe first random number, the second random number, …, the N-1 random number, the Nth random number, d1、d2、…、dN-1、dNThe private key of the first party, the private key of the second party, …, the private key of the N-1 party and the private key of the N party are respectively, r is a first signature value of the message to be signed, which represents a modular multiplication operation, mod represents a modulo operation, and (1+ d) represents a modulo operationN)-1、(1+dN-1)-1、…、(1+d2)-1、(1+d1)-1Are respectively (1+ d)N) Inverse of modulo n, (1+ d) over a finite field FqN-1) Inverse of modulo n, …, (1+ d) over the finite field Fq2) Inverse of modulo n, (1+ d) over a finite field Fq1) The inverse of modulo n over the finite field Fq.
9. The multi-party collaborative signing system of any of claims 6-8, wherein when the first signature value of the message to be signed is zero, the first participant regenerates a first random number and calculates a first signature value of the first participant based on the first random number, and sends the first signature value of the first participant to a second participant of the N participants, the second participant regenerates a second random number and calculates a first signature value of the second participant based on its own private key, the second random number and the first signature value of the first participant, and sends the first signature value of the second participant to a third participant of the N participants, and so on until an Nth participant of the N participants receives the first signature value of an N-1 th participant, and regenerating an Nth random number, calculating a first signature value of the Nth participant according to a self private key, the Nth random number and the first signature value of the (N-1) th participant, and calculating the first signature value of the to-be-signed message and the message digest to obtain the first signature value of the to-be-signed message.
10. The multi-party collaborative signing system of any of claims 6-8, wherein when the second signature value of the message to be signed is zero, the first participant regenerates a first random number and calculates a first signature value of the first participant based on the first random number, and sends the first signature value of the first participant to a second participant of the N participants, the second participant regenerates a second random number and calculates a first signature value of the second participant based on its own private key, the second random number and the first signature value of the first participant, and sends the first signature value of the second participant to a third participant of the N participants, and so on until the Nth participant of the N participants receives the first signature value of the N-1 participant, and regenerating an Nth random number, calculating a first signature value of the Nth participant according to a self private key, the Nth random number and the first signature value of the (N-1) th participant, and calculating the first signature value of the to-be-signed message and the message digest to obtain the first signature value of the to-be-signed message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110459318.6A CN114285577B (en) | 2021-04-27 | 2021-04-27 | Multiparty collaborative signature method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110459318.6A CN114285577B (en) | 2021-04-27 | 2021-04-27 | Multiparty collaborative signature method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114285577A true CN114285577A (en) | 2022-04-05 |
| CN114285577B CN114285577B (en) | 2024-05-03 |
Family
ID=80868288
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110459318.6A Active CN114285577B (en) | 2021-04-27 | 2021-04-27 | Multiparty collaborative signature method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114285577B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160191252A1 (en) * | 2013-08-16 | 2016-06-30 | China Iwncomm Co., Ltd. | Method and device for generating digital signature |
| CN108667625A (en) * | 2018-07-19 | 2018-10-16 | 数安时代科技股份有限公司 | Cooperate with the digital signature method of SM2 |
| US20180359097A1 (en) * | 2017-06-07 | 2018-12-13 | Bar-Ilan University | Digital signing by utilizing multiple distinct signing keys, distributed between two parties |
| CN109743166A (en) * | 2018-12-10 | 2019-05-10 | 普华诚信信息技术有限公司 | Multiple party signatures generation method and security information verification system |
| CN111754233A (en) * | 2020-06-29 | 2020-10-09 | 兴唐通信科技有限公司 | Electronic payment method and system based on multi-party signature |
-
2021
- 2021-04-27 CN CN202110459318.6A patent/CN114285577B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160191252A1 (en) * | 2013-08-16 | 2016-06-30 | China Iwncomm Co., Ltd. | Method and device for generating digital signature |
| US20180359097A1 (en) * | 2017-06-07 | 2018-12-13 | Bar-Ilan University | Digital signing by utilizing multiple distinct signing keys, distributed between two parties |
| CN108667625A (en) * | 2018-07-19 | 2018-10-16 | 数安时代科技股份有限公司 | Cooperate with the digital signature method of SM2 |
| CN109743166A (en) * | 2018-12-10 | 2019-05-10 | 普华诚信信息技术有限公司 | Multiple party signatures generation method and security information verification system |
| CN111754233A (en) * | 2020-06-29 | 2020-10-09 | 兴唐通信科技有限公司 | Electronic payment method and system based on multi-party signature |
Non-Patent Citations (1)
| Title |
|---|
| 冯琦;何德彪;罗敏;李莉;: "移动互联网环境下轻量级SM2两方协同签名", 计算机研究与发展, no. 10, 9 October 2020 (2020-10-09), pages 130 - 140 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114285577B (en) | 2024-05-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110166239B (en) | User private key generation method and system, readable storage medium and electronic device | |
| CN111200502B (en) | Collaborative digital signature method and device | |
| CN108234443B (en) | Subscription method, system and computer readable storage medium | |
| CN112187469B (en) | SM2 multiparty collaborative digital signature method and system based on key factors | |
| CN110535635B (en) | Cooperative signature method and system supporting information hiding | |
| CN104080069A (en) | Virtual number based method, system and device for third party business | |
| CN107302438A (en) | A kind of private key protection method based on key updating, system and device | |
| CN107911217B (en) | Method and device for cooperatively generating signature based on ECDSA algorithm and data processing system | |
| CN109743166B (en) | Multiparty signature generation method and security information verification system | |
| CN110505056B (en) | Collaborative signature method and device supporting trusted display | |
| CN110535636B (en) | Lightweight cooperative signature method and device based on SM2 algorithm | |
| CN112653554B (en) | Signature method, system, equipment and readable storage medium | |
| CN113742670A (en) | Multi-party cooperative decryption method and device | |
| CN113468580B (en) | Multi-party collaborative signature method and system | |
| WO2013136235A1 (en) | Byzantine fault tolerance and threshold coin tossing | |
| CN107196839B (en) | Service data processing method and device | |
| CN114285577A (en) | Multi-party collaborative signature method and system | |
| CN113259095B (en) | Collaborative public key generation method, multi-party collaborative signature method and system | |
| CN115378615A (en) | Collaborative signature method and device, electronic equipment and storage medium | |
| CN117134900A (en) | Structure for realizing asymmetric encryption and control method | |
| CN112152808A (en) | Multi-party collaborative digital signature method based on SM2 algorithm | |
| CN108964923B (en) | Interactive SM2 signature method, system and terminal for hiding private key | |
| CN116865970A (en) | Multiparty cooperative key generation and digital signature method and system based on national cryptographic algorithm | |
| CN106685648B (en) | A kind of distributed signature method and system based on elliptic curve | |
| CN110943826A (en) | Split key signature method and system based on SM2 algorithm |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |