CN114285577B - Multiparty collaborative signature method and system - Google Patents

Multiparty collaborative signature method and system Download PDF

Info

Publication number
CN114285577B
CN114285577B CN202110459318.6A CN202110459318A CN114285577B CN 114285577 B CN114285577 B CN 114285577B CN 202110459318 A CN202110459318 A CN 202110459318A CN 114285577 B CN114285577 B CN 114285577B
Authority
CN
China
Prior art keywords
party
signature value
random number
message
signed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110459318.6A
Other languages
Chinese (zh)
Other versions
CN114285577A (en
Inventor
浦雨三
周细祥
程科伟
王平山
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Boya Zhongke Beijing Information Technology Co ltd
Original Assignee
Boya Zhongke Beijing Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Boya Zhongke Beijing Information Technology Co ltd filed Critical Boya Zhongke Beijing Information Technology Co ltd
Priority to CN202110459318.6A priority Critical patent/CN114285577B/en
Publication of CN114285577A publication Critical patent/CN114285577A/en
Application granted granted Critical
Publication of CN114285577B publication Critical patent/CN114285577B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a multiparty collaborative signature method and a multiparty collaborative signature system, wherein the method comprises the following steps: the first participant preprocesses the information to be signed to obtain a message digest; the first participant calculates a first signature value of the first participant, the second participant calculates the first signature value of the second participant according to the first signature value of the first participant, and so on; the N-1-th participant calculates a second signature value of the N-th participant according to the second signature value of the N-th participant, and so on; the first party calculates a second signature value of the message to be signed according to the second signature value of the second party and the first signature value of the message to be signed, and takes the first signature value and the second signature value of the message to be signed as a collaborative signature result when determining that the first signature value and the second signature value are not zero. Thereby allowing less data to be interacted with during the signing process.

Description

Multiparty collaborative signature method and system
Technical Field
The invention relates to the technical field of information security, in particular to a multiparty collaborative signature method and a multiparty collaborative signature system.
Background
Digital signature is an important part of public key cryptosystem, meets the security requirements of integrity, tamper resistance, repudiation resistance and the like, and plays an important role in many occasions. The existing digital signature application is mostly based on a secure key carrier (such as an intelligent USBKey, a smart card, a Bluetooth key and the like), a user key is stored in the secure key carrier, the secure key carrier is stored by the user and is provided with a use password, and when signature is needed, the user connects the secure key carrier to a computer for signature operation.
Along with popularization of mobile applications, more and more digital signature applications are migrated from a computer end to a mobile end (such as a mobile phone, a tablet personal computer and the like), and a user is required to carry a security key carrier and a communication conversion head between the security key carrier and the mobile end based on the digital signature of the security key carrier, so that user experience is poor, and therefore the security key carrier of the digital signature of the mobile end is removed, and the problem of realizing the digital signature of security compliance is currently urgently needed to be solved.
In the related art, a distributed signature method is provided, but two variables in a signature value obtained by the method are derived from a signature proxy center, and the interaction time is long due to a large amount of data interacted in the signing process, so that the generation speed of the signature value is influenced, and the signature duration is increased; meanwhile, the existing distributed signature method only supports two participants (one collaborative signature client and one collaborative signature server), but does not support scenes of more than two participants (one collaborative signature client and a plurality of collaborative signature servers).
Disclosure of Invention
The present invention aims to solve at least one of the technical problems in the related art to some extent. Therefore, a first object of the present invention is to provide a multiparty collaborative signature method, in which only one data of the second signature value of the obtained message to be signed is derived from other parties, so that the data interacted in the signing process is less, thereby reducing the interaction time, improving the signature value generation speed, reducing the signature time, and realizing collaborative signature of more parties, so as to improve the security of the secret key, and meet the occasion with high requirement for secret key protection.
A second object of the present invention is to propose a multiparty collaborative signature system.
To achieve the above objective, an embodiment of a first aspect of the present invention provides a multiparty collaborative signature method, where a multiparty includes N participants, where N is an integer greater than or equal to 2, the method includes: each of the N participants generates a private key of the participant; a first participant in the N participants pre-processes the information to be signed to obtain a message digest, and sends the message digest to an Nth participant in the N participants; the first party generates a first random number, calculates a first signature value of the first party according to the first random number, sends the first signature value of the first party to a second party in the N parties, generates a second random number, calculates a first signature value of the second party according to the private key of the second party, the second random number and the first signature value of the first party, sends the first signature value of the second party to a third party in the N parties, and so on until an Nth party in the N parties receives the first signature value of the N-1 party, generates an Nth random number, and calculates the first signature value of the Nth party according to the private key of the second party, the Nth random number and the first signature value of the Nth party; the nth party calculates a first signature value of the message to be signed and the message abstract to obtain the first signature value of the message to be signed; when the first signature value of the message to be signed is determined to be not zero, the Nth participant sends the first signature value of the message to be signed to the first participant; the N-th party calculates a second signature value of the N-th party according to the first signature value of the message to be signed, the N-th random number and the private key of the N-th party, the second signature value of the N-th party is sent to the N-th 1-th party in the N-th party, the N-th 1-th party calculates the second signature value of the N-th 1-th party according to the second signature value of the N-th party, the N-th random number and the private key of the N-th party, the second signature value of the N-th 1-th party is sent to the N-th 2-th party in the N-th party, and so on until the first party receives the second signature value of the second party, and the second signature value of the message to be signed, the first random number and the private key of the N-th party calculate the second signature value of the message to be signed; and when the second signature value of the message to be signed is determined to be not zero, the first participant takes the first signature value of the message to be signed and the second signature value of the message to be signed as a collaborative signature result.
According to the multiparty collaborative signature method of the embodiment of the invention, the first party preprocesses the information to be signed to obtain a message digest, sends the message digest to the N-th party, generates a first random number, calculates a first signature value of the first party according to the first random number, sends the first signature value to the second party, calculates a first signature value of the second party according to the private key of the second party, the second random number and the first signature value of the first party, sends the first signature value to the third party, and so on until the N-th party receives the first signature value of the N-1-th party, calculates the first signature value of the N-th party according to the private key of the second party, the N random number and the first signature value of the N-1-th party, then the N-th party calculates a first signature value of the message to be signed from the first signature value of the N-th party and the message digest, and when the first signature value of the message to be signed is determined not to be zero, the N-th party sends the first signature value of the message to be signed to the first party, calculates a second signature value of the N-th party according to the first signature value of the message to be signed, the N-th random number and the private key of the N-th party, and sends the second signature value to the N-1-th party, the N-1-th party calculates a second signature value of the N-1-th party according to the second signature value of the N-th party, the N-1-th random number and the private key of the N-th party, and sends the second signature value to the N-2-th party, and so on until the first party receives the second signature value of the second party, the first signature value of the message to be signed, the second signature value of the N-th party, the N-1-th party, the second signature value of the message to be signed, and the first random number and the private key calculate a second signature value of the message to be signed, and when the second signature value of the message to be signed is determined to be not zero, the first signature value of the message to be signed and the second signature value of the message to be signed are used as a collaborative signature result. Therefore, only one data of the second signature value of the obtained message to be signed is sourced from other participants, so that the interactive data in the signing process is less, the interactive duration is reduced, the signature value generation speed is improved, the signature duration is reduced, more participants can cooperatively sign, the security of a secret key is improved, and occasions with high requirements on secret key protection are met.
According to one embodiment of the invention, the first signature value V 1=[k1 of the first party, the first signature value V 2=(1+d2)*(V1+[k2 of the second party, G) …, the first signature value V N-1=(1+dN-1)*(VN-2+[kN-1 of the N-1 th party, the first signature value V N=(1+dN)*(VN-1+[kN of the N-th party, G), wherein k 1、k2、…、kN-1、kN is the first random number, the second random number, …, the N-1 th random number, the N-th random number, d 2、d3、…、dN-1、dN is the second party's own private key, the third party's own private key, …, the N-1 th party's own private key, the N-th party's own private key, G is the N-th order base point on elliptic curve E, respectively.
According to one embodiment of the invention, the second signature value W N=[kN+r*(1+dN)-1 of the nth party, the second signature value W N-1=[kN-1+WN*(1+dN-1)-1 of the N-1 st party, the second signature value W 2=[k2+W3*(1+d2)-1 of the second party, the second signature value s= [ (1+d 1)-1*(k1+W2) -r ] mod N of the message to be signed, wherein k 1、k2、…、kN-1、kN is the first random number, the second random number, …, the N-1 st random number, the N-th random number key, d 1、d2、…、dN-1、dN is the private key of the first party, the private key of the second party, …, the private key of the N-1 st party, the private key of the N-th party, r is the first signature value of the message to be signed, modulo multiplication is represented, (1+d N)-1、(1+dN-1)-1、…、(1+d2)-1、(1+d1)-1) the inverse of modulo N on finite field Fq, (3995) the inverse of modulo N on finite field Fq, (…) the inverse of modulo N on finite field Fq, (1+d 2) the inverse of modulo N on finite field Fq, (96) the inverse of the finite field Fq, respectively.
According to one embodiment of the invention, when the first signature value of the message to be signed is determined to be zero, the first party regenerates the first random number, calculates the first signature value of the first party according to the first random number, sends the first signature value of the first party to the second party in the N parties, the second party regenerates the second random number, calculates the first signature value of the second party according to the private key of the second party, the second random number and the first signature value of the first party, sends the first signature value of the second party to the third party in the N parties, and so on until the N party in the N parties receives the first signature value of the N-1 party, regenerates the N random number, calculates the first signature value of the N party according to the private key of the second party, the N random number and the first signature value of the N-1 party, and calculates the first signature value of the message digest to obtain the first signature value of the message to be signed.
According to one embodiment of the invention, when the second signature value of the message to be signed is determined to be zero, the first party regenerates the first random number, calculates the first signature value of the first party according to the first random number, sends the first signature value of the first party to the second party in the N parties, the second party regenerates the second random number, calculates the first signature value of the second party according to the private key of the second party, the second random number and the first signature value of the first party, sends the first signature value of the second party to the third party in the N parties, and so on until the N party in the N parties receives the first signature value of the N-1 party, regenerates the N random number, calculates the first signature value of the N party according to the private key of the second party, the N random number and the first signature value of the N-1 party, and calculates the first signature value of the message digest to obtain the first signature value of the message to be signed.
In order to achieve the above objective, an embodiment of a second aspect of the present invention provides a multiparty collaborative signature system, which includes N participants, where N is an integer greater than or equal to 2, each of the N participants respectively generates a private key of itself; a first participant in the N participants pre-processes the information to be signed to obtain a message digest, and sends the message digest to an Nth participant in the N participants; the first party generates a first random number, calculates a first signature value of the first party according to the first random number, sends the first signature value of the first party to a second party in the N parties, generates a second random number, calculates a first signature value of the second party according to the private key of the second party, the second random number and the first signature value of the first party, sends the first signature value of the second party to a third party in the N parties, and so on until an Nth party in the N parties receives the first signature value of the N-1 party, generates an Nth random number, and calculates the first signature value of the Nth party according to the private key of the second party, the Nth random number and the first signature value of the Nth party; the nth party calculates a first signature value of the message to be signed and the message abstract to obtain the first signature value of the message to be signed; when the first signature value of the message to be signed is determined to be not zero, the Nth participant sends the first signature value of the message to be signed to the first participant; the N-th party calculates a second signature value of the N-th party according to the first signature value of the message to be signed, the N-th random number and the private key of the N-th party, the second signature value of the N-th party is sent to the N-th 1-th party in the N-th party, the N-th 1-th party calculates the second signature value of the N-th 1-th party according to the second signature value of the N-th party, the N-th random number and the private key of the N-th party, the second signature value of the N-th 1-th party is sent to the N-th 2-th party in the N-th party, and so on until the first party receives the second signature value of the second party, and the second signature value of the message to be signed, the first random number and the private key of the N-th party calculate the second signature value of the message to be signed; and when the second signature value of the message to be signed is determined to be not zero, the first participant takes the first signature value of the message to be signed and the second signature value of the message to be signed as a collaborative signature result.
According to the multiparty collaborative signature system provided by the embodiment of the invention, the first party performs preprocessing on the information to be signed to obtain the message abstract, the message abstract is sent to the N-th party, the first random number is generated, the first signature value of the first party is calculated according to the first random number, the first signature value is sent to the second party, the second party calculates the first signature value of the second party according to the private key of the second party, the second random number and the first signature value of the first party, the first signature value is sent to the third party, and so on until the N-th party receives the first signature value of the N-1 th party, the first signature value of the N-th party is calculated according to the private key of the second party, the N-random number and the first signature value of the N-1 th party, the N-th party calculates the first signature value of the message to be signed according to the first signature value of the N-th party, the N-second party calculates the first signature value of the N-th party and the message abstract, and sends the first signature value of the N-second party to the second signature value of the second party when the first signature value of the message to be signed is determined to be non-zero, the N-first signature value of the second party sends the first signature value of the second signature value to the second party, and the N-1-second signature value of the second party, and so on the second signature value of the N-1-second party is calculated according to the second signature value of the first signature value of the N-1 party, and the first random number and the private key calculate a second signature value of the message to be signed, and when the second signature value of the message to be signed is determined to be not zero, the first signature value of the message to be signed and the second signature value of the message to be signed are used as a collaborative signature result. Therefore, only one data of the second signature value of the obtained message to be signed is sourced from other participants, so that the interactive data in the signing process is less, the interactive duration is reduced, the signature value generation speed is improved, the signature duration is reduced, more participants can cooperatively sign, the security of a secret key is improved, and occasions with high requirements on secret key protection are met.
According to one embodiment of the invention, the first signature value V 1=[k1 of the first party, the first signature value V 2=(1+d2)*(V1+[k2 of the second party, G) …, the first signature value V N-1=(1+dN-1)*(VN-2+[kN-1 of the N-1 th party, the first signature value V N=(1+dN)*(VN-1+[kN of the N-th party, G), wherein k 1、k2、…、kN-1、kN is the first random number, the second random number, …, the N-1 th random number, the N-th random number, d 2、d3、…、dN-1、dN is the second party's own private key, the third party's own private key, …, the N-1 th party's own private key, the N-th party's own private key, G is the N-th order base point on elliptic curve E, respectively.
According to one embodiment of the invention, the second signature value W N=[kN+r*(1+dN)-1 of the nth party, the second signature value W N-1=[kN-1+WN*(1+dN-1)-1 of the nth-1 party, the second signature value W 2=[k2+W3*(1+d2)-1 of the second party, the second signature value s= [ (1+d 1)-1*(k1+W2) -r ] mod N of the message to be signed, wherein k 1、k2、…、kN-1、kN is the first random number, the second random number, …, the nth-1 random number, the nth random number, d 1、d2、…、dN-1、dN is the private key of the first party, the private key of the second party, …, the private key of the nth-1 party, the private key of the nth party, r is the first signature value of the message to be signed, the modulo operation is represented by the modulo operation, and 1+d N)-1、(1+dN-1)-1、…、(1+d2)-1、(1+d1)-1 is the inverse of the modulo N on the finite field Fq, (3995) the inverse of the modulo N on the finite field Fq, (…) the inverse of the modulo N on the finite field Fq, (1+d 2) the inverse of the modulo N96 of the finite field Fq, respectively.
According to one embodiment of the invention, when the first signature value of the message to be signed is zero, the first party regenerates the first random number, calculates the first signature value of the first party according to the first random number, sends the first signature value of the first party to the second party in the N parties, the second party regenerates the second random number, calculates the first signature value of the second party according to the private key of the second party, the second random number and the first signature value of the first party, sends the first signature value of the second party to the third party in the N parties, and so on until the N party in the N parties receives the first signature value of the N-1 party, regenerates the N random number, calculates the first signature value of the N party according to the private key of the second party, the N random number and the first signature value of the N-1 party, and calculates the first signature value of the message digest to obtain the first signature value of the message to be signed.
According to one embodiment of the invention, when the second signature value of the message to be signed is zero, the first party regenerates the first random number, calculates the first signature value of the first party according to the first random number, sends the first signature value of the first party to the second party in the N parties, the second party regenerates the second random number, calculates the first signature value of the second party according to the private key of the second party, the second random number and the first signature value of the first party, sends the first signature value of the second party to the third party in the N parties, and so on until the N party in the N parties receives the first signature value of the N-1 party, regenerates the N random number, calculates the first signature value of the N party according to the private key of the second party, the N random number and the first signature value of the N-1 party, and calculates the first signature value of the message digest to obtain the first signature value of the message to be signed.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
Fig. 1 is a flow chart of a multiparty collaborative signature method according to one embodiment of the present invention.
Detailed Description
Embodiments of the present invention are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are illustrative and intended to explain the present invention and should not be construed as limiting the invention.
The multi-party collaborative signature method and system provided by the embodiment of the invention are described below with reference to the accompanying drawings.
Fig. 1 is a flow chart of a multiparty collaborative signature method according to one embodiment of the present invention. The multiparty cooperative signature method comprises the following steps, wherein the multiparty comprises N participators, N is an integer greater than or equal to 2, and referring to fig. 1, the multiparty cooperative signature method comprises the following steps:
In step S101, each of the N participants generates a private key of itself, respectively.
For example, each of the N participants may generate its own private key separately using a random number generation scheme. As a specific example, N participants may share elliptic curve parameters E (Fq), G and N of the SM2 algorithm, where the elliptic curve E is an elliptic curve defined over the finite field Fq, and G is an N-order base point on the elliptic curve E, and each participant may randomly select a large integer between [1, N-2] as its own private key.
Step S102, a first participant in the N participants pre-processes the information to be signed to obtain a message digest, and sends the message digest to an Nth participant in the N participants.
Alternatively, the information to be signed M may be preprocessed by a hash algorithm to obtain the message digest e.
Step S103, the first party generates a first random number, calculates a first signature value of the first party according to the first random number, sends the first signature value of the first party to a second party in the N parties, generates a second random number, calculates a first signature value of the second party according to the private key of the second party, the second random number and the first signature value of the first party, sends the first signature value of the second party to a third party in the N parties, and so on until an N party in the N parties receives the first signature value of the N-1 party, generates an N random number, and calculates the first signature value of the N party according to the private key of the second party, the N random number and the first signature value of the N-1 party.
Alternatively, N participants may share elliptic curve parameters E (Fq), G and N of the SM2 algorithm, and each participant may randomly select a number between [1, N-1] as its own random number.
Step S104, the nth party calculates the first signature value of the message to be signed from the first signature value of the nth party and the message digest.
In step S105, when it is determined that the first signature value of the message to be signed is not zero, the nth party transmits the first signature value of the message to be signed to the first party.
According to one embodiment of the invention, when the first signature value of the message to be signed is determined to be zero, the first party regenerates the first random number, calculates the first signature value of the first party according to the first random number, sends the first signature value of the first party to the second party in the N parties, the second party regenerates the second random number, calculates the first signature value of the second party according to the private key of the second party, the second random number and the first signature value of the first party, sends the first signature value of the second party to the third party in the N parties, and so on until the N party in the N parties receives the first signature value of the N-1 party, regenerates the N random number, calculates the first signature value of the N party according to the private key of the second party, the N random number and the first signature value of the N-1 party, and calculates the first signature value of the message digest to obtain the first signature value of the message to be signed.
Step S106, the Nth party calculates a second signature value of the Nth party according to the first signature value of the message to be signed, the Nth random number and the own private key, and sends the second signature value of the Nth party to the N-1 th party in the N parties, the N-1 th party calculates a second signature value of the N-1 th party according to the second signature value of the Nth party, the N-1 th random number and the own private key, and sends the second signature value of the N-1 th party to the N-2 nd party in the N parties, and so on until the first party receives the second signature value of the second party, and calculates the second signature value of the message to be signed according to the second signature value of the second party, the first signature value of the message to be signed, the first random number and the own private key.
In step S107, when it is determined that the second signature value of the message to be signed is not zero, the first party takes the first signature value of the message to be signed and the second signature value of the message to be signed as a collaborative signature result.
According to one embodiment of the invention, when the second signature value of the message to be signed is determined to be zero, the first party regenerates the first random number, calculates the first signature value of the first party according to the first random number, sends the first signature value of the first party to the second party in the N parties, the second party regenerates the second random number, calculates the first signature value of the second party according to the private key of the second party, the second random number and the first signature value of the first party, sends the first signature value of the second party to the third party in the N parties, and so on until the N party in the N parties receives the first signature value of the N-1 party, regenerates the N random number, calculates the first signature value of the N party according to the private key of the second party, the N random number and the first signature value of the N-1 party, and calculates the first signature value of the message digest to obtain the first signature value of the message to be signed.
As a specific example, when N is equal to 2, i.e., the multiple party includes a first party a 1 (e.g., a collaborative signature client) and a second party a 2 (e.g., a collaborative signature server), the first party a 1 and the second party a 2 may share elliptic curve parameters E (Fq), G, and N of the SM2 algorithm, where the first party a 1 may randomly select a large integer d 1 between [1, N-2] as the self private key of the first party a 1 and the second party a 2 may randomly select a large integer d 2 between [1, N-2] as the self private key of the second party a 2.
Then, the first participant a 1 pre-processes the information M to be signed to obtain a message digest e, randomly selects a number between [1, n-1] as a first random number k 1, calculates a first signature value V 1 of the first participant a 1 according to the first random number k 1, optionally a first signature value V 1=[k1 G of the first participant a 1, and then transmits the first signature value V 1 and the message digest e to the second participant a 2.
The second party a 2 randomly selects a number between [1, n-1] as the second random number k 2 and calculates the first signature value V 2 of the second party a 2, optionally the first signature value V 2=(1+d2)*(V1+[k2 G of the second party a 2, based on the own private key d 2, the second random number k 2 and the first signature value V 1 of the first party a 1), wherein x represents a modular multiplication operation.
Then, the second party a 2 calculates the first signature value V 2 of the second party a 2 and the message digest e to obtain the first signature value r of the message to be signed. Alternatively, v=v 2 may be noted, where the coordinates of V are (x 1, y 1), and the first signature value r= (x1+e) mod n of the message to be signed may be obtained by calculation according to x1 and e, where mod represents a modulo operation. Then, the second party a 2 judges whether the first signature value r of the message to be signed is zero, if so, the step of returning to the first party a 1 to randomly select a number between [1, n-1] as the first random number k 1; if not zero, a second signature value W 2 of the second party A 2, and optionally a second signature value W 2=[k2+r*(1+d2)-1 of the second party A 2, is calculated from the message to be signed first signature value r, the second random number k 2 and the private key d 2, wherein (1+d 2)-1) is the inverse of the modulo n over the finite field Fq. Then, the second party A 2 sends the message to be signed first signature value r and the second signature value W 2 to the first party A 1.
The first party a 1 calculates a second signature value s of the message to be signed from the second signature value W 2 of the second party a 2, the first signature value r of the message to be signed, the first random number k 1 and the private key d 1. Next, the first party a 1 determines whether the second signature value s of the message to be signed is zero, if so, returns to the step of the first party a 1 randomly selecting a number between [1, n-1] as the first random number k 1, and if not, takes the first signature value r of the message to be signed and the second signature value s of the message to be signed as a collaborative signature result, and optionally, synthesizes the first signature value r of the message to be signed and the second signature value s of the message to be signed to obtain a final collaborative signature result.
In this example, the second signature value s= [ (1+d 1)-1*(k1+W2) -r ] mod of the to-be-signed message obtained by calculation, wherein only W 2 is derived from other parties (such as a collaborative signature server), the data length of W 2 is 32 bytes, compared with the signature value obtained by the distributed signature method in the related art, which has two variables derived from the signing proxy center, wherein the data length of each variable is 32 bytes, the signature method of the present application has less interactive data in the signing process, thus reducing the interaction time length, improving the signature value generation speed and reducing the signature time length.
As another specific example, when N is an integer greater than 2, i.e., the parties include a first party a 1 (e.g., a collaborative signature client), a second party a 2 (e.g., a first collaborative signature server), a third party a 3 (e.g., a second collaborative signature server), an N-th party a N (e.g., an N-1-th collaborative signature server), N parties may share elliptic curve parameters E (Fq), G, and N of the SM2 algorithm, wherein the first party a 1 may randomly select a large integer d 1 located between [1, N-2] as the private key of the first party a 1, the second party a 2 may randomly select a large integer d 2 located between [1, N-2] as the private key of the second party a 2, the third party a 2 may randomly select a large integer d 3 located between [1, N-2] as the private key of the third party a 3, and the N-th party a 3492 may randomly select a large integer d 3992 located between [1, N-2] as the private key of the third party a 3.
Then, the first party a 1 pre-processes the information M to be signed, obtains the message digest e, and sends the message digest e to the nth party a N. In addition, the first party a 1 also randomly selects a number between [1, n-1] as the first random number k 1, calculates the first signature value V 1 of the first party a 1 according to the first random number k 1, and optionally, the first signature value V 1=[k1 ] G of the first party a 1, and then transmits the first signature value V 1 to the second party a 2.
The second party a 2 randomly selects a number between [1, n-1] as the second random number k 2 and calculates the first signature value V 2 of the second party a 2, optionally the first signature value V 2=(1+d2)*(V1+[k2 ] G of the second party a 2, according to the private key d 2, the second random number k 2 and the first signature value V 1 of the first party a 1, wherein the x represents a modular multiplication operation and sends the first signature value V 2 to the third party a 3.
The third party a 3 randomly selects a number between [1, n-1] as the third random number k 3 and calculates the first signature value V 3 of the third party a 3, optionally the first signature value V 3=(1+d3)*(V2+[k3 ] G of the third party a 3, according to the private key d 3, the third random number k 3 and the first signature value V 2 of the second party a 2, wherein the x represents a modular multiplication operation and sends the first signature value V 3 to the fourth party a 4.
And so on in the manner described above.
The N-1 st party a N-1 randomly selects a number located between [1, N-1] as the N-1 st random number k N-1, calculates the first signature value V N-1 of the N-1 st party a N-1 according to the own private key d N-1, the N-1 st random number k N-1 and the first signature value V N-2 of the N-2 nd party a N-2, and optionally, the first signature value V N-1=(1+dN-1)*(VN-2+[kN-1 G of the N-1 st party a N-1), wherein the x represents a modular multiplication operation, and transmits the first signature value V N-1 to the N-th party a N.
The nth party a N randomly selects a number located between [1, N-1] as an nth random number k N and calculates a first signature value V N of the nth party a N, optionally a first signature value V N=(1+dN)*(VN-1+[kN ] G of the nth party a N, according to its own private key d N, the nth random number k N and the first signature value V N-1 of the nth-1 party a N-1, wherein x represents a modular multiplication operation. Then, the nth party a N calculates the first signature value V N of the nth party a N and the message digest e to obtain the first signature value r of the message to be signed. Alternatively, v=v N may be noted, where the coordinates of V are (x 1, y 1), and the first signature value r= (x1+e) mod n of the message to be signed may be obtained by calculation according to x1 and e, where mod represents a modulo operation. Then, the nth party a N judges whether the first signature value r of the message to be signed is zero, if yes, the step of returning to the first party a 1 to randomly select a number between [1, N-1] as a first random number k 1; if not zero, a second signature value W N of the N-th party A N is calculated according to the first signature value r of the message to be signed, the N-th random number k N and the self private key d N, and optionally, a second signature value W N=[kN+r*(1+dN)-1 of the N-th party A N is modulo N (1+d N)-1 is (1+d N) the inverse element of the modulo N on the finite field Fq. Then, the N-th party A N sends the first signature value r of the message to be signed to the first party A 1 and sends the second signature value W N to the N-1-th party A N-1.
The N-1 st party A N-1 calculates a second signature value W N-1 of the N-1 st party based on the second signature value W N of the N-1 st party, the N-1 st random number k N-1 and the own private key d N-1, optionally the second signature value W N-1=[kN-1+WN*(1+dN-1)-1 of the N-1 st party mod N, wherein (1+d N-1)-1) is the inverse of the modulo N over the finite field Fq (1+d N-1), and sends the second signature value W N-1 to the N-2 nd party A N-2.
The N-2 th party A N-2 calculates a second signature value W N-2 of the N-2 th party based on the second signature value W N-1 of the N-1 th party, the N-2 th random number k N-2 and the own private key d N-2, optionally the second signature value W N-2=[kN-2+WN-1*(1+dN-2)-1 of the N-2 th party is mod N, wherein (1+d N-2)-1) is the inverse of the modulo N over the finite field Fq (1+d N-2), and sends the second signature value W N-2 to the N-3 rd party A N-3.
And so on in the manner described above.
The third party a 3 calculates a second signature value W 3 of the third party, optionally a second signature value W 3=[k3+W4*(1+d3)-1 ] mod n of the third party, based on the second signature value W 4 of the fourth party, the third random number k 3 and the own private key d 3, wherein (1+d 3)-1) is an inverse of the modulo n over the finite field Fq and sends the second signature value W 3 to the second party a 2.
The second party a 2 calculates a second signature value W 2 of the second party based on the second signature value W 3 of the third party, the second random number k 2 and the self private key d 2, optionally a second signature value W 2=[k2+W3*(1+d2)-1 of the second party mod n, wherein (1+d 2)-1) is the inverse of the modulo n over the finite field Fq (1+d 2), and sends the second signature value W 2 to the first party a 1.
The first party a 1 calculates a second signature value s of the message to be signed from the second signature value W 2 of the second party, the first signature value r of the message to be signed, the first random number k 1 and the private key d 1. Next, the first party a 1 determines whether the second signature value s of the message to be signed is zero, if so, returns to the step of the first party a 1 randomly selecting a number between [1, n-1] as the first random number k 1, and if not, takes the first signature value r of the message to be signed and the second signature value s of the message to be signed as a collaborative signature result, and optionally, synthesizes the first signature value r of the message to be signed and the second signature value s of the message to be signed to obtain a final collaborative signature result.
In the example, more participants can be used for collaborative signature to improve the security of the secret key, so that occasions with high secret key protection requirements are met, that is, the collaborative signature method can be used for supporting more participants to collaborative signature in an expanding mode, when the secret key protection requirements of users are high, more than two collaborative signature servers can be set according to the secret key protection requirements, further, three parties and more than three parties can complete signature jointly, and the security of digital signature is guaranteed.
It should be noted that, in the above example, the random number and the first signature value generated by each of the N participants will be destroyed after the use is completed.
In summary, according to the multiparty collaborative signature method of the embodiment of the invention, only one data of the second signature value of the message to be signed obtained through collaborative signature is derived from other participants, so that the interactive data in the signing process is less, the interactive duration is reduced, the signature value generation speed is improved, the signature duration is reduced, more participants can perform collaborative signature, the security of the secret key is improved, and the occasion with high requirement on secret key protection is satisfied.
In addition, the embodiment of the invention also provides a multiparty collaborative signature system, which comprises N participants, wherein N is an integer greater than or equal to 2.
Each of the N participants respectively generates a private key of the participant; a first participant in the N participants pre-processes the information to be signed to obtain a message digest, and sends the message digest to an Nth participant in the N participants; the first party generates a first random number, calculates a first signature value of the first party according to the first random number, sends the first signature value of the first party to a second party in the N parties, generates a second random number, calculates a first signature value of the second party according to the private key of the second party, the second random number and the first signature value of the first party, sends the first signature value of the second party to a third party in the N parties, and so on until an Nth party in the N parties receives the first signature value of the N-1 party, generates an Nth random number, and calculates the first signature value of the Nth party according to the private key of the second party, the Nth random number and the first signature value of the Nth party; the nth party calculates a first signature value of the message to be signed and the message abstract to obtain the first signature value of the message to be signed; when the first signature value of the message to be signed is determined to be not zero, the Nth participant sends the first signature value of the message to be signed to the first participant; the N-th party calculates a second signature value of the N-th party according to the first signature value of the message to be signed, the N-th random number and the self private key, the second signature value of the N-th party is sent to the N-1-th party in the N-th parties, the N-1-th party calculates the second signature value of the N-1-th party according to the second signature value of the N-th party, the N-1-th random number and the self private key, and transmitting the second signature value of the N-1 th party to the N-2 nd party in the N parties, and so on until the first party receives the second signature value of the second party, calculating the second signature value of the message to be signed according to the second signature value of the second party, the first signature value of the message to be signed, the first random number and the self private key; and when the second signature value of the message to be signed is determined to be not zero, the first participant takes the first signature value of the message to be signed and the second signature value of the message to be signed as a collaborative signature result.
According to one embodiment of the invention, the first signature value V 1=[k1 of the first party, the first signature value V 2=(1+d2)*(V1+[k2 of the second party, G) …, the first signature value V N-1=(1+dN-1)*(VN-2+[kN-1 of the N-1 th party, the first signature value V N=(1+dN)*(VN-1+[kN of the N-th party, G), wherein k 1、k2、…、kN-1、kN is the first random number, the second random number, …, the N-1 th random number, the N-th random number, d 2、d3、…、dN-1、dN is the second party's own private key, the third party's own private key, …, the N-1 th party's own private key, the N-th party's own private key, G is the N-th order base point on elliptic curve E, respectively.
According to one embodiment of the invention, the second signature value W N=[kN+r*(1+dN)-1 of the nth party, the second signature value W N-1=[kN-1+WN*(1+dN-1)-1 of the nth-1 party, the second signature value W 2=[k2+W3*(1+d2)-1 of the second party, the second signature value s= [ (1+d 1)-1*(k1+W2) -r ] mod N of the message to be signed, wherein k 1、k2、…、kN-1、kN is the first random number, the second random number, …, the nth-1 random number, the nth random number, d 1、d2、…、dN-1、dN is the private key of the first party, the private key of the second party, …, the private key of the nth-1 party, the private key of the nth party, r is the first signature value of the message to be signed, the modulo operation is represented by the modulo operation, and 1+d N)-1、(1+dN-1)-1、…、(1+d2)-1、(1+d1)-1 is the inverse of the modulo N on the finite field Fq, (3995) the inverse of the modulo N on the finite field Fq, (…) the inverse of the modulo N on the finite field Fq, (1+d 2) the inverse of the modulo N96 of the finite field Fq, respectively.
According to one embodiment of the invention, when the first signature value of the message to be signed is zero, the first party regenerates the first random number, calculates the first signature value of the first party according to the first random number, sends the first signature value of the first party to the second party in the N parties, the second party regenerates the second random number, calculates the first signature value of the second party according to the private key of the second party, the second random number and the first signature value of the first party, sends the first signature value of the second party to the third party in the N parties, and so on until the N party in the N parties receives the first signature value of the N-1 party, regenerates the N random number, calculates the first signature value of the N party according to the private key of the second party, the N random number and the first signature value of the N-1 party, and calculates the first signature value of the message digest to obtain the first signature value of the message to be signed.
According to one embodiment of the invention, when the second signature value of the message to be signed is zero, the first party regenerates the first random number, calculates the first signature value of the first party according to the first random number, sends the first signature value of the first party to the second party in the N parties, the second party regenerates the second random number, calculates the first signature value of the second party according to the private key of the second party, the second random number and the first signature value of the first party, sends the first signature value of the second party to the third party in the N parties, and so on until the N party in the N parties receives the first signature value of the N-1 party, regenerates the N random number, calculates the first signature value of the N party according to the private key of the second party, the N random number and the first signature value of the N-1 party, and calculates the first signature value of the message digest to obtain the first signature value of the message to be signed.
It should be noted that, for the description of the multi-party collaborative signature system in the present application, please refer to the description of the multi-party collaborative signature method in the present application, and detailed descriptions thereof are omitted herein.
It should be noted that the logic and/or steps represented in the flowcharts or otherwise described herein, for example, may be considered as a ordered listing of executable instructions for implementing logical functions, and may be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). In addition, the computer readable medium may even be paper or other suitable medium on which the program is printed, as the program may be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory.
It is to be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above-described embodiments, the various steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, may be implemented using any one or combination of the following techniques, as is well known in the art: discrete logic circuits having logic gates for implementing logic functions on data signals, application specific integrated circuits having suitable combinational logic gates, programmable Gate Arrays (PGAs), field Programmable Gate Arrays (FPGAs), and the like.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In the description of the present invention, the meaning of "plurality" means at least two, for example, two, three, etc., unless specifically defined otherwise.
In the present invention, unless explicitly specified and limited otherwise, the terms "mounted," "connected," "secured," and the like are to be construed broadly, and may be, for example, fixedly connected, detachably connected, or integrally formed; can be mechanically or electrically connected; either directly or indirectly, through intermediaries, or both, may be in communication with each other or in interaction with each other, unless expressly defined otherwise. The specific meaning of the above terms in the present invention can be understood by those of ordinary skill in the art according to the specific circumstances. While embodiments of the present invention have been shown and described above, it will be understood that the above embodiments are illustrative and not to be construed as limiting the invention, and that variations, modifications, alternatives and variations may be made to the above embodiments by one of ordinary skill in the art within the scope of the invention.

Claims (10)

1. A multi-party collaborative signature method, wherein the multi-party includes N participants, where N is an integer greater than or equal to 2, the method comprising:
Each of the N participants respectively generates a private key of the participant;
preprocessing the information to be signed by a first participant in the N participants to obtain a message digest, and sending the message digest to an Nth participant in the N participants;
The first party generates a first random number, calculates a first signature value of the first party according to the first random number, sends the first signature value of the first party to a second party in the N parties, generates a second random number, calculates the first signature value of the second party according to a private key of the second party, the second random number and the first signature value of the first party, sends the first signature value of the second party to a third party in the N parties, and so on until an N party in the N parties receives the first signature value of the N-1 party, generates an N random number, and calculates the first signature value of the N party according to the private key of the second party, the N random number and the first signature value of the N-1 party;
The nth party calculates a first signature value of the message to be signed and the message digest to obtain the first signature value of the message to be signed;
When the first signature value of the message to be signed is determined to be non-zero, the Nth participant sends the first signature value of the message to be signed to the first participant;
The N-th party calculates a second signature value of the N-th party according to the first signature value of the message to be signed, the N-th random number and the self private key, sends the second signature value of the N-th party to the N-th 1-th party in the N-th parties, calculates the second signature value of the N-th party according to the second signature value of the N-th party, the N-th random number and the self private key, sends the second signature value of the N-th 1-th party to the N-th 2-th party in the N-th parties, and so on until the first party receives the second signature value of the second party, and calculates the second signature value of the message to be signed according to the second signature value of the second party, the first signature value of the message to be signed, the first random number and the self private key;
and when the second signature value of the message to be signed is determined to be not zero, the first party takes the first signature value of the message to be signed and the second signature value of the message to be signed as a collaborative signature result.
2. The multiparty collaborative signature method according to claim 1, wherein a first signature value V 1=[k1 of the first party, a first signature value V 2=(1+d2)*(V1+[k2 of the second party, G) …, a first signature value V N-1=(1+dN-1)*(VN-2+[kN-1 of the N-1 party, a first signature value V N=(1+dN)*(VN-1+[kN of the N-1 party, G), wherein k 1、k2、…、kN-1、kN is the first random number, the second random number, …, the N-1 random number, the N-th random number, d 2、d3、…、dN-1、dN is the second party's own private key, the third party's own private key, …, the N-1 party's own private key, the N-th party's own private key, G is an N-th order radix point on elliptic curve E, respectively.
3. The multi-party collaborative signature method according to claim 1, wherein a second signature value W N=[kN+r*(1+dN)-1 mod N of the nth party, a second signature value W N-1=[kN-1+WN*(1+dN-1)-1 mod N of the N-1 st party, …, a second signature value W 2=[k2+W3*(1+d2)-1 mod N of the second party, a second signature value s= [ (1+d 1)-1*(k1+W2) -r ] mod N of the message to be signed, wherein k 1、k2、…、kN-1、kN is the first random number, the second random number, …, the N-1 st random number, the nth random number, d 1、d2、…、dN-1、dN is the self private key of the first participant, the self private key of the second participant, …, the self private key of the N-1 th participant, and the self private key of the N-th participant, r is the first signature value of the message to be signed, mod represents a modular multiplication operation, and 1+d N)-1、(1+dN-1)-1、…、(1+d2)-1、(1+d1)-1 is the inverse of the modulo N of (1+d N) over the finite field Fq, (1+d N-1) the inverse of the modulo N over the finite field Fq, …, (1+d 2) the inverse of the modulo N over the finite field Fq, and (1+d 1) the inverse of the modulo N over the finite field Fq, respectively.
4. A multi-party collaborative signature method according to any of claims 1-3, wherein upon determining that the message to be signed first signature value is zero, the first party regenerates a first random number and computes the first signature value of the first party based on the first random number and sends the first signature value of the first party to a second party of the N parties, the second party regenerates a second random number and computes the first signature value of the second party based on its own private key, the second random number and the first signature value of the first party, and sends the first signature value of the second party to a third party of the N parties, and so on until an nth party of the N parties receives the first signature value of an N-1 party, regenerates an nth random number and computes the first signature value of the first party of the N-1 party and the first signature value of the first party to the signed message digest based on its own private key, the nth random number and the first signature value of the N-1 party.
5. A multi-party collaborative signature method as claimed in any of claims 1-3, wherein upon determining that the second signature value of the message to be signed is zero, the first party regenerates a first random number and computes a first signature value of the first party from the first random number and sends the first signature value of the first party to a second party of the N parties, the second party regenerates a second random number and computes a first signature value of the second party from its own private key, the second random number and the first signature value of the first party, and sends the first signature value of the second party to a third party of the N parties, and so on, until an nth party of the N parties receives the first signature value of the N-1 party, regenerates an nth random number and computes a first signature value of the first party of the N-1 party and the first signature value of the first party to the message to be signed from its own private key.
6. A multiparty collaborative signature system is characterized by comprising N participants, wherein N is an integer greater than or equal to 2,
Each of the N participants respectively generates a private key of the participant;
preprocessing the information to be signed by a first participant in the N participants to obtain a message digest, and sending the message digest to an Nth participant in the N participants;
The first party generates a first random number, calculates a first signature value of the first party according to the first random number, sends the first signature value of the first party to a second party in the N parties, generates a second random number, calculates a first signature value of the second party according to a private key of the second party, the second random number and the first signature value of the first party, sends the first signature value of the second party to a third party in the N parties, and so on until an N party in the N parties receives the first signature value of the N-1 party, generates an N random number, and calculates the first signature value of the N party according to the private key of the second party, the N random number and the first signature value of the N-1 party;
The nth party calculates a first signature value of the message to be signed and the message digest to obtain the first signature value of the message to be signed;
When the first signature value of the message to be signed is determined to be non-zero, the Nth participant sends the first signature value of the message to be signed to the first participant;
The N-th party calculates a second signature value of the N-th party according to the first signature value of the message to be signed, the N-th random number and the self private key, sends the second signature value of the N-th party to the N-th 1-th party in the N-th parties, calculates the second signature value of the N-th party according to the second signature value of the N-th party, the N-th random number and the self private key, sends the second signature value of the N-th 1-th party to the N-th 2-th party in the N-th parties, and so on until the first party receives the second signature value of the second party, and calculates the second signature value of the message to be signed according to the second signature value of the second party, the first signature value of the message to be signed, the first random number and the self private key;
and when the second signature value of the message to be signed is determined to be not zero, the first party takes the first signature value of the message to be signed and the second signature value of the message to be signed as a collaborative signature result.
7. The multiparty collaborative signature system according to claim 6, wherein a first signature value V 1=[k1 ] G of the first party, a first signature value V 2=(1+d2)*(V1+[k2 ] G of the second party, …, a first signature value V N-1=(1+dN-1)*(VN-2+[kN-1 ] G of the N-1 th party, a first signature value V N=(1+dN)*(VN-1+[kN ] G of the N-1 th party), wherein k 1、k2、…、kN-1、kN is the first random number, the second random number, …, the N-1 th random number, the N-th random number, d 2、d3、…、dN-1、dN is the second party's own private key, the third party's own private key, …, the N-1 th party's own private key, G is an N-th order radix point on elliptic curve E, respectively.
8. The multi-party collaborative signature system according to claim 6, wherein a second signature value of the nth party, W N=[kN+r*(1+dN)-1 mod N, a second signature value of the nth-1 party, W N-1=[kN-1+WN*(1+dN-1)-1 mod N, …, a second signature value of the second party, W 2=[k2+W3*(1+d2)-1 mod N, a second signature value of the message to be signed, s= [ (1+d 1)-1*(k1+W2) -r ] mod N, wherein k 1、k2、…、kN-1、kN is the first random number, the second random number, …, the nth-1 random number, the nth random number, respectively, d 1、d2、…、dN-1、dN is the self private key of the first participant, the self private key of the second participant, …, the self private key of the N-1 th participant, and the self private key of the N-th participant, r is the first signature value of the message to be signed, mod represents a modular multiplication operation, and 1+d N)-1、(1+dN-1)-1、…、(1+d2)-1、(1+d1)-1 is the inverse of the modulo N of (1+d N) over the finite field Fq, (1+d N-1) the inverse of the modulo N over the finite field Fq, …, (1+d 2) the inverse of the modulo N over the finite field Fq, and (1+d 1) the inverse of the modulo N over the finite field Fq, respectively.
9. The multi-party collaborative signature system of any of claims 6-8, wherein when the message to be signed first signature value is zero, the first party regenerates a first random number and computes the first signature value of the first party based on the first random number and sends the first signature value of the first party to a second party of the N parties, the second party regenerates a second random number and computes the first signature value of the second party based on its own private key, the second random number and the first signature value of the first party, and sends the first signature value of the second party to a third party of the N parties, and so on, until an nth party of the N parties receives the first signature value of an N-1 party, regenerates an nth random number and computes the first signature value of the first party of the N-1 party and the first signature value of the first party to the signed message digest based on its own private key, the nth random number and the first signature value of the N-1 party.
10. The multi-party collaborative signature system of any of claims 6-8, wherein when the second signature value of the message to be signed is zero, the first party regenerates a first random number and computes a first signature value of the first party based on the first random number and sends the first signature value of the first party to a second party of the N parties, the second party regenerates a second random number and computes a first signature value of the second party based on its own private key, the second random number and the first signature value of the first party, and sends the first signature value of the second party to a third party of the N parties, and so on, until an nth party of the N parties receives the first signature value of an N-1 party, regenerates an nth random number and computes the first signature value of the first party to be signed and the first signature value of the N-1 party based on its own private key, the nth random number and the first signature value of the first party.
CN202110459318.6A 2021-04-27 2021-04-27 Multiparty collaborative signature method and system Active CN114285577B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110459318.6A CN114285577B (en) 2021-04-27 2021-04-27 Multiparty collaborative signature method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110459318.6A CN114285577B (en) 2021-04-27 2021-04-27 Multiparty collaborative signature method and system

Publications (2)

Publication Number Publication Date
CN114285577A CN114285577A (en) 2022-04-05
CN114285577B true CN114285577B (en) 2024-05-03

Family

ID=80868288

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110459318.6A Active CN114285577B (en) 2021-04-27 2021-04-27 Multiparty collaborative signature method and system

Country Status (1)

Country Link
CN (1) CN114285577B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108667625A (en) * 2018-07-19 2018-10-16 数安时代科技股份有限公司 Cooperate with the digital signature method of SM2
CN109743166A (en) * 2018-12-10 2019-05-10 普华诚信信息技术有限公司 Multiple party signatures generation method and security information verification system
CN111754233A (en) * 2020-06-29 2020-10-09 兴唐通信科技有限公司 Electronic payment method and system based on multi-party signature

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103427997B (en) * 2013-08-16 2016-06-22 西安西电捷通无线网络通信股份有限公司 A kind of method generating digital signature and device
US10530585B2 (en) * 2017-06-07 2020-01-07 Bar-Ilan University Digital signing by utilizing multiple distinct signing keys, distributed between two parties

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108667625A (en) * 2018-07-19 2018-10-16 数安时代科技股份有限公司 Cooperate with the digital signature method of SM2
CN109743166A (en) * 2018-12-10 2019-05-10 普华诚信信息技术有限公司 Multiple party signatures generation method and security information verification system
CN111754233A (en) * 2020-06-29 2020-10-09 兴唐通信科技有限公司 Electronic payment method and system based on multi-party signature

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
移动互联网环境下轻量级SM2两方协同签名;冯琦;何德彪;罗敏;李莉;;计算机研究与发展;20201009(第10期);130-140 *

Also Published As

Publication number Publication date
CN114285577A (en) 2022-04-05

Similar Documents

Publication Publication Date Title
CN110351096B (en) Multiple signature method, signature center, program medium, and electronic device
CN108989047B (en) SM2 algorithm-based cooperative signature method and system for two communication parties
CN110166239B (en) User private key generation method and system, readable storage medium and electronic device
CN112187469B (en) SM2 multiparty collaborative digital signature method and system based on key factors
Hsu et al. Improvement of threshold proxy signature scheme
CN109743166B (en) Multiparty signature generation method and security information verification system
CN112000941B (en) Identity authentication method and system for mobile cloud computing
CN112906038B (en) Thresholding processing method, device and equipment based on SM9 key and storage medium
CN113468580B (en) Multi-party collaborative signature method and system
CN112787812A (en) Block chain-based calculation job processing method, device and system
CN110505056B (en) Collaborative signature method and device supporting trusted display
WO2013136235A1 (en) Byzantine fault tolerance and threshold coin tossing
CN114285577B (en) Multiparty collaborative signature method and system
CN107196839B (en) Service data processing method and device
JP2956709B2 (en) Public key generation method and apparatus
US5787178A (en) Computerized method for signing a message
Aydos et al. Implementing network security protocols based on elliptic curve cryptography
CN113259095B (en) Collaborative public key generation method, multi-party collaborative signature method and system
CN110943826B (en) Split key signature method and system based on SM2 algorithm
CN116961917A (en) ECDSA-based multiparty cooperative threshold signature method, device and system
CN110011903A (en) The evidence store method and equipment of Content of Communication
Li et al. Certificate-based key-insulated signature in the standard model
Wang et al. A (zero-knowledge) vector commitment with sum binding and its applications
Hsu et al. Efficient nonrepudiable threshold proxy signature scheme with known signers against the collusion attack
JP2697876B2 (en) Electronic bidding system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant