CN114760072A - Signature and signature verification method, device and storage medium - Google Patents

Signature and signature verification method, device and storage medium Download PDF

Info

Publication number
CN114760072A
CN114760072A CN202210660256.XA CN202210660256A CN114760072A CN 114760072 A CN114760072 A CN 114760072A CN 202210660256 A CN202210660256 A CN 202210660256A CN 114760072 A CN114760072 A CN 114760072A
Authority
CN
China
Prior art keywords
signature
key
party
message
digest
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210660256.XA
Other languages
Chinese (zh)
Other versions
CN114760072B (en
Inventor
晏志文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Yiketeng Information Technology Co ltd
Original Assignee
Nanjing Yiketeng Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Yiketeng Information Technology Co ltd filed Critical Nanjing Yiketeng Information Technology Co ltd
Priority to CN202210660256.XA priority Critical patent/CN114760072B/en
Publication of CN114760072A publication Critical patent/CN114760072A/en
Application granted granted Critical
Publication of CN114760072B publication Critical patent/CN114760072B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a signature and signature verification method, a signature and signature verification device and a storage medium, wherein the method comprises the following steps: the signature party and the key distribution party respectively cut the basic key into a plurality of signature key components and pre-store the signature key components as a key component sequence; when a signing party signs, calculating a digital signature aiming at a message to be signed based on the key component sequence, generating a signature result based on the digital signature and the identification information of the signing party, and sending the message to be signed and the signature result to a signature verifying party; and the signature checking party calculates the message digest of the message to be signed and entrusts the trusted party to complete signature checking operation according to the message digest, the signature result and a key component sequence prestored by a key distributor associated with the signature party. The technical scheme provided by the invention can solve the technical problem of quantum threat when a public key and a private key are used for signature and signature verification in the prior art.

Description

Signature and signature verification method, device and storage medium
Technical Field
The invention relates to the technical field of communication security, in particular to a signature and signature verification method, a signature and signature verification device and a storage medium.
Background
In the prior art, a traditional signature and signature verification method generally uses a public key and a private key, a signing party signs a message to be signed by using the private key, and a signature verification party verifies the signature by using the public key of a signing party. The security of the public and private key mode depends on a one-way trapdoor function based on mathematical problems, such as a prime factor decomposition problem of a large number, a discrete logarithm problem and an elliptic curve discrete logarithm problem, and the corresponding technical systems comprise a certificate public key system and a certificateless public key system.
The signature and signature verification method based on public and private keys has the advantages that the security of the signature completely depends on the security of the private key, so that the practical application at least faces the following technical problems:
1. the quantum algorithm represented by the schuler algorithm (Shor algorithm) is suitable for solving the periodic problem, the solution of the problems of large number decomposition, discrete logarithm and the like can be converted into the solution of the periodic problem, and the public and private key encryption algorithm is easy to break, so that quantum calculation brings huge security threat to a public and private key system;
2. the safety of the post-quantum security algorithm with quantum computation resistance represented by lattice codes and the like is still an open problem and still can be challenged by a classical algorithm or a new quantum algorithm;
3. the trust system constructed by the certificate chain has security dependency, and the security of the subsequent nodes can be directly invalidated when any node is broken.
In summary, it is desirable to provide a signature and signature verification method with long-term security to solve the quantum threat faced by the conventional public-private key.
Disclosure of Invention
The invention provides a signature and signature verification method, a signature and signature verification device and a storage medium, and aims to effectively solve the technical problem that quantum threat is faced when a public key and a private key are used for signature and signature verification in the prior art.
According to an aspect of the present invention, the present invention provides a signature and signature verification method, wherein the method comprises:
a key distributor associated with a signing party generates a base key and prepends the base key at the signing party, the signing party and the key distributor associated with the signing party cut the base key into a plurality of signing key components in the same manner, and the plurality of signing key components are each prestored in the form of a sequence of key components;
when the signing party signs a message to be signed, the signing party calculates a digital signature aiming at the message to be signed based on the prestored secret key component sequence, generates a signature result based on the digital signature and the identification information of the signing party, and sends the message to be signed and the signature result to a signature verifying party;
the signature verifier calculates the message digest of the message to be signed based on a preset hash operation mode;
and the verifying party entrusts a trusted party to complete the verifying operation according to the message digest, the signature result and the key component sequence prestored by the key distributor associated with the signing party.
Further, the signer calculates a digital signature for the message to be signed based on the pre-stored key component sequence, and generates a signature result based on the digital signature and the identification information of the signer, and sending the message to be signed and the signature result to the signer includes:
the signing party calculates the message digest corresponding to the message to be signed based on the preset hash operation mode, blocks the message digest to obtain a plurality of digest sub-blocks, and determines the key component index corresponding to each digest sub-block according to a preset mapping mode;
the signer calculates the message authentication code corresponding to each abstract subblock according to the key component index corresponding to each abstract subblock, determines the digital signature corresponding to the message to be signed based on the message authentication codes corresponding to the abstract subblocks, generates a signature result based on the digital signature and the identification information of the signer, and sends the message to be signed and the signature result to the signature verifier.
Further, the determining the key component index corresponding to each digest sub-block according to a preset mapping manner includes:
And for each digest sub-block, calculating the key component index corresponding to the digest sub-block according to the value of the digest sub-block, the total number of signature key components in the key component sequence and the bit length of the digest sub-block.
Further, the calculating, for each digest sub-block, the key component index corresponding to the digest sub-block according to the value of the digest sub-block, the total number of signature key components in the key component sequence, and the bit length of the digest sub-block includes:
for each digest sub-block, obtaining a key component index corresponding to the digest sub-block according to the following formula:
Figure 865227DEST_PATH_IMAGE001
wherein seq represents the key component index corresponding to the abstract subblock, the RoundDown function represents that rounding operation is performed towards the direction of decreasing absolute value,
Figure 947452DEST_PATH_IMAGE002
a value representing the digest subblock, N representing a total number of signature key components in the sequence of key components, and M representing a bit length of the digest subblock.
Further, the calculating, by the signer according to the key component index corresponding to each digest sub-block, the message authentication code corresponding to each digest sub-block includes:
for each digest sub-block, determining a target signature key component in the signature key component sequence according to the key component index corresponding to the digest sub-block, wherein a sequence number of the target signature key component in the signature key component sequence is determined according to a value of the key component index corresponding to the digest sub-block;
And calculating the target signature key component and the value of the digest sub-block according to a preset encryption mode based on Hash operation to obtain the message authentication code corresponding to the digest sub-block.
Further, the calculating the target signature key component and the value of the digest sub-block according to a preset encryption mode based on hash operation to obtain the message authentication code corresponding to the digest sub-block includes:
for each abstract sub-block, calculating the message authentication code corresponding to the abstract sub-block according to the following formula:
Figure 215623DEST_PATH_IMAGE003
wherein, the first and the second end of the pipe are connected with each other,
Figure 270166DEST_PATH_IMAGE004
represents the message authentication code corresponding to the digest sub-block, HMAC () represents the operation function corresponding to the preset encryption method based on hash operation,
Figure 231169DEST_PATH_IMAGE005
the value of the sub-block of the digest is represented,
Figure 3953DEST_PATH_IMAGE006
representing the target signature key component corresponding to the digest sub-block.
Further, the determining the digital signature corresponding to the message to be signed based on the message authentication codes corresponding to the plurality of digest sub-blocks includes:
and calculating a digital signature corresponding to the message to be signed based on the preset hash operation mode and the plurality of message authentication codes corresponding to the plurality of digest sub-blocks.
Further, the calculating a digital signature corresponding to the message to be signed based on the preset hash operation mode and the plurality of message authentication codes corresponding to the plurality of digest sub-blocks includes:
Calculating the digital signature based on:
Figure 810235DEST_PATH_IMAGE007
wherein Sign represents the digital signature, SM3() Representing the operation function corresponding to the preset hash operation mode,
Figure 984864DEST_PATH_IMAGE008
operations are performedA character means that two or more character strings are concatenated together to obtain one character string, an ID means identification information of the signer,
Figure 854119DEST_PATH_IMAGE009
representing n of said message authentication codes.
Further, the signing party trusting a trusted party to complete signing operation according to the message digest, the signature result and the key component sequence prestored by the key distributor associated with the signing party comprises:
the signing party performs identity authentication with the trusted party based on a first symmetric key mechanism, and sends a first signing request to the trusted party after the identity authentication is passed, wherein the first signing request comprises the message digest and the signature result;
the trusted party determines a target key distributor associated with the signing party according to the signing party identification information in the signature result;
the trusted party performs identity authentication with the target key distributor based on a second symmetric key mechanism, and sends a second signature verification request to the target key distributor after the identity authentication is passed, wherein the second signature verification request comprises the message digest and the signature result;
According to the message digest, the signing party identification information in the signing result and the pre-stored key component sequence, the target key distributor calculates a verification signature according to the same operation mode as the signing party, and determines that the signature verification result is successful under the condition that the verification signature is consistent with the digital signature, otherwise determines that the signature verification result is failed;
the target key distributor encrypts the signature verification result based on the second symmetric key mechanism, sends the signature verification result after the first encryption to the trusted party, the trusted party decrypts the signature verification result after the first encryption based on the second symmetric key mechanism, encrypts the decrypted signature verification result based on the first symmetric key mechanism, and sends the signature verification result after the second encryption to the signature verification party, and the signature verification party decrypts the signature verification result after the second encryption based on the first symmetric key mechanism to obtain the signature verification result.
According to another aspect of the present invention, the present invention further provides a signature and signature verification method, for a signer, where the method includes:
Receiving a base key sent by a key distributor associated with the signing party, cutting the base key into a plurality of signing key components, and pre-storing the plurality of signing key components in a key component sequence;
when a signature is carried out on a message to be signed, a digital signature aiming at the message to be signed is calculated based on a pre-stored key component sequence, a signature result is generated based on the digital signature and identification information of a signing party, the message to be signed and the signature result are sent to a signature verifying party, so that the signature verifying party is triggered to calculate a message digest of the message to be signed based on a preset hash operation mode, and a trusted party is entrusted to generate and pre-store the key component sequence according to the message digest, the signature result and a key distributing party associated with the signing party in the same mode as that of the signing party to complete signature verification operation.
According to another aspect of the present invention, the present invention further provides a signature and signature verification method for a signature verifier, wherein the method includes:
receiving a message to be signed and a signature result sent by a signer, and calculating a message digest of the message to be signed based on a preset hash operation mode;
Performing identity authentication with a trusted party based on a symmetric key mechanism, and sending a signature verification request to the trusted party after the identity authentication is passed so as to delegate the trusted party to complete signature verification operation according to the message digest, the signature result and a key component sequence prestored by a key distributor associated with a signature party, wherein the signature verification request comprises the message digest and the signature result;
and receiving the signature verification result returned by the trusted party and encrypted by the symmetric key mechanism.
According to another aspect of the present invention, the present invention further provides a signature and signature verification method for a trusted party associated with a signature verifier, the method comprising:
the method comprises the steps that identity authentication is conducted on the basis of a first symmetric key mechanism and a signature verification party, and a first signature verification request sent by the signature verification party is received after the identity authentication is passed, wherein the first signature verification request comprises a signature result generated by a signature party aiming at a message to be signed and a message digest obtained after the signature verification party calculates the message to be signed based on a preset hash operation mode;
determining a target key distributor associated with the signing party according to the signing result;
Performing identity authentication with the target key distributor based on a second symmetric key mechanism, and sending a second signature verification request to the target key distributor after the identity authentication is passed, wherein the second signature verification request comprises the message digest and the signature result, so as to trigger the target key distributor to calculate a verification signature according to the message digest, the signature result and a prestored key component sequence which is the same as the key component sequence prestored in the signature party, and determine and return a signature verification result encrypted based on the second symmetric key mechanism according to the verification signature;
and decrypting the encrypted signature verification result based on the second symmetric key mechanism, secondarily encrypting the decrypted signature verification result based on the first symmetric key mechanism, and sending the secondarily encrypted signature verification result to the signature verification party.
According to another aspect of the present invention, there is also provided a signature and verification method for a key distributor associated with a signing party, the method comprising:
generating a basic key and presetting the basic key at the signer, and triggering the signer to cut the basic key into a plurality of signature key components and prestore the signature key components in a key component sequence;
Cutting the base key into a plurality of signing key components in the same way as the signing party, and pre-storing the plurality of signing key components in a key component sequence;
receiving a signature result obtained by performing signature operation on a message to be signed by a signer through a pre-stored secret key component sequence by the signer associated with the signer and based on the pre-stored secret key component sequence, and a message digest obtained by calculating the message to be signed by the signer based on a preset hash operation mode;
and calculating a verification signature according to the message digest, the signature result and the pre-stored key component sequence, and determining and feeding back a signature verification result according to a comparison result of the verification signature and a digital signature calculated by the signature party carried in the signature result.
According to another aspect of the present invention, there is also provided a signature apparatus, comprising:
a key component sequence generating unit, which is used for receiving a basic key sent by a key distributor associated with a signing party, cutting the basic key into a plurality of signing key components and pre-storing the plurality of signing key components in a key component sequence mode;
The signature unit is used for calculating a digital signature aiming at a message to be signed based on a pre-stored key component sequence when the message to be signed is signed, generating a signature result based on the digital signature and the identification information of the signing party, sending the message to be signed and the signature result to a signature checking party, triggering the signature checking party to calculate a message digest of the message to be signed based on a preset hash operation mode, and entrusting a trusted party to generate and pre-store the key component sequence according to the message digest, the signature result and a key distributing party associated with the signing party in the same mode as the signing party to finish signature checking operation.
According to another aspect of the present invention, the present invention also provides an apparatus for verifying labels, which is characterized in that the apparatus comprises:
the message digest generation unit is used for receiving the message to be signed and the signature result sent by the signer and calculating the message digest of the message to be signed based on a preset hash operation mode;
the signature verification request sending unit is used for carrying out identity authentication with a trusted party based on a symmetric key mechanism and sending a signature verification request to the trusted party after the identity authentication is passed so as to delegate the trusted party to complete signature verification operation according to the message digest, the signature result and a key component sequence prestored by a key distributor associated with a signature party, wherein the signature verification request comprises the message digest and the signature result;
And the signature verification result receiving unit is used for receiving the signature verification result which is returned by the trusted party and encrypted by the symmetric key mechanism.
According to another aspect of the present invention, there is also provided a trusted device associated with an authenticator, the trusted device comprising:
the signature verification request receiving unit is used for performing identity authentication with the signature verifier based on a first symmetric key mechanism and receiving a first signature verification request sent by the signature verifier after the identity authentication passes, wherein the first signature verification request comprises a signature result generated by a message to be signed by a signature party and a message digest obtained by the signature verifier after the signature party calculates the message to be signed based on a preset hash operation mode;
a target key distributor determining unit, configured to determine a target key distributor associated with the signing party according to the signature result;
the signature verification unit is used for performing identity authentication with the target key distributor based on a second symmetric key mechanism and sending a second signature verification request to the target key distributor after the identity authentication is passed, wherein the second signature verification request comprises the message digest and the signature result so as to trigger the target key distributor to calculate a verification signature according to the message digest, the signature result and a prestored key component sequence which is the same as the prestored key component sequence in the signature party, and determine and return a signature verification result encrypted based on the second symmetric key mechanism according to the verification signature;
And the result feedback unit is used for decrypting the encrypted signature verification result based on the second symmetric key mechanism, secondarily encrypting the decrypted signature verification result based on the first symmetric key mechanism, and sending the secondarily encrypted signature verification result to the signature verifier.
According to another aspect of the present invention, there is also provided a key distribution apparatus associated with a signer, the key distribution apparatus including:
a key component sequence generating unit for generating a base key and prepending the base key at the signer, and triggering the signer to cut the base key into a plurality of signature key components and to pre-store the plurality of signature key components in a key component sequence, while cutting the base key into a plurality of signature key components in the same manner as the signer and pre-storing the plurality of signature key components in a key component sequence;
the receiving unit is used for receiving a signature result obtained by performing signature operation on a message to be signed by a signer through a pre-stored secret key component sequence by the signer associated with the signer and based on the pre-stored secret key component sequence, and a message digest obtained by calculating the message to be signed by the signer based on a preset hash operation mode;
And the signature verification unit is used for calculating a verification signature according to the message digest, the signature result and the prestored key component sequence, and determining and feeding back a signature verification result according to a comparison result of the verification signature and a digital signature calculated by the signer carried in the signature result.
According to another aspect of the present invention, there is also provided a storage medium having stored therein a plurality of instructions adapted to be loaded by a processor to perform any of the signature and verification methods described above.
Through one or more of the above embodiments of the present invention, at least the following technical effects can be achieved:
in the technical scheme disclosed by the invention, a key distributor presets a basic key on terminal equipment and generates a key component sequence, and determines a corresponding signature key component on the key component sequence according to a digest sub-block of a message digest of a message to be signed. The method and the device can adjust the length of the key and the randomness of use according to application requirements, and increase the flexibility of signature and signature verification.
In the scheme, the process of generating the signature and the process of verifying the signature are both based on the symmetric key, and a signature public key is not involved, and any associated information is not required to be published. The symmetric password solves the problems of identity authentication and message transmission among the signature verifying party, the trusted party and the key distributing party, and does not relate to a mathematical function which is depended by a public key and a private key and is easy to be attacked by a quantum. Therefore, the scheme solves the problem of quantum threat faced by public and private keys in the prior art, is a quantum-safe signature method and has long-term safety.
Drawings
The technical scheme and other beneficial effects of the invention are obvious from the detailed description of the specific embodiments of the invention in combination with the attached drawings.
Fig. 1 is a flowchart illustrating steps of a signature and signature verification method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a key ring according to an embodiment of the present invention;
fig. 3 is a schematic diagram of generating a digital signature according to an embodiment of the present invention;
fig. 4 is a schematic step diagram of a signature verification process according to an embodiment of the present invention;
FIG. 5 is a flowchart illustrating steps of a signature and signature verification method for a signer according to an embodiment of the present invention;
FIG. 6 is a flowchart illustrating steps of a signature verification method and a signature verification method for a signer according to an embodiment of the present invention;
FIG. 7 is a flowchart illustrating steps of a signing and signature verification method for a trusted party according to an embodiment of the present invention;
FIG. 8 is a flowchart illustrating steps of a signing and signature verification method for a key distributor according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of a signature apparatus according to an embodiment of the present invention;
fig. 10 is a schematic structural diagram of a tag verification apparatus according to an embodiment of the present invention;
fig. 11 is a schematic structural diagram of a trusted device according to an embodiment of the present invention;
Fig. 12 is a schematic structural diagram of a key distribution device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention. It should be apparent that the described embodiments are only some embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it should be noted that, unless explicitly specified or limited otherwise, the term "and/or" herein is only one kind of association relationship describing the associated object, which means that there may be three relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" in this document generally indicates that the preceding and following related objects are in an "or" relationship, unless otherwise specified.
Fig. 1 is a flowchart illustrating steps of a signature and signature verification method according to an embodiment of the present invention, where the signature and signature verification method includes:
Step 101: a key distributor associated with a signing party generates a base key and prepends the base key at the signing party, the signing party and the key distributor associated with the signing party cut the base key into a plurality of signing key components in the same manner, and the plurality of signing key components are each prestored in the form of a sequence of key components;
step 102: when the signing party signs a message to be signed, the signing party calculates a digital signature aiming at the message to be signed based on the prestored key component sequence, generates a signature result based on the digital signature and the identification information of the signing party, and sends the message to be signed and the signature result to a signature checking party;
step 103: the signature verifier calculates the message digest of the message to be signed based on a preset hash operation mode;
step 104: and the signer entrusts a trusted party to complete the signature verification operation according to the message digest, the signature result and the key component sequence prestored by the key distributor associated with the signer.
The method in steps 101 to 104 is described in detail below.
In the above step 101, a key distributor associated with a signing party generates a base key and prepends the base key at the signing party, the signing party and the key distributor associated with the signing party cut the base key into a plurality of signing key components in the same manner, and the plurality of signing key components are each pre-stored in a sequence of key components.
Illustratively, in the signature and signature verification system, there are a plurality of key distributors, each key distributor corresponds to a plurality of signature parties, the key distributor generates a corresponding basic key for each signature party, the database of the key distributor stores account information of the signature party and the corresponding basic key, and the account information may be an identity of the signature party. The key distributor associated with the signatory, after generating the base key, prepends the base key at the signatory in addition to storing the base key itself.
The key distributor and the signer store the same basic key and negotiate the same key processing algorithm, which is public, but the basic key is secret. The key distributor and the signing party cut the basic key into a plurality of signature key components according to the key component length required by the algorithm, and then respectively prestore the plurality of signature key components in a key component sequence mode, specifically, a signature key ring can be generated based on the plurality of signature key components. For example, fig. 2 is a schematic diagram of a key ring provided in an embodiment of the present invention, where a key length required by an algorithm is 64 bytes, N signing key components are cut, and a signing key ring is generated. The generation of the signature key ring can flexibly customize the length and the segmentation density of the key ring according to the security requirement, and the key length can be set according to the practical application, which is not limited by the invention.
The basic Key generated by the Key distributor may be a symmetric Key of a certain length, and the Key distributor may be a Key Distribution Center (KDC) that provides an authentication service running on a physical security server and maintains an account information database of all security principals in the field. As a third party that the signer and the verifier trust together, the key distributor knows the name of each account and the underlying key from which the account password is derived.
In the step 102, when the signing party signs a message to be signed, the signing party calculates a digital signature for the message to be signed based on the pre-stored key component sequence, generates a signature result based on the digital signature and the identification information of the signing party, and sends the message to be signed and the signature result to the signing party.
Exemplarily, the signing party has an original document to be signed, that is, a message to be signed, the message to be signed is similar to an electronic contract, the signing party needs to generate a signature result based on the message to be signed, the signature result is similar to a signature on the electronic contract, the signing party corresponding to the electronic contract can be determined according to the signature, and similarly, the signing party corresponding to the message to be signed can be determined according to the signature result.
When the signing party signs the message to be signed, the pre-stored key component sequence is processed according to an encryption algorithm, and finally the digital signature corresponding to the message to be signed is calculated, wherein the digital signature can be used for verifying the identity of the signing party, and the digital signature is a section of digital string which can not be forged and can be generated only by the signing party and is similar to a common physical signature written on paper. However, signing and authentication are methods for authenticating digital information implemented through encryption techniques. After the digital signature is generated, a signature result is generated based on the digital signature and the identification information of the signer, and the signer sends the message to be signed and the corresponding signature result to the signer.
In step 103, the signer calculates the message digest of the message to be signed based on a preset hash operation manner.
For example, after receiving the message to be signed and its corresponding signature result, the signer needs to verify whether the signature result is signed by the true signer, but not by an unknown person. However, the visa cannot verify the authenticity of the signature result, and the trusted party needs to be entrusted to determine the authenticity. Since the original file of the message to be signed may be large and may not be suitable for being published, the signature verifier does not directly send the message to be signed to the trusted party, but processes it into a corresponding message digest through a preset algorithm.
The preset algorithm is a hash operation method, specifically, SM3Encryption algorithm providing a cryptographic hash function standard, SM3Is mainly used for digital signature and verification, message authentication code generation and verification, random number generation, and the like, SM3Is a one-way function, and it is difficult to reverse the original input data from the result output by the hash function. Where the input data to the hash function is commonly referred to as a message and the output result is commonly referred to as a message digest.
In the above step 104, the signer delegates the trusted party to complete the signature verification operation according to the message digest, the signature result, and the key component sequence pre-stored by the key distributor associated with the signer.
Illustratively, the signature verifying party cannot directly verify the signature result but entrusts the trusted party to verify, and the trusted party cannot directly verify the signature result but determines the key distributing party corresponding to the signing party according to the information related to the signing party in the signature result and then sends the message digest and the signature result to the key distributing party, and the key distributing party verifies the signature result. The trusted party acts as a delivery and intermediary before the verifier and the key distributor. Therefore, it is the key distributor that finally verifies the signature result, and the trusted party forwards the signature verification result to the signature verifier. In particular, the trusted party may be a root of trust, which is an immutable process or identity that can provide trusted proof.
Further, in the solution disclosed in the present invention, in the above step 102, the signing party calculates a digital signature for the message to be signed based on the pre-stored key component sequence, and generates a signature result based on the digital signature and the identification information of the signing party, and sending the message to be signed and the signature result to the signing party includes:
the signing party calculates the message digest corresponding to the message to be signed based on the preset hash operation mode, blocks the message digest to obtain a plurality of digest sub-blocks, and determines the key component index corresponding to each digest sub-block according to a preset mapping mode;
the signer calculates the message authentication code corresponding to each abstract subblock according to the key component index corresponding to each abstract subblock, determines the digital signature corresponding to the message to be signed based on the message authentication codes corresponding to the abstract subblocks, generates a signature result based on the digital signature and the identification information of the signer, and sends the message to be signed and the signature result to the signature verifier.
For example, a signing party signs a message to be signed, the message to be signed is used as original information, and the data volume may be relatively large, so that the message to be signed cannot be directly signed and needs to be processed according to an encryption algorithm. Specifically, the message to be signed may be processed according to a preset hash operation mode and a corresponding message digest may be obtained. E.g. using the message to be signed as input data, according to SM 3The algorithm processes the data and outputs a message digest, SM3The algorithm requires the digest to be 256 bits in length. Wherein, SM3The algorithm is one-way Hash operation and can be processed into a message digest according to the message to be signedBut cannot deduce the message to be signed from the message digest.
For example, fig. 3 is a schematic diagram of generating a digital signature according to an embodiment of the present invention, as shown in fig. 3, the bit length of the message digest is 256 bits, the message digest is segmented according to the block length of 32 bits, and the 256 bits are divided into 8 digest sub-blocks with a length of 32 bits, each of which is a block1、block2…block8. Of course, the sub-blocks may also be divided into 16 digest sub-blocks with a length of 16 bits, and the length and number of the digest sub-blocks may be determined according to the application requirements.
And after a plurality of abstract sub-blocks are obtained, determining the key component index corresponding to each abstract sub-block according to a preset mapping mode. The used signature key component is calculated by a specified algorithm according to the digest sub-block of the message digest to participate in the signature calculation of the digest sub-block. Specifically, the block value is cut for each digestnA mapping algorithm is used to compute the signing key component index in its corresponding signing key ring. In fig. 3, the mapping algorithm corresponds to a GetKey function, and the GetKey function is used to operate a to-be-processed digest sub-block to obtain an integer value corresponding to the digest sub-block, and then the integer value is used as a key component index.
And the signer calculates the message authentication code corresponding to each abstract subblock according to the key component index corresponding to each abstract subblock. Specifically, after the key component index is determined, the key component corresponding to the digest sub-block is determined in the key component sequence preset in advance, one digest sub-block corresponds to one message authentication code, as shown in fig. 3, 8 blocks correspond to 8 message authentication codes, that is, H1、H2…H8
And then, determining a digital signature corresponding to the message to be signed based on the message authentication codes corresponding to the plurality of digest sub-blocks, namely performing data processing on the original fixed-sequence key component sequence, reordering part or all key components according to the key component indexes, wherein some key components can appear for multiple times, and finally obtaining the digital signature.
To associate the digital signature with the signing party, a signature result is generated based on the digital signature and the identification information of the signing party. And finally, sending the message to be signed and the signature result to a signature verifier, and after a person similar to the signing contract signs the contract original, sending the contract original, the signature and the personal information to the target object.
Further, the determining the key component index corresponding to each digest sub-block according to a preset mapping manner includes:
And for each digest sub-block, calculating the key component index corresponding to the digest sub-block according to the value of the digest sub-block, the total number of signature key components in the key component sequence and the bit length of the digest sub-block.
Further, the calculating, for each digest sub-block, the key component index corresponding to the digest sub-block according to the value of the digest sub-block, the total number of signature key components in the key component sequence, and the bit length of the digest sub-block includes:
for each digest sub-block, obtaining a key component index corresponding to the digest sub-block according to the following formula:
Figure 114199DEST_PATH_IMAGE001
wherein seq represents the key component index corresponding to the digest sub-block, the RoundDown function represents rounding towards the direction of decreasing absolute value,
Figure 724172DEST_PATH_IMAGE002
representing the value of the digest sub-block, N representing the total number of signature key components in the sequence of key components, and M representing the bit length of the digest sub-block.
Illustratively, as shown in fig. 3, the function corresponding to GetKey in the mapping algorithm in the figure is RoundDown, which is equivalent to performing a remainder operation on data. The key component index seq is calculated from the digest sub-block, by SM 3Arithmetic hash operation of any segment numberAccordingly, a message digest of 256 bits can be obtained, and after the message digest is cut into 8 blocks, each of the blocks has a length of 32 bits, and the value of the block ranges from 1 to 232. The N signature key components divide the 32-bit numerical range into N parts averagely, and each part is 232and/N is used. For example, each signature key component on the key ring has a length of 64 bytes, the preset 640 bytes can be divided into 10 keys, and N is 10. Block1Is 32 bits in length, and accordingly, the digest sub-block1Has a numerical value in the range of 1 to 232If block1Is 1, and the high 31 bits are all 0, then block1Is 1, respectively, 1 x 10 divided by 232The obtained number is a number smaller than 1, the rounding-down is 0, and the key component index corresponding to the digest sub-block is 0.
Further, the calculating, by the signer, the message authentication code corresponding to each digest sub-block according to the key component index corresponding to each digest sub-block includes:
for each digest subblock, determining a target signature key component in the signature key component sequence according to the key component index corresponding to the digest subblock, wherein the sequence number of the target signature key component in the signature key component sequence is determined according to the value of the key component index corresponding to the digest subblock;
And calculating the target signature key component and the value of the digest sub-block according to a preset encryption mode based on Hash operation to obtain the message authentication code corresponding to the digest sub-block.
Illustratively, after the key component index of each digest sub-block is determined, the signature key component corresponding to the digest sub-block is determined according to the value corresponding to the key component index. For example, the signing key component comprises 10 keys, if the digest sub-block1And if the index of the corresponding key component is 0, determining the first key in the 10 keys as the target signature key component.
And processing the target tag name key component and the value of the digest sub-block according to a preset encryption mode based on hash operation. In particular, using signature over key ringCalculating each digest subblock block by using the signature key component of the seqnThe message authentication code of (3). The encryption mode based on the Hash operation is specifically a Message Authentication Code algorithm (HMAC) based on a key, and HMAC operation is performed on the key component and the digest sub-block, which is equivalent to performing two Hash operations to generate a Message Authentication Code corresponding to each digest sub-block.
For example, SM-based can be used for each digest sub-block 3The HMAC algorithm of (1) calculates the message authentication code of the chunk, wherein the key of the HMAC is the signing key component in the signing key ring calculated from the digest sub-block. Using SM finally3The algorithm carries out hash calculation on the user identity ID and the message authentication code of each block of the message digest to generate a signature, and the signature and the user identity ID are used as a final signature result. Wherein, the same algorithm is adopted in the signature verification process.
Further, the calculating the target signature key component and the value of the digest sub-block according to a preset encryption mode based on hash operation to obtain the message authentication code corresponding to the digest sub-block includes:
for each abstract sub-block, calculating the message authentication code corresponding to the abstract sub-block according to the following formula:
Figure 956570DEST_PATH_IMAGE010
wherein the content of the first and second substances,
Figure 259375DEST_PATH_IMAGE011
represents the message authentication code corresponding to the digest sub-block, HMAC () represents the operation function corresponding to the preset encryption method based on hash operation,
Figure 741172DEST_PATH_IMAGE005
the value of the sub-block of the digest is represented,
Figure 154836DEST_PATH_IMAGE006
representing the target signature key division corresponding to the digest sub-blockAmount of the compound (A).
Illustratively, as shown in FIG. 3, the message authentication code is represented as HnThe HMAC algorithm is a method for message authentication based on a hash function and a secret key, and can be used in combination with any iterative hash function.
Further, the determining a digital signature corresponding to the message to be signed based on the message authentication codes corresponding to the plurality of digest sub-blocks includes:
and calculating a digital signature corresponding to the message to be signed based on the preset hash operation mode and the plurality of message authentication codes corresponding to the plurality of digest sub-blocks.
For example, the predetermined hash operation manner may be SM3Algorithm according to SM3The algorithm processes all message authentication codes to obtain a digital signature.
Further, the calculating a digital signature corresponding to the message to be signed based on the preset hash operation mode and the plurality of message authentication codes corresponding to the plurality of digest sub-blocks includes:
calculating the digital signature based on:
Figure 38479DEST_PATH_IMAGE007
wherein Sign represents the digital signature, SM3() Representing the operation function corresponding to the preset hash operation mode,
Figure 512185DEST_PATH_IMAGE008
the operator represents joining two or more character strings together to obtain one character string, the ID represents identification information of the signer,
Figure 481278DEST_PATH_IMAGE009
representing n of said message authentication codes.
Illustratively, a plurality of message authentication codes corresponding to a plurality of digest sub-blocks are connected to form a digital signature, and identification information of a signing party is added in the digital signature.
Further, the signing party entrusts a trusted party to complete the signing operation according to the message digest, the signature result and the key component sequence prestored by the key distributor associated with the signing party, and the signing operation comprises the following steps:
the signing party performs identity authentication with the trusted party based on a first symmetric key mechanism, and sends a first signing request to the trusted party after the identity authentication is passed, wherein the first signing request comprises the message digest and the signature result;
the trusted party determines a target key distributor associated with the signing party according to the signing party identification information in the signature result;
the trusted party performs identity authentication with the target key distributor based on a second symmetric key mechanism, and sends a second signature verification request to the target key distributor after the identity authentication is passed, wherein the second signature verification request comprises the message digest and the signature result;
according to the message digest, the signing party identification information in the signing result and the pre-stored key component sequence, the target key distributor calculates a verification signature according to the same operation mode as the signing party, and determines that the signature verification result is successful under the condition that the verification signature is consistent with the digital signature, otherwise determines that the signature verification result is failed;
The target key distributor encrypts the signature checking result based on the second symmetric key mechanism, sends the signature checking result after the first encryption to the trusted party, the trusted party decrypts the signature checking result after the first encryption based on the second symmetric key mechanism, encrypts the decrypted signature checking result based on the first symmetric key mechanism, and sends the signature checking result after the second encryption to the signature checking party, and the signature checking party decrypts the signature checking result after the second encryption based on the first symmetric key mechanism to obtain the signature checking result.
For example, the signature verifying party cannot verify the signature result by itself, but the trusted party is entrusted to find the target key distributor corresponding to the signature party and verify the signature result by the target key distributor. The target key distributor determines a self-stored key component sequence and a corresponding algorithm mode according to the identity of the signing party, processes the message to be signed and the key component sequence by using the same algorithm as the signing party to calculate a verification signature, compares the verification signature with the digital signature of the signature verifying party, if the verification signature is consistent with the digital signature of the signature verifying party, the verification result is successfully verified, and returns to the signature verifying party through a receiving party. The communication between the signature verifying party and the trusted party is based on a symmetric encryption algorithm, and the communication between the trusted party and the target key distributing party is also based on the symmetric encryption algorithm.
Fig. 4 is a schematic step diagram of a signature verification process provided in an embodiment of the present invention, and as shown in fig. 4, the method specifically includes the following steps:
(1) the signature direction sends a message to be signed and a signature result to the signature verifier;
(2) the signature checking party and the trusted party complete identity authentication through the symmetric key, initiate a signature checking request to the trusted party, and send a message digest to be signed and a signature result;
(3) the receiver inquires a target key distribution party to which the receiver belongs through the ID of the signer, and determines a KDC instance of the key distribution center;
(4) the trusted party and the target key distributor complete identity authentication through the symmetric key, initiate a signature checking request to the target key distributor, and send a message digest to be signed and a signature result;
(5) the target secret key distributor verifies the signature result by using the same algorithm as the signature party, encrypts the signature verification result and returns the encrypted signature verification result to the trusted party;
(6) the trusted party decrypts the signature verification result and returns the signature verification result to the signature verifier through the encryption of the symmetric key between the trusted party and the signature verifier.
Through one or more of the above embodiments in the present invention, at least the following technical effects can be achieved:
in the technical scheme disclosed by the invention, a key distributor presets a basic key on terminal equipment and generates a key component sequence, and determines a signature key component corresponding to the key component sequence according to a digest sub-block of a message digest of a message to be signed. The method and the device can adjust the length of the key and the randomness of use according to application requirements, and increase the flexibility of signature and signature verification.
In the scheme, the signature generating process and the signature verifying process are based on the symmetric key, a signature public key is not involved, and any associated information is not required to be published. The symmetric password solves the problems of identity authentication and message transmission among the signature checking party, the trusted party and the key distribution party, and does not relate to a mathematical function which is depended by a public key and a private key and is easy to attack by a quantum. Therefore, the method solves the problem of quantum threat faced by public and private keys in the prior art, is a quantum-safe signature method, and has long-term safety.
Fig. 5 is a flowchart of steps of a signature and signature verification method for a signer according to an embodiment of the present invention, and according to a second aspect of the present invention, based on the same inventive concept as the signature and signature verification method according to the embodiment of the present invention, the present invention further provides a signature and signature verification method for the signer, as shown in fig. 5, where the method includes:
step 201: receiving a base key sent by a key distributor associated with the signing party, cutting the base key into a plurality of signing key components, and pre-storing the plurality of signing key components in a key component sequence;
Step 202: when a signature is carried out on a message to be signed, a digital signature aiming at the message to be signed is calculated based on a pre-stored key component sequence, a signature result is generated based on the digital signature and identification information of a signing party, the message to be signed and the signature result are sent to a signature verifying party, so that the signature verifying party is triggered to calculate a message digest of the message to be signed based on a preset hash operation mode, and a trusted party is entrusted to generate and pre-store the key component sequence according to the message digest, the signature result and a key distributing party associated with the signing party in the same mode as that of the signing party to complete signature verification operation.
Other aspects and implementation details of the signature and signature verification method are the same as or similar to those of the authentication and key agreement method described above, and are not repeated herein.
Fig. 6 is a flowchart of steps of a signature and signature verification method for a signer according to an embodiment of the present invention, and according to a third aspect of the present invention, based on the same inventive concept as the signature and signature verification method according to the embodiment of the present invention, the present invention further provides a signature and signature verification method for the signer, as shown in fig. 6, where the method includes:
Step 301: receiving a message to be signed and a signature result sent by a signer, and calculating a message digest of the message to be signed based on a preset hash operation mode;
step 302: identity authentication is carried out with a trusted party based on a symmetric key mechanism, and a signature verification request is sent to the trusted party after the identity authentication is passed so as to delegate the trusted party to complete signature verification operation according to the message digest, the signature result and a key component sequence prestored by a key distributor associated with a signature party, wherein the signature verification request comprises the message digest and the signature result;
step 303: and receiving a signature verification result returned by the trusted party and encrypted by the symmetric key mechanism.
Other aspects and implementation details of the signature and signature verification method are the same as or similar to those of the authentication and key agreement method described above, and are not described herein again.
Fig. 7 is a flowchart of steps of a signature and signature verification method for a recipient according to an embodiment of the present invention, and according to a fourth aspect of the present invention, based on the same inventive concept as that of the signature and signature verification method according to the embodiment of the present invention, the present invention further provides a signature and signature verification method for a recipient associated with a signature verifier, as shown in fig. 7, where the method includes:
Step 401: the method comprises the steps that identity authentication is conducted on the basis of a first symmetric key mechanism and a signature verification party, and a first signature verification request sent by the signature verification party is received after the identity authentication is passed, wherein the first signature verification request comprises a signature result generated by a signature party aiming at a message to be signed and a message digest obtained after the signature verification party calculates the message to be signed based on a preset hash operation mode;
step 402: determining a target key distributor associated with the signing party according to the signing result;
step 403: performing identity authentication with the target key distributor based on a second symmetric key mechanism, and sending a second signature verification request to the target key distributor after the identity authentication is passed, wherein the second signature verification request comprises the message digest and the signature result, so as to trigger the target key distributor to calculate a verification signature according to the message digest, the signature result and a prestored key component sequence which is the same as the prestored key component sequence in the signature party, and determine and return a signature verification result encrypted based on the second symmetric key mechanism according to the verification signature;
step 404: and decrypting the encrypted signature verification result based on the second symmetric key mechanism, secondarily encrypting the decrypted signature verification result based on the first symmetric key mechanism, and sending the secondarily encrypted signature verification result to the signature verification party.
Other aspects and implementation details of the signature and signature verification method are the same as or similar to those of the authentication and key agreement method described above, and are not repeated herein.
Fig. 8 is a flowchart of steps of a signature and verification method for a key distributor according to an embodiment of the present invention, and based on the same inventive concept as that of the signature and verification method according to the embodiment of the present invention, according to a fifth aspect of the present invention, the present invention further provides a signature and verification method for a key distributor associated with a signing party, as shown in fig. 8, where the method includes:
step 501: generating a basic key and presetting the basic key at the signer, and triggering the signer to cut the basic key into a plurality of signature key components and pre-store the signature key components in a key component sequence;
step 502: cutting the base key into a plurality of signing key components in the same way as the signing party, and pre-storing the plurality of signing key components in a key component sequence;
step 503: receiving a signature result obtained by a signature party which is sent by a signature party associated with the signature party through a receiver and carries out signature operation on a message to be signed by the signature party based on the prestored key component sequence and a message digest obtained by the signature party after the signature party carries out calculation on the message to be signed based on a preset hash operation mode;
Step 504: and calculating a verification signature according to the message digest, the signature result and the pre-stored key component sequence, and determining and feeding back a signature verification result according to a comparison result of the verification signature and a digital signature calculated by the signer carried in the signature result.
Other aspects and implementation details of the signature and signature verification method are the same as or similar to those of the authentication and key agreement method described above, and are not repeated herein.
Fig. 9 is a schematic structural diagram of a signature apparatus according to an embodiment of the present invention, and according to a sixth aspect of the present invention, based on the same inventive concept as that of a signature and signature verification method according to an embodiment of the present invention, the present invention further provides a signature apparatus, as shown in fig. 9, where the signature apparatus includes:
a key component sequence generating unit 601, configured to receive a base key sent by a key distributor associated with a signing party, cut the base key into a plurality of signing key components, and pre-store the plurality of signing key components in a key component sequence;
the signature unit 602 is configured to, when signing a message to be signed, calculate a digital signature for the message to be signed based on a pre-stored key component sequence, generate a signature result based on the digital signature and identification information of a signer, send the message to be signed and the signature result to a signer, trigger the signer to calculate a message digest of the message to be signed based on a preset hash operation manner, and delegate a trusted party to generate and pre-store the key component sequence in the same manner as the signer according to the message digest, the signature result, and a key distributor associated with the signer.
Fig. 10 is a schematic structural diagram of a signature verifying apparatus according to an embodiment of the present invention, and according to a seventh aspect of the present invention, based on the same inventive concept as that of a signature and signature verifying method according to an embodiment of the present invention, the present invention further provides a signature verifying apparatus, as shown in fig. 10, where the signature verifying apparatus includes:
a message digest generation unit 701, configured to receive a message to be signed and a signature result sent by a signer, and calculate a message digest of the message to be signed based on a preset hash operation manner;
a signature verification request sending unit 702, configured to perform identity authentication with a trusted party based on a symmetric key mechanism, and send a signature verification request to the trusted party after the identity authentication passes, so as to delegate the trusted party to complete a signature verification operation according to the message digest, the signature result, and a key component sequence pre-stored by a key distributor associated with a signing party, where the signature verification request includes the message digest and the signature result;
and an endorsement result receiving unit 703, configured to receive the endorsement result returned by the trusted party and encrypted by the symmetric key mechanism.
Fig. 11 is a schematic structural diagram of a trusted device according to an embodiment of the present invention, and according to an eighth aspect of the present invention, based on the same inventive concept as the signature and signature verification method according to the embodiment of the present invention, the present invention further provides a trusted device, where the trusted device is associated with a signature verifier, as shown in fig. 11, where the trusted device includes:
A signature verification request receiving unit 801, configured to perform identity authentication with the signature verifier based on a first symmetric key mechanism, and receive a first signature verification request sent by the signature verifier after the identity authentication passes, where the first signature verification request includes a signature result generated by a signature party for a message to be signed and a message digest obtained by the signature verifier by calculating the message to be signed based on a preset hash operation manner;
a target key distributor determining unit 802, configured to determine a target key distributor associated with the signing party according to the signature result;
a signature verification unit 803, configured to perform identity authentication with the target key distributor based on a second symmetric key mechanism, and send a second signature verification request to the target key distributor after the identity authentication passes, where the second signature verification request includes the message digest and the signature result, so as to trigger the target key distributor to calculate a verification signature according to the message digest, the signature result, and a pre-stored key component sequence that is the same as a pre-stored key component sequence in the signature party, and determine and return a signature verification result encrypted based on the second symmetric key mechanism according to the verification signature;
And the result feedback unit 804 is configured to decrypt the encrypted signature verification result based on the second symmetric key mechanism, perform secondary encryption on the decrypted signature verification result based on the first symmetric key mechanism, and send the twice-encrypted signature verification result to the signature verifier.
Fig. 12 is a schematic structural diagram of a key distribution apparatus according to an embodiment of the present invention, and according to a ninth aspect of the present invention, based on the same inventive concept as that of a signature and signature verification method according to an embodiment of the present invention, the present invention further provides a key distribution apparatus, where the key distribution apparatus is associated with a signing party, as shown in fig. 12, where the key distribution apparatus includes:
a key component sequence generating unit 901, configured to generate a base key and preset the base key at the signer, and trigger the signer to cut the base key into a plurality of signature key components and pre-store the plurality of signature key components in a key component sequence, while cutting the base key into a plurality of signature key components in the same manner as the signer and pre-storing the plurality of signature key components in a key component sequence;
A receiving unit 902, configured to receive a signature result obtained by performing a signature operation on a message to be signed by a signer associated with the signer and sent by a receiver based on a pre-stored key component sequence, and a message digest obtained by calculating the message to be signed by the signer based on a preset hash operation manner;
and the signature verification unit 903 is configured to calculate a verification signature according to the message digest, the signature result, and the pre-stored key component sequence, and determine and feed back a signature verification result according to a comparison result between the verification signature and a digital signature calculated by the signer and carried in the signature result.
According to another aspect of the present invention, there is also provided a storage medium having stored therein a plurality of instructions adapted to be loaded by a processor to perform any of the signature and signature verification methods described above.
In summary, although the present invention has been described with reference to the preferred embodiments, the above-described preferred embodiments are not intended to limit the present invention, and those skilled in the art can make various changes and modifications without departing from the spirit and scope of the present invention, therefore, the scope of the present invention shall be determined by the appended claims.

Claims (18)

1. A method of signing and verifying, the method comprising:
a key distributor associated with a signer generates a base key and prepends the base key at the signer, the signer and the key distributor associated with the signer cut the base key into a plurality of signing key components in the same way, and pre-store the plurality of signing key components in a sequence of key components each;
when the signing party signs a message to be signed, the signing party calculates a digital signature aiming at the message to be signed based on the prestored secret key component sequence, generates a signature result based on the digital signature and the identification information of the signing party, and sends the message to be signed and the signature result to a signature verifying party;
the signature verifying party calculates the message digest of the message to be signed based on a preset hash operation mode;
and the verifying party entrusts a trusted party to complete the verifying operation according to the message digest, the signature result and the key component sequence prestored by the key distributor associated with the signing party.
2. The method of claim 1, wherein the signer computes a digital signature for the message to be signed based on a pre-stored sequence of the key components and generates a signature result based on the digital signature and identification information of the signer, and sending the message to be signed and the signature result to a signer comprises:
The signing party calculates the message digest corresponding to the message to be signed based on the preset hash operation mode, blocks the message digest to obtain a plurality of digest sub-blocks, and determines the key component index corresponding to each digest sub-block according to a preset mapping mode;
the signer calculates the message authentication code corresponding to each abstract subblock according to the key component index corresponding to each abstract subblock, determines the digital signature corresponding to the message to be signed based on the message authentication codes corresponding to the abstract subblocks, generates a signature result based on the digital signature and the identification information of the signer, and sends the message to be signed and the signature result to the signature verifier.
3. The method as claimed in claim 2, wherein the determining the key component index corresponding to each of the digest sub-blocks according to a predetermined mapping manner comprises:
and for each digest sub-block, calculating the key component index corresponding to the digest sub-block according to the value of the digest sub-block, the total number of signature key components in the key component sequence and the bit length of the digest sub-block.
4. The method of claim 3, wherein for each of the digest sub-blocks, calculating the key component index corresponding to the digest sub-block according to the value of the digest sub-block, the total number of signature key components in the key component sequence, and the bit length of the digest sub-block comprises:
for each digest sub-block, obtaining a key component index corresponding to the digest sub-block according to the following formula:
Figure 861477DEST_PATH_IMAGE001
wherein seq represents the key component index corresponding to the digest sub-block, the RoundDown function represents rounding towards the direction of decreasing absolute value,
Figure 44197DEST_PATH_IMAGE002
representing the value of the digest sub-block, N representing the total number of signature key components in the sequence of key components, and M representing the bit length of the digest sub-block.
5. The method as claimed in claim 4, wherein said calculating, by said signer, the message authentication code corresponding to each of said digest sub-blocks according to the key component index corresponding to each of said digest sub-blocks comprises:
for each digest subblock, determining a target signature key component in the signature key component sequence according to the key component index corresponding to the digest subblock, wherein the sequence number of the target signature key component in the signature key component sequence is determined according to the value of the key component index corresponding to the digest subblock;
And calculating the target signature key component and the value of the digest sub-block according to a preset encryption mode based on Hash operation to obtain the message authentication code corresponding to the digest sub-block.
6. The method as claimed in claim 5, wherein the calculating the target signing key component and the value of the digest sub-block according to a predetermined encryption method based on hash operation to obtain the message authentication code corresponding to the digest sub-block comprises:
for each abstract sub-block, calculating the message authentication code corresponding to the abstract sub-block according to the following formula:
Figure 355092DEST_PATH_IMAGE003
wherein, the first and the second end of the pipe are connected with each other,
Figure 281460DEST_PATH_IMAGE004
represents the message authentication code corresponding to the digest sub-block, HMAC () represents the operation function corresponding to the preset encryption method based on hash operation,
Figure 626991DEST_PATH_IMAGE005
the value of the sub-block of the digest is represented,
Figure 980612DEST_PATH_IMAGE006
representing the target signature key component corresponding to the digest sub-block.
7. The method of claim 6, wherein the determining the digital signature corresponding to the message to be signed based on the message authentication codes corresponding to the plurality of digest sub-blocks comprises:
and calculating a digital signature corresponding to the message to be signed based on the preset hash operation mode and the plurality of message authentication codes corresponding to the plurality of digest sub-blocks.
8. The method as claimed in claim 7, wherein said calculating the digital signature corresponding to the message to be signed based on the predetermined hash operation and the plurality of message authentication codes corresponding to the plurality of digest sub-blocks comprises:
calculating the digital signature based on:
Figure 575541DEST_PATH_IMAGE007
wherein Sign represents the digital signature, SM3() Representing the operation function corresponding to the preset hash operation mode,
Figure 305600DEST_PATH_IMAGE008
the operator indicates that two or more character strings are concatenated together to obtain one character string, the ID indicates identification information of the signer,
Figure 240058DEST_PATH_IMAGE009
representing n of said message authentication codes.
9. The method of claim 1, wherein the signer delegating a trusted party to perform a signature verification operation based on the message digest, the signature result, and the sequence of key components pre-stored by the key distributor associated with the signing party comprises:
the signing party performs identity authentication with the trusted party based on a first symmetric key mechanism, and sends a first signing request to the trusted party after the identity authentication is passed, wherein the first signing request comprises the message digest and the signature result;
the trusted party determines a target key distributor associated with the signing party according to the signing party identification information in the signature result;
The trusted party performs identity authentication with the target key distributor based on a second symmetric key mechanism, and sends a second signature verification request to the target key distributor after the identity authentication is passed, wherein the second signature verification request comprises the message digest and the signature result;
according to the message digest, the signing party identification information in the signing result and the pre-stored key component sequence, the target key distributor calculates a verification signature according to the same operation mode as the signing party, and determines that the signature verification result is successful under the condition that the verification signature is consistent with the digital signature, otherwise determines that the signature verification result is failed;
the target key distributor encrypts the signature verification result based on the second symmetric key mechanism, sends the signature verification result after the first encryption to the trusted party, the trusted party decrypts the signature verification result after the first encryption based on the second symmetric key mechanism, encrypts the decrypted signature verification result based on the first symmetric key mechanism, and sends the signature verification result after the second encryption to the signature verification party, and the signature verification party decrypts the signature verification result after the second encryption based on the first symmetric key mechanism to obtain the signature verification result.
10. A signature and signature verification method for a signer, the method comprising:
receiving a base key sent by a key distributor associated with the signing party, cutting the base key into a plurality of signing key components, and pre-storing the plurality of signing key components in a key component sequence;
when a signature is carried out on a message to be signed, a digital signature aiming at the message to be signed is calculated based on a pre-stored key component sequence, a signature result is generated based on the digital signature and identification information of a signing party, the message to be signed and the signature result are sent to a signature verifying party, so that the signature verifying party is triggered to calculate a message digest of the message to be signed based on a preset hash operation mode, and a trusted party is entrusted to generate and pre-store the key component sequence according to the message digest, the signature result and a key distributing party associated with the signing party in the same mode as that of the signing party to complete signature verification operation.
11. A signature and signature verification method is used for a signature verifier, and is characterized by comprising the following steps:
receiving a message to be signed and a signature result sent by a signer, and calculating a message digest of the message to be signed based on a preset hash operation mode;
Performing identity authentication with a trusted party based on a symmetric key mechanism, and sending a signature verification request to the trusted party after the identity authentication is passed so as to delegate the trusted party to complete signature verification operation according to the message digest, the signature result and a key component sequence prestored by a key distributor associated with a signature party, wherein the signature verification request comprises the message digest and the signature result;
and receiving a signature verification result returned by the trusted party and encrypted by the symmetric key mechanism.
12. A signature and signature verification method for a trusted party associated with a signature verifier, the method comprising:
the method comprises the steps that identity authentication is conducted on the basis of a first symmetric key mechanism and a signature verification party, and a first signature verification request sent by the signature verification party is received after the identity authentication is passed, wherein the first signature verification request comprises a signature result generated by a signature party aiming at a message to be signed and a message digest obtained after the signature verification party calculates the message to be signed based on a preset hash operation mode;
determining a target key distributor associated with the signing party according to the signing result;
performing identity authentication with the target key distributor based on a second symmetric key mechanism, and sending a second signature verification request to the target key distributor after the identity authentication is passed, wherein the second signature verification request comprises the message digest and the signature result, so as to trigger the target key distributor to calculate a verification signature according to the message digest, the signature result and a prestored key component sequence which is the same as the prestored key component sequence in the signature party, and determine and return a signature verification result encrypted based on the second symmetric key mechanism according to the verification signature;
And decrypting the encrypted signature verification result based on the second symmetric key mechanism, secondarily encrypting the decrypted signature verification result based on the first symmetric key mechanism, and sending the secondarily encrypted signature verification result to the signature verification party.
13. A signing and signature verification method for a key distributor associated with a signing party, the method comprising:
generating a basic key and presetting the basic key at the signer, and triggering the signer to cut the basic key into a plurality of signature key components and prestore the signature key components in a key component sequence;
cutting the base key into a plurality of signing key components in the same way as the signing party, and pre-storing the plurality of signing key components in a key component sequence;
receiving a signature result obtained by a signature party which is sent by a signature party associated with the signature party through a receiver and carries out signature operation on a message to be signed by the signature party based on the prestored key component sequence and a message digest obtained by the signature party after the signature party carries out calculation on the message to be signed based on a preset hash operation mode;
And calculating a verification signature according to the message digest, the signature result and the pre-stored key component sequence, and determining and feeding back a signature verification result according to a comparison result of the verification signature and a digital signature calculated by the signature party carried in the signature result.
14. A signature apparatus, characterized in that the signature apparatus comprises:
a key component sequence generating unit, which is used for receiving a basic key sent by a key distributor associated with a signing party, cutting the basic key into a plurality of signing key components and pre-storing the plurality of signing key components in a key component sequence mode;
the signature unit is used for calculating a digital signature aiming at a message to be signed based on a prestored secret key component sequence when the message to be signed is signed, generating a signature result based on the digital signature and identification information of a signing party, sending the message to be signed and the signature result to a signature checking party, triggering the signature checking party to calculate a message digest of the message to be signed based on a preset hash operation mode and entrusting a trusted party to generate and prestore the secret key component sequence in the same mode as that of the signing party according to the message digest, the signature result and a secret key distributing party associated with the signing party to complete signature checking operation.
15. An identification device, characterized in that, the identification device includes:
the message digest generation unit is used for receiving the message to be signed and the signature result sent by the signer and calculating the message digest of the message to be signed based on a preset hash operation mode;
the signature verification request sending unit is used for carrying out identity authentication with a trusted party based on a symmetric key mechanism and sending a signature verification request to the trusted party after the identity authentication is passed so as to entrust the trusted party to complete signature verification operation according to the message digest, the signature result and a key component sequence prestored by a key distributor associated with a signing party, wherein the signature verification request comprises the message digest and the signature result;
and the signature verification result receiving unit is used for receiving the signature verification result returned by the receiver after being encrypted by the symmetric key mechanism.
16. A trusted device, said trusted device associated with a signatory, said trusted device comprising:
the signature verification request receiving unit is used for performing identity authentication with the signature verification party based on a first symmetric key mechanism and receiving a first signature verification request sent by the signature verification party after the identity authentication is passed, wherein the first signature verification request comprises a signature result generated by a signature party aiming at a message to be signed and a message digest obtained by the signature verification party after the signature verification party calculates the message to be signed based on a preset hash operation mode;
The target key distributor determining unit is used for determining a target key distributor associated with the signing party according to the signing result;
the signature verification unit is used for performing identity authentication with the target key distributor based on a second symmetric key mechanism and sending a second signature verification request to the target key distributor after the identity authentication is passed, wherein the second signature verification request comprises the message digest and the signature result so as to trigger the target key distributor to calculate a verification signature according to the message digest, the signature result and a prestored key component sequence which is the same as the prestored key component sequence in the signature party and determine and return a signature verification result encrypted based on the second symmetric key mechanism according to the verification signature;
and the result feedback unit is used for decrypting the encrypted signature verification result based on the second symmetric key mechanism, carrying out secondary encryption on the decrypted signature verification result based on the first symmetric key mechanism, and sending the signature verification result subjected to secondary encryption to the signature verification party.
17. A key distribution apparatus associated with a signer, the key distribution apparatus comprising:
A key component sequence generating unit for generating a base key and prepending the base key at the signer, and triggering the signer to cut the base key into a plurality of signature key components and to pre-store the plurality of signature key components in a key component sequence, while cutting the base key into a plurality of signature key components in the same manner as the signer and pre-storing the plurality of signature key components in a key component sequence;
the receiving unit is used for receiving a signature result obtained by performing signature operation on a message to be signed by a signer through a pre-stored secret key component sequence by the signer associated with the signer and based on the pre-stored secret key component sequence, and a message digest obtained by calculating the message to be signed by the signer based on a preset hash operation mode;
and the signature verification unit is used for calculating a verification signature according to the message digest, the signature result and the prestored key component sequence, and determining and feeding back a signature verification result according to a comparison result of the verification signature and a digital signature calculated by the signer carried in the signature result.
18. A storage medium having stored therein a plurality of instructions adapted to be loaded by a processor to perform the method of any one of claims 10-13.
CN202210660256.XA 2022-06-13 2022-06-13 Signature and signature verification method, device and storage medium Active CN114760072B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210660256.XA CN114760072B (en) 2022-06-13 2022-06-13 Signature and signature verification method, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210660256.XA CN114760072B (en) 2022-06-13 2022-06-13 Signature and signature verification method, device and storage medium

Publications (2)

Publication Number Publication Date
CN114760072A true CN114760072A (en) 2022-07-15
CN114760072B CN114760072B (en) 2022-09-02

Family

ID=82336502

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210660256.XA Active CN114760072B (en) 2022-06-13 2022-06-13 Signature and signature verification method, device and storage medium

Country Status (1)

Country Link
CN (1) CN114760072B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117094012A (en) * 2023-08-21 2023-11-21 中胜信用管理有限公司 Intelligent verification method and system for electronic authorization order

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019047418A1 (en) * 2017-09-05 2019-03-14 深圳奥联信息安全技术有限公司 Digital signature method, device and system
CN109818747A (en) * 2018-12-28 2019-05-28 苏州科达科技股份有限公司 Digital signature method and device
CN111404696A (en) * 2020-03-31 2020-07-10 中国建设银行股份有限公司 Collaborative signature method, security service middleware, related platform and system
CN112906056A (en) * 2021-03-17 2021-06-04 广东工业大学 Cloud storage key security management method based on block chain
CN113381856A (en) * 2021-07-07 2021-09-10 北京明朝万达科技股份有限公司 Digital signature and signature verification method, system, device and storage medium
CN113573304A (en) * 2020-04-28 2021-10-29 刘琦 Signature realization method, signature verification method, signature terminal, signature verification terminal and storage medium
CN114374523A (en) * 2022-03-23 2022-04-19 南京易科腾信息技术有限公司 Signature verification method and device and storage medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019047418A1 (en) * 2017-09-05 2019-03-14 深圳奥联信息安全技术有限公司 Digital signature method, device and system
CN109818747A (en) * 2018-12-28 2019-05-28 苏州科达科技股份有限公司 Digital signature method and device
CN111404696A (en) * 2020-03-31 2020-07-10 中国建设银行股份有限公司 Collaborative signature method, security service middleware, related platform and system
CN113573304A (en) * 2020-04-28 2021-10-29 刘琦 Signature realization method, signature verification method, signature terminal, signature verification terminal and storage medium
CN112906056A (en) * 2021-03-17 2021-06-04 广东工业大学 Cloud storage key security management method based on block chain
CN113381856A (en) * 2021-07-07 2021-09-10 北京明朝万达科技股份有限公司 Digital signature and signature verification method, system, device and storage medium
CN114374523A (en) * 2022-03-23 2022-04-19 南京易科腾信息技术有限公司 Signature verification method and device and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117094012A (en) * 2023-08-21 2023-11-21 中胜信用管理有限公司 Intelligent verification method and system for electronic authorization order
CN117094012B (en) * 2023-08-21 2024-04-30 中胜信用管理有限公司 Intelligent verification method and system for electronic authorization order

Also Published As

Publication number Publication date
CN114760072B (en) 2022-09-02

Similar Documents

Publication Publication Date Title
CN110213042B (en) Cloud data deduplication method based on certificate-free proxy re-encryption
US9800416B2 (en) Distributed validation of digitally signed electronic documents
CN111314089B (en) SM 2-based two-party collaborative signature method and decryption method
CN113364576B (en) Data encryption evidence storing and sharing method based on block chain
Mironov Hash functions: Theory, attacks, and applications
US6868160B1 (en) System and method for providing secure sharing of electronic data
CN114730420A (en) System and method for generating signatures
US20030126085A1 (en) Dynamic authentication of electronic messages using a reference to a certificate
JPH10510692A (en) Computer assisted exchange method of encryption key between user computer unit U and network computer unit N
WO2020065633A1 (en) Method, user device, management device, storage medium and computer program product for key management
CN114726546B (en) Digital identity authentication method, device, equipment and storage medium
CN112003707A (en) Quantum computation attack resistant block chain digital signature encryption method and system
WO2012147001A1 (en) Data encryption
CN114760072B (en) Signature and signature verification method, device and storage medium
Kumar et al. An efficient implementation of digital signature algorithm with SRNN public key cryptography
CN116318784B (en) Identity authentication method, identity authentication device, computer equipment and storage medium
CN113656818B (en) Trusted-free third party cloud storage ciphertext deduplication method and system meeting semantic security
CN116318654A (en) SM2 algorithm collaborative signature system, method and equipment integrating quantum key distribution
JP2006319485A (en) Signature device, signature encryption device, verification device, decoding device, restoration device, information providing device, communication system, signature method, signature encryption method, and verification method
Kanagamani et al. Zero knowledge based data deduplication using in-line Block Matching protocolfor secure cloud storage
Abbdal et al. Secure third party auditor for ensuring data integrity in cloud storage
WO2005018138A1 (en) Generation and validation of diffie-hellman digital signatures
CN111723405A (en) Decentralized multiple digital signature/electronic signature method
Rogobete et al. Hashing and Message Authentication Code Implementation. An Embedded Approach.
KR100525124B1 (en) Method for Verifying Digitally Signed Documents

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant