CN114760072A - Signature and signature verification method, device and storage medium - Google Patents
Signature and signature verification method, device and storage medium Download PDFInfo
- Publication number
- CN114760072A CN114760072A CN202210660256.XA CN202210660256A CN114760072A CN 114760072 A CN114760072 A CN 114760072A CN 202210660256 A CN202210660256 A CN 202210660256A CN 114760072 A CN114760072 A CN 114760072A
- Authority
- CN
- China
- Prior art keywords
- signature
- key
- party
- message
- digest
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a signature and signature verification method, a signature and signature verification device and a storage medium, wherein the method comprises the following steps: the signature party and the key distribution party respectively cut the basic key into a plurality of signature key components and pre-store the signature key components as a key component sequence; when a signing party signs, calculating a digital signature aiming at a message to be signed based on the key component sequence, generating a signature result based on the digital signature and the identification information of the signing party, and sending the message to be signed and the signature result to a signature verifying party; and the signature checking party calculates the message digest of the message to be signed and entrusts the trusted party to complete signature checking operation according to the message digest, the signature result and a key component sequence prestored by a key distributor associated with the signature party. The technical scheme provided by the invention can solve the technical problem of quantum threat when a public key and a private key are used for signature and signature verification in the prior art.
Description
Technical Field
The invention relates to the technical field of communication security, in particular to a signature and signature verification method, a signature and signature verification device and a storage medium.
Background
In the prior art, a traditional signature and signature verification method generally uses a public key and a private key, a signing party signs a message to be signed by using the private key, and a signature verification party verifies the signature by using the public key of a signing party. The security of the public and private key mode depends on a one-way trapdoor function based on mathematical problems, such as a prime factor decomposition problem of a large number, a discrete logarithm problem and an elliptic curve discrete logarithm problem, and the corresponding technical systems comprise a certificate public key system and a certificateless public key system.
The signature and signature verification method based on public and private keys has the advantages that the security of the signature completely depends on the security of the private key, so that the practical application at least faces the following technical problems:
1. the quantum algorithm represented by the schuler algorithm (Shor algorithm) is suitable for solving the periodic problem, the solution of the problems of large number decomposition, discrete logarithm and the like can be converted into the solution of the periodic problem, and the public and private key encryption algorithm is easy to break, so that quantum calculation brings huge security threat to a public and private key system;
2. the safety of the post-quantum security algorithm with quantum computation resistance represented by lattice codes and the like is still an open problem and still can be challenged by a classical algorithm or a new quantum algorithm;
3. the trust system constructed by the certificate chain has security dependency, and the security of the subsequent nodes can be directly invalidated when any node is broken.
In summary, it is desirable to provide a signature and signature verification method with long-term security to solve the quantum threat faced by the conventional public-private key.
Disclosure of Invention
The invention provides a signature and signature verification method, a signature and signature verification device and a storage medium, and aims to effectively solve the technical problem that quantum threat is faced when a public key and a private key are used for signature and signature verification in the prior art.
According to an aspect of the present invention, the present invention provides a signature and signature verification method, wherein the method comprises:
a key distributor associated with a signing party generates a base key and prepends the base key at the signing party, the signing party and the key distributor associated with the signing party cut the base key into a plurality of signing key components in the same manner, and the plurality of signing key components are each prestored in the form of a sequence of key components;
when the signing party signs a message to be signed, the signing party calculates a digital signature aiming at the message to be signed based on the prestored secret key component sequence, generates a signature result based on the digital signature and the identification information of the signing party, and sends the message to be signed and the signature result to a signature verifying party;
the signature verifier calculates the message digest of the message to be signed based on a preset hash operation mode;
and the verifying party entrusts a trusted party to complete the verifying operation according to the message digest, the signature result and the key component sequence prestored by the key distributor associated with the signing party.
Further, the signer calculates a digital signature for the message to be signed based on the pre-stored key component sequence, and generates a signature result based on the digital signature and the identification information of the signer, and sending the message to be signed and the signature result to the signer includes:
the signing party calculates the message digest corresponding to the message to be signed based on the preset hash operation mode, blocks the message digest to obtain a plurality of digest sub-blocks, and determines the key component index corresponding to each digest sub-block according to a preset mapping mode;
the signer calculates the message authentication code corresponding to each abstract subblock according to the key component index corresponding to each abstract subblock, determines the digital signature corresponding to the message to be signed based on the message authentication codes corresponding to the abstract subblocks, generates a signature result based on the digital signature and the identification information of the signer, and sends the message to be signed and the signature result to the signature verifier.
Further, the determining the key component index corresponding to each digest sub-block according to a preset mapping manner includes:
And for each digest sub-block, calculating the key component index corresponding to the digest sub-block according to the value of the digest sub-block, the total number of signature key components in the key component sequence and the bit length of the digest sub-block.
Further, the calculating, for each digest sub-block, the key component index corresponding to the digest sub-block according to the value of the digest sub-block, the total number of signature key components in the key component sequence, and the bit length of the digest sub-block includes:
for each digest sub-block, obtaining a key component index corresponding to the digest sub-block according to the following formula:
wherein seq represents the key component index corresponding to the abstract subblock, the RoundDown function represents that rounding operation is performed towards the direction of decreasing absolute value,a value representing the digest subblock, N representing a total number of signature key components in the sequence of key components, and M representing a bit length of the digest subblock.
Further, the calculating, by the signer according to the key component index corresponding to each digest sub-block, the message authentication code corresponding to each digest sub-block includes:
for each digest sub-block, determining a target signature key component in the signature key component sequence according to the key component index corresponding to the digest sub-block, wherein a sequence number of the target signature key component in the signature key component sequence is determined according to a value of the key component index corresponding to the digest sub-block;
And calculating the target signature key component and the value of the digest sub-block according to a preset encryption mode based on Hash operation to obtain the message authentication code corresponding to the digest sub-block.
Further, the calculating the target signature key component and the value of the digest sub-block according to a preset encryption mode based on hash operation to obtain the message authentication code corresponding to the digest sub-block includes:
for each abstract sub-block, calculating the message authentication code corresponding to the abstract sub-block according to the following formula:
wherein, the first and the second end of the pipe are connected with each other,represents the message authentication code corresponding to the digest sub-block, HMAC () represents the operation function corresponding to the preset encryption method based on hash operation,the value of the sub-block of the digest is represented,representing the target signature key component corresponding to the digest sub-block.
Further, the determining the digital signature corresponding to the message to be signed based on the message authentication codes corresponding to the plurality of digest sub-blocks includes:
and calculating a digital signature corresponding to the message to be signed based on the preset hash operation mode and the plurality of message authentication codes corresponding to the plurality of digest sub-blocks.
Further, the calculating a digital signature corresponding to the message to be signed based on the preset hash operation mode and the plurality of message authentication codes corresponding to the plurality of digest sub-blocks includes:
Calculating the digital signature based on:
wherein Sign represents the digital signature, SM3() Representing the operation function corresponding to the preset hash operation mode,operations are performedA character means that two or more character strings are concatenated together to obtain one character string, an ID means identification information of the signer,representing n of said message authentication codes.
Further, the signing party trusting a trusted party to complete signing operation according to the message digest, the signature result and the key component sequence prestored by the key distributor associated with the signing party comprises:
the signing party performs identity authentication with the trusted party based on a first symmetric key mechanism, and sends a first signing request to the trusted party after the identity authentication is passed, wherein the first signing request comprises the message digest and the signature result;
the trusted party determines a target key distributor associated with the signing party according to the signing party identification information in the signature result;
the trusted party performs identity authentication with the target key distributor based on a second symmetric key mechanism, and sends a second signature verification request to the target key distributor after the identity authentication is passed, wherein the second signature verification request comprises the message digest and the signature result;
According to the message digest, the signing party identification information in the signing result and the pre-stored key component sequence, the target key distributor calculates a verification signature according to the same operation mode as the signing party, and determines that the signature verification result is successful under the condition that the verification signature is consistent with the digital signature, otherwise determines that the signature verification result is failed;
the target key distributor encrypts the signature verification result based on the second symmetric key mechanism, sends the signature verification result after the first encryption to the trusted party, the trusted party decrypts the signature verification result after the first encryption based on the second symmetric key mechanism, encrypts the decrypted signature verification result based on the first symmetric key mechanism, and sends the signature verification result after the second encryption to the signature verification party, and the signature verification party decrypts the signature verification result after the second encryption based on the first symmetric key mechanism to obtain the signature verification result.
According to another aspect of the present invention, the present invention further provides a signature and signature verification method, for a signer, where the method includes:
Receiving a base key sent by a key distributor associated with the signing party, cutting the base key into a plurality of signing key components, and pre-storing the plurality of signing key components in a key component sequence;
when a signature is carried out on a message to be signed, a digital signature aiming at the message to be signed is calculated based on a pre-stored key component sequence, a signature result is generated based on the digital signature and identification information of a signing party, the message to be signed and the signature result are sent to a signature verifying party, so that the signature verifying party is triggered to calculate a message digest of the message to be signed based on a preset hash operation mode, and a trusted party is entrusted to generate and pre-store the key component sequence according to the message digest, the signature result and a key distributing party associated with the signing party in the same mode as that of the signing party to complete signature verification operation.
According to another aspect of the present invention, the present invention further provides a signature and signature verification method for a signature verifier, wherein the method includes:
receiving a message to be signed and a signature result sent by a signer, and calculating a message digest of the message to be signed based on a preset hash operation mode;
Performing identity authentication with a trusted party based on a symmetric key mechanism, and sending a signature verification request to the trusted party after the identity authentication is passed so as to delegate the trusted party to complete signature verification operation according to the message digest, the signature result and a key component sequence prestored by a key distributor associated with a signature party, wherein the signature verification request comprises the message digest and the signature result;
and receiving the signature verification result returned by the trusted party and encrypted by the symmetric key mechanism.
According to another aspect of the present invention, the present invention further provides a signature and signature verification method for a trusted party associated with a signature verifier, the method comprising:
the method comprises the steps that identity authentication is conducted on the basis of a first symmetric key mechanism and a signature verification party, and a first signature verification request sent by the signature verification party is received after the identity authentication is passed, wherein the first signature verification request comprises a signature result generated by a signature party aiming at a message to be signed and a message digest obtained after the signature verification party calculates the message to be signed based on a preset hash operation mode;
determining a target key distributor associated with the signing party according to the signing result;
Performing identity authentication with the target key distributor based on a second symmetric key mechanism, and sending a second signature verification request to the target key distributor after the identity authentication is passed, wherein the second signature verification request comprises the message digest and the signature result, so as to trigger the target key distributor to calculate a verification signature according to the message digest, the signature result and a prestored key component sequence which is the same as the key component sequence prestored in the signature party, and determine and return a signature verification result encrypted based on the second symmetric key mechanism according to the verification signature;
and decrypting the encrypted signature verification result based on the second symmetric key mechanism, secondarily encrypting the decrypted signature verification result based on the first symmetric key mechanism, and sending the secondarily encrypted signature verification result to the signature verification party.
According to another aspect of the present invention, there is also provided a signature and verification method for a key distributor associated with a signing party, the method comprising:
generating a basic key and presetting the basic key at the signer, and triggering the signer to cut the basic key into a plurality of signature key components and prestore the signature key components in a key component sequence;
Cutting the base key into a plurality of signing key components in the same way as the signing party, and pre-storing the plurality of signing key components in a key component sequence;
receiving a signature result obtained by performing signature operation on a message to be signed by a signer through a pre-stored secret key component sequence by the signer associated with the signer and based on the pre-stored secret key component sequence, and a message digest obtained by calculating the message to be signed by the signer based on a preset hash operation mode;
and calculating a verification signature according to the message digest, the signature result and the pre-stored key component sequence, and determining and feeding back a signature verification result according to a comparison result of the verification signature and a digital signature calculated by the signature party carried in the signature result.
According to another aspect of the present invention, there is also provided a signature apparatus, comprising:
a key component sequence generating unit, which is used for receiving a basic key sent by a key distributor associated with a signing party, cutting the basic key into a plurality of signing key components and pre-storing the plurality of signing key components in a key component sequence mode;
The signature unit is used for calculating a digital signature aiming at a message to be signed based on a pre-stored key component sequence when the message to be signed is signed, generating a signature result based on the digital signature and the identification information of the signing party, sending the message to be signed and the signature result to a signature checking party, triggering the signature checking party to calculate a message digest of the message to be signed based on a preset hash operation mode, and entrusting a trusted party to generate and pre-store the key component sequence according to the message digest, the signature result and a key distributing party associated with the signing party in the same mode as the signing party to finish signature checking operation.
According to another aspect of the present invention, the present invention also provides an apparatus for verifying labels, which is characterized in that the apparatus comprises:
the message digest generation unit is used for receiving the message to be signed and the signature result sent by the signer and calculating the message digest of the message to be signed based on a preset hash operation mode;
the signature verification request sending unit is used for carrying out identity authentication with a trusted party based on a symmetric key mechanism and sending a signature verification request to the trusted party after the identity authentication is passed so as to delegate the trusted party to complete signature verification operation according to the message digest, the signature result and a key component sequence prestored by a key distributor associated with a signature party, wherein the signature verification request comprises the message digest and the signature result;
And the signature verification result receiving unit is used for receiving the signature verification result which is returned by the trusted party and encrypted by the symmetric key mechanism.
According to another aspect of the present invention, there is also provided a trusted device associated with an authenticator, the trusted device comprising:
the signature verification request receiving unit is used for performing identity authentication with the signature verifier based on a first symmetric key mechanism and receiving a first signature verification request sent by the signature verifier after the identity authentication passes, wherein the first signature verification request comprises a signature result generated by a message to be signed by a signature party and a message digest obtained by the signature verifier after the signature party calculates the message to be signed based on a preset hash operation mode;
a target key distributor determining unit, configured to determine a target key distributor associated with the signing party according to the signature result;
the signature verification unit is used for performing identity authentication with the target key distributor based on a second symmetric key mechanism and sending a second signature verification request to the target key distributor after the identity authentication is passed, wherein the second signature verification request comprises the message digest and the signature result so as to trigger the target key distributor to calculate a verification signature according to the message digest, the signature result and a prestored key component sequence which is the same as the prestored key component sequence in the signature party, and determine and return a signature verification result encrypted based on the second symmetric key mechanism according to the verification signature;
And the result feedback unit is used for decrypting the encrypted signature verification result based on the second symmetric key mechanism, secondarily encrypting the decrypted signature verification result based on the first symmetric key mechanism, and sending the secondarily encrypted signature verification result to the signature verifier.
According to another aspect of the present invention, there is also provided a key distribution apparatus associated with a signer, the key distribution apparatus including:
a key component sequence generating unit for generating a base key and prepending the base key at the signer, and triggering the signer to cut the base key into a plurality of signature key components and to pre-store the plurality of signature key components in a key component sequence, while cutting the base key into a plurality of signature key components in the same manner as the signer and pre-storing the plurality of signature key components in a key component sequence;
the receiving unit is used for receiving a signature result obtained by performing signature operation on a message to be signed by a signer through a pre-stored secret key component sequence by the signer associated with the signer and based on the pre-stored secret key component sequence, and a message digest obtained by calculating the message to be signed by the signer based on a preset hash operation mode;
And the signature verification unit is used for calculating a verification signature according to the message digest, the signature result and the prestored key component sequence, and determining and feeding back a signature verification result according to a comparison result of the verification signature and a digital signature calculated by the signer carried in the signature result.
According to another aspect of the present invention, there is also provided a storage medium having stored therein a plurality of instructions adapted to be loaded by a processor to perform any of the signature and verification methods described above.
Through one or more of the above embodiments of the present invention, at least the following technical effects can be achieved:
in the technical scheme disclosed by the invention, a key distributor presets a basic key on terminal equipment and generates a key component sequence, and determines a corresponding signature key component on the key component sequence according to a digest sub-block of a message digest of a message to be signed. The method and the device can adjust the length of the key and the randomness of use according to application requirements, and increase the flexibility of signature and signature verification.
In the scheme, the process of generating the signature and the process of verifying the signature are both based on the symmetric key, and a signature public key is not involved, and any associated information is not required to be published. The symmetric password solves the problems of identity authentication and message transmission among the signature verifying party, the trusted party and the key distributing party, and does not relate to a mathematical function which is depended by a public key and a private key and is easy to be attacked by a quantum. Therefore, the scheme solves the problem of quantum threat faced by public and private keys in the prior art, is a quantum-safe signature method and has long-term safety.
Drawings
The technical scheme and other beneficial effects of the invention are obvious from the detailed description of the specific embodiments of the invention in combination with the attached drawings.
Fig. 1 is a flowchart illustrating steps of a signature and signature verification method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a key ring according to an embodiment of the present invention;
fig. 3 is a schematic diagram of generating a digital signature according to an embodiment of the present invention;
fig. 4 is a schematic step diagram of a signature verification process according to an embodiment of the present invention;
FIG. 5 is a flowchart illustrating steps of a signature and signature verification method for a signer according to an embodiment of the present invention;
FIG. 6 is a flowchart illustrating steps of a signature verification method and a signature verification method for a signer according to an embodiment of the present invention;
FIG. 7 is a flowchart illustrating steps of a signing and signature verification method for a trusted party according to an embodiment of the present invention;
FIG. 8 is a flowchart illustrating steps of a signing and signature verification method for a key distributor according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of a signature apparatus according to an embodiment of the present invention;
fig. 10 is a schematic structural diagram of a tag verification apparatus according to an embodiment of the present invention;
fig. 11 is a schematic structural diagram of a trusted device according to an embodiment of the present invention;
Fig. 12 is a schematic structural diagram of a key distribution device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention. It should be apparent that the described embodiments are only some embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it should be noted that, unless explicitly specified or limited otherwise, the term "and/or" herein is only one kind of association relationship describing the associated object, which means that there may be three relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" in this document generally indicates that the preceding and following related objects are in an "or" relationship, unless otherwise specified.
Fig. 1 is a flowchart illustrating steps of a signature and signature verification method according to an embodiment of the present invention, where the signature and signature verification method includes:
Step 101: a key distributor associated with a signing party generates a base key and prepends the base key at the signing party, the signing party and the key distributor associated with the signing party cut the base key into a plurality of signing key components in the same manner, and the plurality of signing key components are each prestored in the form of a sequence of key components;
step 102: when the signing party signs a message to be signed, the signing party calculates a digital signature aiming at the message to be signed based on the prestored key component sequence, generates a signature result based on the digital signature and the identification information of the signing party, and sends the message to be signed and the signature result to a signature checking party;
step 103: the signature verifier calculates the message digest of the message to be signed based on a preset hash operation mode;
step 104: and the signer entrusts a trusted party to complete the signature verification operation according to the message digest, the signature result and the key component sequence prestored by the key distributor associated with the signer.
The method in steps 101 to 104 is described in detail below.
In the above step 101, a key distributor associated with a signing party generates a base key and prepends the base key at the signing party, the signing party and the key distributor associated with the signing party cut the base key into a plurality of signing key components in the same manner, and the plurality of signing key components are each pre-stored in a sequence of key components.
Illustratively, in the signature and signature verification system, there are a plurality of key distributors, each key distributor corresponds to a plurality of signature parties, the key distributor generates a corresponding basic key for each signature party, the database of the key distributor stores account information of the signature party and the corresponding basic key, and the account information may be an identity of the signature party. The key distributor associated with the signatory, after generating the base key, prepends the base key at the signatory in addition to storing the base key itself.
The key distributor and the signer store the same basic key and negotiate the same key processing algorithm, which is public, but the basic key is secret. The key distributor and the signing party cut the basic key into a plurality of signature key components according to the key component length required by the algorithm, and then respectively prestore the plurality of signature key components in a key component sequence mode, specifically, a signature key ring can be generated based on the plurality of signature key components. For example, fig. 2 is a schematic diagram of a key ring provided in an embodiment of the present invention, where a key length required by an algorithm is 64 bytes, N signing key components are cut, and a signing key ring is generated. The generation of the signature key ring can flexibly customize the length and the segmentation density of the key ring according to the security requirement, and the key length can be set according to the practical application, which is not limited by the invention.
The basic Key generated by the Key distributor may be a symmetric Key of a certain length, and the Key distributor may be a Key Distribution Center (KDC) that provides an authentication service running on a physical security server and maintains an account information database of all security principals in the field. As a third party that the signer and the verifier trust together, the key distributor knows the name of each account and the underlying key from which the account password is derived.
In the step 102, when the signing party signs a message to be signed, the signing party calculates a digital signature for the message to be signed based on the pre-stored key component sequence, generates a signature result based on the digital signature and the identification information of the signing party, and sends the message to be signed and the signature result to the signing party.
Exemplarily, the signing party has an original document to be signed, that is, a message to be signed, the message to be signed is similar to an electronic contract, the signing party needs to generate a signature result based on the message to be signed, the signature result is similar to a signature on the electronic contract, the signing party corresponding to the electronic contract can be determined according to the signature, and similarly, the signing party corresponding to the message to be signed can be determined according to the signature result.
When the signing party signs the message to be signed, the pre-stored key component sequence is processed according to an encryption algorithm, and finally the digital signature corresponding to the message to be signed is calculated, wherein the digital signature can be used for verifying the identity of the signing party, and the digital signature is a section of digital string which can not be forged and can be generated only by the signing party and is similar to a common physical signature written on paper. However, signing and authentication are methods for authenticating digital information implemented through encryption techniques. After the digital signature is generated, a signature result is generated based on the digital signature and the identification information of the signer, and the signer sends the message to be signed and the corresponding signature result to the signer.
In step 103, the signer calculates the message digest of the message to be signed based on a preset hash operation manner.
For example, after receiving the message to be signed and its corresponding signature result, the signer needs to verify whether the signature result is signed by the true signer, but not by an unknown person. However, the visa cannot verify the authenticity of the signature result, and the trusted party needs to be entrusted to determine the authenticity. Since the original file of the message to be signed may be large and may not be suitable for being published, the signature verifier does not directly send the message to be signed to the trusted party, but processes it into a corresponding message digest through a preset algorithm.
The preset algorithm is a hash operation method, specifically, SM3Encryption algorithm providing a cryptographic hash function standard, SM3Is mainly used for digital signature and verification, message authentication code generation and verification, random number generation, and the like, SM3Is a one-way function, and it is difficult to reverse the original input data from the result output by the hash function. Where the input data to the hash function is commonly referred to as a message and the output result is commonly referred to as a message digest.
In the above step 104, the signer delegates the trusted party to complete the signature verification operation according to the message digest, the signature result, and the key component sequence pre-stored by the key distributor associated with the signer.
Illustratively, the signature verifying party cannot directly verify the signature result but entrusts the trusted party to verify, and the trusted party cannot directly verify the signature result but determines the key distributing party corresponding to the signing party according to the information related to the signing party in the signature result and then sends the message digest and the signature result to the key distributing party, and the key distributing party verifies the signature result. The trusted party acts as a delivery and intermediary before the verifier and the key distributor. Therefore, it is the key distributor that finally verifies the signature result, and the trusted party forwards the signature verification result to the signature verifier. In particular, the trusted party may be a root of trust, which is an immutable process or identity that can provide trusted proof.
Further, in the solution disclosed in the present invention, in the above step 102, the signing party calculates a digital signature for the message to be signed based on the pre-stored key component sequence, and generates a signature result based on the digital signature and the identification information of the signing party, and sending the message to be signed and the signature result to the signing party includes:
the signing party calculates the message digest corresponding to the message to be signed based on the preset hash operation mode, blocks the message digest to obtain a plurality of digest sub-blocks, and determines the key component index corresponding to each digest sub-block according to a preset mapping mode;
the signer calculates the message authentication code corresponding to each abstract subblock according to the key component index corresponding to each abstract subblock, determines the digital signature corresponding to the message to be signed based on the message authentication codes corresponding to the abstract subblocks, generates a signature result based on the digital signature and the identification information of the signer, and sends the message to be signed and the signature result to the signature verifier.
For example, a signing party signs a message to be signed, the message to be signed is used as original information, and the data volume may be relatively large, so that the message to be signed cannot be directly signed and needs to be processed according to an encryption algorithm. Specifically, the message to be signed may be processed according to a preset hash operation mode and a corresponding message digest may be obtained. E.g. using the message to be signed as input data, according to SM 3The algorithm processes the data and outputs a message digest, SM3The algorithm requires the digest to be 256 bits in length. Wherein, SM3The algorithm is one-way Hash operation and can be processed into a message digest according to the message to be signedBut cannot deduce the message to be signed from the message digest.
For example, fig. 3 is a schematic diagram of generating a digital signature according to an embodiment of the present invention, as shown in fig. 3, the bit length of the message digest is 256 bits, the message digest is segmented according to the block length of 32 bits, and the 256 bits are divided into 8 digest sub-blocks with a length of 32 bits, each of which is a block1、block2…block8. Of course, the sub-blocks may also be divided into 16 digest sub-blocks with a length of 16 bits, and the length and number of the digest sub-blocks may be determined according to the application requirements.
And after a plurality of abstract sub-blocks are obtained, determining the key component index corresponding to each abstract sub-block according to a preset mapping mode. The used signature key component is calculated by a specified algorithm according to the digest sub-block of the message digest to participate in the signature calculation of the digest sub-block. Specifically, the block value is cut for each digestnA mapping algorithm is used to compute the signing key component index in its corresponding signing key ring. In fig. 3, the mapping algorithm corresponds to a GetKey function, and the GetKey function is used to operate a to-be-processed digest sub-block to obtain an integer value corresponding to the digest sub-block, and then the integer value is used as a key component index.
And the signer calculates the message authentication code corresponding to each abstract subblock according to the key component index corresponding to each abstract subblock. Specifically, after the key component index is determined, the key component corresponding to the digest sub-block is determined in the key component sequence preset in advance, one digest sub-block corresponds to one message authentication code, as shown in fig. 3, 8 blocks correspond to 8 message authentication codes, that is, H1、H2…H8。
And then, determining a digital signature corresponding to the message to be signed based on the message authentication codes corresponding to the plurality of digest sub-blocks, namely performing data processing on the original fixed-sequence key component sequence, reordering part or all key components according to the key component indexes, wherein some key components can appear for multiple times, and finally obtaining the digital signature.
To associate the digital signature with the signing party, a signature result is generated based on the digital signature and the identification information of the signing party. And finally, sending the message to be signed and the signature result to a signature verifier, and after a person similar to the signing contract signs the contract original, sending the contract original, the signature and the personal information to the target object.
Further, the determining the key component index corresponding to each digest sub-block according to a preset mapping manner includes:
And for each digest sub-block, calculating the key component index corresponding to the digest sub-block according to the value of the digest sub-block, the total number of signature key components in the key component sequence and the bit length of the digest sub-block.
Further, the calculating, for each digest sub-block, the key component index corresponding to the digest sub-block according to the value of the digest sub-block, the total number of signature key components in the key component sequence, and the bit length of the digest sub-block includes:
for each digest sub-block, obtaining a key component index corresponding to the digest sub-block according to the following formula:
wherein seq represents the key component index corresponding to the digest sub-block, the RoundDown function represents rounding towards the direction of decreasing absolute value,representing the value of the digest sub-block, N representing the total number of signature key components in the sequence of key components, and M representing the bit length of the digest sub-block.
Illustratively, as shown in fig. 3, the function corresponding to GetKey in the mapping algorithm in the figure is RoundDown, which is equivalent to performing a remainder operation on data. The key component index seq is calculated from the digest sub-block, by SM 3Arithmetic hash operation of any segment numberAccordingly, a message digest of 256 bits can be obtained, and after the message digest is cut into 8 blocks, each of the blocks has a length of 32 bits, and the value of the block ranges from 1 to 232. The N signature key components divide the 32-bit numerical range into N parts averagely, and each part is 232and/N is used. For example, each signature key component on the key ring has a length of 64 bytes, the preset 640 bytes can be divided into 10 keys, and N is 10. Block1Is 32 bits in length, and accordingly, the digest sub-block1Has a numerical value in the range of 1 to 232If block1Is 1, and the high 31 bits are all 0, then block1Is 1, respectively, 1 x 10 divided by 232The obtained number is a number smaller than 1, the rounding-down is 0, and the key component index corresponding to the digest sub-block is 0.
Further, the calculating, by the signer, the message authentication code corresponding to each digest sub-block according to the key component index corresponding to each digest sub-block includes:
for each digest subblock, determining a target signature key component in the signature key component sequence according to the key component index corresponding to the digest subblock, wherein the sequence number of the target signature key component in the signature key component sequence is determined according to the value of the key component index corresponding to the digest subblock;
And calculating the target signature key component and the value of the digest sub-block according to a preset encryption mode based on Hash operation to obtain the message authentication code corresponding to the digest sub-block.
Illustratively, after the key component index of each digest sub-block is determined, the signature key component corresponding to the digest sub-block is determined according to the value corresponding to the key component index. For example, the signing key component comprises 10 keys, if the digest sub-block1And if the index of the corresponding key component is 0, determining the first key in the 10 keys as the target signature key component.
And processing the target tag name key component and the value of the digest sub-block according to a preset encryption mode based on hash operation. In particular, using signature over key ringCalculating each digest subblock block by using the signature key component of the seqnThe message authentication code of (3). The encryption mode based on the Hash operation is specifically a Message Authentication Code algorithm (HMAC) based on a key, and HMAC operation is performed on the key component and the digest sub-block, which is equivalent to performing two Hash operations to generate a Message Authentication Code corresponding to each digest sub-block.
For example, SM-based can be used for each digest sub-block 3The HMAC algorithm of (1) calculates the message authentication code of the chunk, wherein the key of the HMAC is the signing key component in the signing key ring calculated from the digest sub-block. Using SM finally3The algorithm carries out hash calculation on the user identity ID and the message authentication code of each block of the message digest to generate a signature, and the signature and the user identity ID are used as a final signature result. Wherein, the same algorithm is adopted in the signature verification process.
Further, the calculating the target signature key component and the value of the digest sub-block according to a preset encryption mode based on hash operation to obtain the message authentication code corresponding to the digest sub-block includes:
for each abstract sub-block, calculating the message authentication code corresponding to the abstract sub-block according to the following formula:
wherein the content of the first and second substances,represents the message authentication code corresponding to the digest sub-block, HMAC () represents the operation function corresponding to the preset encryption method based on hash operation,the value of the sub-block of the digest is represented,representing the target signature key division corresponding to the digest sub-blockAmount of the compound (A).
Illustratively, as shown in FIG. 3, the message authentication code is represented as HnThe HMAC algorithm is a method for message authentication based on a hash function and a secret key, and can be used in combination with any iterative hash function.
Further, the determining a digital signature corresponding to the message to be signed based on the message authentication codes corresponding to the plurality of digest sub-blocks includes:
and calculating a digital signature corresponding to the message to be signed based on the preset hash operation mode and the plurality of message authentication codes corresponding to the plurality of digest sub-blocks.
For example, the predetermined hash operation manner may be SM3Algorithm according to SM3The algorithm processes all message authentication codes to obtain a digital signature.
Further, the calculating a digital signature corresponding to the message to be signed based on the preset hash operation mode and the plurality of message authentication codes corresponding to the plurality of digest sub-blocks includes:
calculating the digital signature based on:
wherein Sign represents the digital signature, SM3() Representing the operation function corresponding to the preset hash operation mode,the operator represents joining two or more character strings together to obtain one character string, the ID represents identification information of the signer,representing n of said message authentication codes.
Illustratively, a plurality of message authentication codes corresponding to a plurality of digest sub-blocks are connected to form a digital signature, and identification information of a signing party is added in the digital signature.
Further, the signing party entrusts a trusted party to complete the signing operation according to the message digest, the signature result and the key component sequence prestored by the key distributor associated with the signing party, and the signing operation comprises the following steps:
the signing party performs identity authentication with the trusted party based on a first symmetric key mechanism, and sends a first signing request to the trusted party after the identity authentication is passed, wherein the first signing request comprises the message digest and the signature result;
the trusted party determines a target key distributor associated with the signing party according to the signing party identification information in the signature result;
the trusted party performs identity authentication with the target key distributor based on a second symmetric key mechanism, and sends a second signature verification request to the target key distributor after the identity authentication is passed, wherein the second signature verification request comprises the message digest and the signature result;
according to the message digest, the signing party identification information in the signing result and the pre-stored key component sequence, the target key distributor calculates a verification signature according to the same operation mode as the signing party, and determines that the signature verification result is successful under the condition that the verification signature is consistent with the digital signature, otherwise determines that the signature verification result is failed;
The target key distributor encrypts the signature checking result based on the second symmetric key mechanism, sends the signature checking result after the first encryption to the trusted party, the trusted party decrypts the signature checking result after the first encryption based on the second symmetric key mechanism, encrypts the decrypted signature checking result based on the first symmetric key mechanism, and sends the signature checking result after the second encryption to the signature checking party, and the signature checking party decrypts the signature checking result after the second encryption based on the first symmetric key mechanism to obtain the signature checking result.
For example, the signature verifying party cannot verify the signature result by itself, but the trusted party is entrusted to find the target key distributor corresponding to the signature party and verify the signature result by the target key distributor. The target key distributor determines a self-stored key component sequence and a corresponding algorithm mode according to the identity of the signing party, processes the message to be signed and the key component sequence by using the same algorithm as the signing party to calculate a verification signature, compares the verification signature with the digital signature of the signature verifying party, if the verification signature is consistent with the digital signature of the signature verifying party, the verification result is successfully verified, and returns to the signature verifying party through a receiving party. The communication between the signature verifying party and the trusted party is based on a symmetric encryption algorithm, and the communication between the trusted party and the target key distributing party is also based on the symmetric encryption algorithm.
Fig. 4 is a schematic step diagram of a signature verification process provided in an embodiment of the present invention, and as shown in fig. 4, the method specifically includes the following steps:
(1) the signature direction sends a message to be signed and a signature result to the signature verifier;
(2) the signature checking party and the trusted party complete identity authentication through the symmetric key, initiate a signature checking request to the trusted party, and send a message digest to be signed and a signature result;
(3) the receiver inquires a target key distribution party to which the receiver belongs through the ID of the signer, and determines a KDC instance of the key distribution center;
(4) the trusted party and the target key distributor complete identity authentication through the symmetric key, initiate a signature checking request to the target key distributor, and send a message digest to be signed and a signature result;
(5) the target secret key distributor verifies the signature result by using the same algorithm as the signature party, encrypts the signature verification result and returns the encrypted signature verification result to the trusted party;
(6) the trusted party decrypts the signature verification result and returns the signature verification result to the signature verifier through the encryption of the symmetric key between the trusted party and the signature verifier.
Through one or more of the above embodiments in the present invention, at least the following technical effects can be achieved:
in the technical scheme disclosed by the invention, a key distributor presets a basic key on terminal equipment and generates a key component sequence, and determines a signature key component corresponding to the key component sequence according to a digest sub-block of a message digest of a message to be signed. The method and the device can adjust the length of the key and the randomness of use according to application requirements, and increase the flexibility of signature and signature verification.
In the scheme, the signature generating process and the signature verifying process are based on the symmetric key, a signature public key is not involved, and any associated information is not required to be published. The symmetric password solves the problems of identity authentication and message transmission among the signature checking party, the trusted party and the key distribution party, and does not relate to a mathematical function which is depended by a public key and a private key and is easy to attack by a quantum. Therefore, the method solves the problem of quantum threat faced by public and private keys in the prior art, is a quantum-safe signature method, and has long-term safety.
Fig. 5 is a flowchart of steps of a signature and signature verification method for a signer according to an embodiment of the present invention, and according to a second aspect of the present invention, based on the same inventive concept as the signature and signature verification method according to the embodiment of the present invention, the present invention further provides a signature and signature verification method for the signer, as shown in fig. 5, where the method includes:
step 201: receiving a base key sent by a key distributor associated with the signing party, cutting the base key into a plurality of signing key components, and pre-storing the plurality of signing key components in a key component sequence;
Step 202: when a signature is carried out on a message to be signed, a digital signature aiming at the message to be signed is calculated based on a pre-stored key component sequence, a signature result is generated based on the digital signature and identification information of a signing party, the message to be signed and the signature result are sent to a signature verifying party, so that the signature verifying party is triggered to calculate a message digest of the message to be signed based on a preset hash operation mode, and a trusted party is entrusted to generate and pre-store the key component sequence according to the message digest, the signature result and a key distributing party associated with the signing party in the same mode as that of the signing party to complete signature verification operation.
Other aspects and implementation details of the signature and signature verification method are the same as or similar to those of the authentication and key agreement method described above, and are not repeated herein.
Fig. 6 is a flowchart of steps of a signature and signature verification method for a signer according to an embodiment of the present invention, and according to a third aspect of the present invention, based on the same inventive concept as the signature and signature verification method according to the embodiment of the present invention, the present invention further provides a signature and signature verification method for the signer, as shown in fig. 6, where the method includes:
Step 301: receiving a message to be signed and a signature result sent by a signer, and calculating a message digest of the message to be signed based on a preset hash operation mode;
step 302: identity authentication is carried out with a trusted party based on a symmetric key mechanism, and a signature verification request is sent to the trusted party after the identity authentication is passed so as to delegate the trusted party to complete signature verification operation according to the message digest, the signature result and a key component sequence prestored by a key distributor associated with a signature party, wherein the signature verification request comprises the message digest and the signature result;
step 303: and receiving a signature verification result returned by the trusted party and encrypted by the symmetric key mechanism.
Other aspects and implementation details of the signature and signature verification method are the same as or similar to those of the authentication and key agreement method described above, and are not described herein again.
Fig. 7 is a flowchart of steps of a signature and signature verification method for a recipient according to an embodiment of the present invention, and according to a fourth aspect of the present invention, based on the same inventive concept as that of the signature and signature verification method according to the embodiment of the present invention, the present invention further provides a signature and signature verification method for a recipient associated with a signature verifier, as shown in fig. 7, where the method includes:
Step 401: the method comprises the steps that identity authentication is conducted on the basis of a first symmetric key mechanism and a signature verification party, and a first signature verification request sent by the signature verification party is received after the identity authentication is passed, wherein the first signature verification request comprises a signature result generated by a signature party aiming at a message to be signed and a message digest obtained after the signature verification party calculates the message to be signed based on a preset hash operation mode;
step 402: determining a target key distributor associated with the signing party according to the signing result;
step 403: performing identity authentication with the target key distributor based on a second symmetric key mechanism, and sending a second signature verification request to the target key distributor after the identity authentication is passed, wherein the second signature verification request comprises the message digest and the signature result, so as to trigger the target key distributor to calculate a verification signature according to the message digest, the signature result and a prestored key component sequence which is the same as the prestored key component sequence in the signature party, and determine and return a signature verification result encrypted based on the second symmetric key mechanism according to the verification signature;
step 404: and decrypting the encrypted signature verification result based on the second symmetric key mechanism, secondarily encrypting the decrypted signature verification result based on the first symmetric key mechanism, and sending the secondarily encrypted signature verification result to the signature verification party.
Other aspects and implementation details of the signature and signature verification method are the same as or similar to those of the authentication and key agreement method described above, and are not repeated herein.
Fig. 8 is a flowchart of steps of a signature and verification method for a key distributor according to an embodiment of the present invention, and based on the same inventive concept as that of the signature and verification method according to the embodiment of the present invention, according to a fifth aspect of the present invention, the present invention further provides a signature and verification method for a key distributor associated with a signing party, as shown in fig. 8, where the method includes:
step 501: generating a basic key and presetting the basic key at the signer, and triggering the signer to cut the basic key into a plurality of signature key components and pre-store the signature key components in a key component sequence;
step 502: cutting the base key into a plurality of signing key components in the same way as the signing party, and pre-storing the plurality of signing key components in a key component sequence;
step 503: receiving a signature result obtained by a signature party which is sent by a signature party associated with the signature party through a receiver and carries out signature operation on a message to be signed by the signature party based on the prestored key component sequence and a message digest obtained by the signature party after the signature party carries out calculation on the message to be signed based on a preset hash operation mode;
Step 504: and calculating a verification signature according to the message digest, the signature result and the pre-stored key component sequence, and determining and feeding back a signature verification result according to a comparison result of the verification signature and a digital signature calculated by the signer carried in the signature result.
Other aspects and implementation details of the signature and signature verification method are the same as or similar to those of the authentication and key agreement method described above, and are not repeated herein.
Fig. 9 is a schematic structural diagram of a signature apparatus according to an embodiment of the present invention, and according to a sixth aspect of the present invention, based on the same inventive concept as that of a signature and signature verification method according to an embodiment of the present invention, the present invention further provides a signature apparatus, as shown in fig. 9, where the signature apparatus includes:
a key component sequence generating unit 601, configured to receive a base key sent by a key distributor associated with a signing party, cut the base key into a plurality of signing key components, and pre-store the plurality of signing key components in a key component sequence;
the signature unit 602 is configured to, when signing a message to be signed, calculate a digital signature for the message to be signed based on a pre-stored key component sequence, generate a signature result based on the digital signature and identification information of a signer, send the message to be signed and the signature result to a signer, trigger the signer to calculate a message digest of the message to be signed based on a preset hash operation manner, and delegate a trusted party to generate and pre-store the key component sequence in the same manner as the signer according to the message digest, the signature result, and a key distributor associated with the signer.
Fig. 10 is a schematic structural diagram of a signature verifying apparatus according to an embodiment of the present invention, and according to a seventh aspect of the present invention, based on the same inventive concept as that of a signature and signature verifying method according to an embodiment of the present invention, the present invention further provides a signature verifying apparatus, as shown in fig. 10, where the signature verifying apparatus includes:
a message digest generation unit 701, configured to receive a message to be signed and a signature result sent by a signer, and calculate a message digest of the message to be signed based on a preset hash operation manner;
a signature verification request sending unit 702, configured to perform identity authentication with a trusted party based on a symmetric key mechanism, and send a signature verification request to the trusted party after the identity authentication passes, so as to delegate the trusted party to complete a signature verification operation according to the message digest, the signature result, and a key component sequence pre-stored by a key distributor associated with a signing party, where the signature verification request includes the message digest and the signature result;
and an endorsement result receiving unit 703, configured to receive the endorsement result returned by the trusted party and encrypted by the symmetric key mechanism.
Fig. 11 is a schematic structural diagram of a trusted device according to an embodiment of the present invention, and according to an eighth aspect of the present invention, based on the same inventive concept as the signature and signature verification method according to the embodiment of the present invention, the present invention further provides a trusted device, where the trusted device is associated with a signature verifier, as shown in fig. 11, where the trusted device includes:
A signature verification request receiving unit 801, configured to perform identity authentication with the signature verifier based on a first symmetric key mechanism, and receive a first signature verification request sent by the signature verifier after the identity authentication passes, where the first signature verification request includes a signature result generated by a signature party for a message to be signed and a message digest obtained by the signature verifier by calculating the message to be signed based on a preset hash operation manner;
a target key distributor determining unit 802, configured to determine a target key distributor associated with the signing party according to the signature result;
a signature verification unit 803, configured to perform identity authentication with the target key distributor based on a second symmetric key mechanism, and send a second signature verification request to the target key distributor after the identity authentication passes, where the second signature verification request includes the message digest and the signature result, so as to trigger the target key distributor to calculate a verification signature according to the message digest, the signature result, and a pre-stored key component sequence that is the same as a pre-stored key component sequence in the signature party, and determine and return a signature verification result encrypted based on the second symmetric key mechanism according to the verification signature;
And the result feedback unit 804 is configured to decrypt the encrypted signature verification result based on the second symmetric key mechanism, perform secondary encryption on the decrypted signature verification result based on the first symmetric key mechanism, and send the twice-encrypted signature verification result to the signature verifier.
Fig. 12 is a schematic structural diagram of a key distribution apparatus according to an embodiment of the present invention, and according to a ninth aspect of the present invention, based on the same inventive concept as that of a signature and signature verification method according to an embodiment of the present invention, the present invention further provides a key distribution apparatus, where the key distribution apparatus is associated with a signing party, as shown in fig. 12, where the key distribution apparatus includes:
a key component sequence generating unit 901, configured to generate a base key and preset the base key at the signer, and trigger the signer to cut the base key into a plurality of signature key components and pre-store the plurality of signature key components in a key component sequence, while cutting the base key into a plurality of signature key components in the same manner as the signer and pre-storing the plurality of signature key components in a key component sequence;
A receiving unit 902, configured to receive a signature result obtained by performing a signature operation on a message to be signed by a signer associated with the signer and sent by a receiver based on a pre-stored key component sequence, and a message digest obtained by calculating the message to be signed by the signer based on a preset hash operation manner;
and the signature verification unit 903 is configured to calculate a verification signature according to the message digest, the signature result, and the pre-stored key component sequence, and determine and feed back a signature verification result according to a comparison result between the verification signature and a digital signature calculated by the signer and carried in the signature result.
According to another aspect of the present invention, there is also provided a storage medium having stored therein a plurality of instructions adapted to be loaded by a processor to perform any of the signature and signature verification methods described above.
In summary, although the present invention has been described with reference to the preferred embodiments, the above-described preferred embodiments are not intended to limit the present invention, and those skilled in the art can make various changes and modifications without departing from the spirit and scope of the present invention, therefore, the scope of the present invention shall be determined by the appended claims.
Claims (18)
1. A method of signing and verifying, the method comprising:
a key distributor associated with a signer generates a base key and prepends the base key at the signer, the signer and the key distributor associated with the signer cut the base key into a plurality of signing key components in the same way, and pre-store the plurality of signing key components in a sequence of key components each;
when the signing party signs a message to be signed, the signing party calculates a digital signature aiming at the message to be signed based on the prestored secret key component sequence, generates a signature result based on the digital signature and the identification information of the signing party, and sends the message to be signed and the signature result to a signature verifying party;
the signature verifying party calculates the message digest of the message to be signed based on a preset hash operation mode;
and the verifying party entrusts a trusted party to complete the verifying operation according to the message digest, the signature result and the key component sequence prestored by the key distributor associated with the signing party.
2. The method of claim 1, wherein the signer computes a digital signature for the message to be signed based on a pre-stored sequence of the key components and generates a signature result based on the digital signature and identification information of the signer, and sending the message to be signed and the signature result to a signer comprises:
The signing party calculates the message digest corresponding to the message to be signed based on the preset hash operation mode, blocks the message digest to obtain a plurality of digest sub-blocks, and determines the key component index corresponding to each digest sub-block according to a preset mapping mode;
the signer calculates the message authentication code corresponding to each abstract subblock according to the key component index corresponding to each abstract subblock, determines the digital signature corresponding to the message to be signed based on the message authentication codes corresponding to the abstract subblocks, generates a signature result based on the digital signature and the identification information of the signer, and sends the message to be signed and the signature result to the signature verifier.
3. The method as claimed in claim 2, wherein the determining the key component index corresponding to each of the digest sub-blocks according to a predetermined mapping manner comprises:
and for each digest sub-block, calculating the key component index corresponding to the digest sub-block according to the value of the digest sub-block, the total number of signature key components in the key component sequence and the bit length of the digest sub-block.
4. The method of claim 3, wherein for each of the digest sub-blocks, calculating the key component index corresponding to the digest sub-block according to the value of the digest sub-block, the total number of signature key components in the key component sequence, and the bit length of the digest sub-block comprises:
for each digest sub-block, obtaining a key component index corresponding to the digest sub-block according to the following formula:
wherein seq represents the key component index corresponding to the digest sub-block, the RoundDown function represents rounding towards the direction of decreasing absolute value,representing the value of the digest sub-block, N representing the total number of signature key components in the sequence of key components, and M representing the bit length of the digest sub-block.
5. The method as claimed in claim 4, wherein said calculating, by said signer, the message authentication code corresponding to each of said digest sub-blocks according to the key component index corresponding to each of said digest sub-blocks comprises:
for each digest subblock, determining a target signature key component in the signature key component sequence according to the key component index corresponding to the digest subblock, wherein the sequence number of the target signature key component in the signature key component sequence is determined according to the value of the key component index corresponding to the digest subblock;
And calculating the target signature key component and the value of the digest sub-block according to a preset encryption mode based on Hash operation to obtain the message authentication code corresponding to the digest sub-block.
6. The method as claimed in claim 5, wherein the calculating the target signing key component and the value of the digest sub-block according to a predetermined encryption method based on hash operation to obtain the message authentication code corresponding to the digest sub-block comprises:
for each abstract sub-block, calculating the message authentication code corresponding to the abstract sub-block according to the following formula:
wherein, the first and the second end of the pipe are connected with each other,represents the message authentication code corresponding to the digest sub-block, HMAC () represents the operation function corresponding to the preset encryption method based on hash operation,the value of the sub-block of the digest is represented,representing the target signature key component corresponding to the digest sub-block.
7. The method of claim 6, wherein the determining the digital signature corresponding to the message to be signed based on the message authentication codes corresponding to the plurality of digest sub-blocks comprises:
and calculating a digital signature corresponding to the message to be signed based on the preset hash operation mode and the plurality of message authentication codes corresponding to the plurality of digest sub-blocks.
8. The method as claimed in claim 7, wherein said calculating the digital signature corresponding to the message to be signed based on the predetermined hash operation and the plurality of message authentication codes corresponding to the plurality of digest sub-blocks comprises:
calculating the digital signature based on:
wherein Sign represents the digital signature, SM3() Representing the operation function corresponding to the preset hash operation mode,the operator indicates that two or more character strings are concatenated together to obtain one character string, the ID indicates identification information of the signer,representing n of said message authentication codes.
9. The method of claim 1, wherein the signer delegating a trusted party to perform a signature verification operation based on the message digest, the signature result, and the sequence of key components pre-stored by the key distributor associated with the signing party comprises:
the signing party performs identity authentication with the trusted party based on a first symmetric key mechanism, and sends a first signing request to the trusted party after the identity authentication is passed, wherein the first signing request comprises the message digest and the signature result;
the trusted party determines a target key distributor associated with the signing party according to the signing party identification information in the signature result;
The trusted party performs identity authentication with the target key distributor based on a second symmetric key mechanism, and sends a second signature verification request to the target key distributor after the identity authentication is passed, wherein the second signature verification request comprises the message digest and the signature result;
according to the message digest, the signing party identification information in the signing result and the pre-stored key component sequence, the target key distributor calculates a verification signature according to the same operation mode as the signing party, and determines that the signature verification result is successful under the condition that the verification signature is consistent with the digital signature, otherwise determines that the signature verification result is failed;
the target key distributor encrypts the signature verification result based on the second symmetric key mechanism, sends the signature verification result after the first encryption to the trusted party, the trusted party decrypts the signature verification result after the first encryption based on the second symmetric key mechanism, encrypts the decrypted signature verification result based on the first symmetric key mechanism, and sends the signature verification result after the second encryption to the signature verification party, and the signature verification party decrypts the signature verification result after the second encryption based on the first symmetric key mechanism to obtain the signature verification result.
10. A signature and signature verification method for a signer, the method comprising:
receiving a base key sent by a key distributor associated with the signing party, cutting the base key into a plurality of signing key components, and pre-storing the plurality of signing key components in a key component sequence;
when a signature is carried out on a message to be signed, a digital signature aiming at the message to be signed is calculated based on a pre-stored key component sequence, a signature result is generated based on the digital signature and identification information of a signing party, the message to be signed and the signature result are sent to a signature verifying party, so that the signature verifying party is triggered to calculate a message digest of the message to be signed based on a preset hash operation mode, and a trusted party is entrusted to generate and pre-store the key component sequence according to the message digest, the signature result and a key distributing party associated with the signing party in the same mode as that of the signing party to complete signature verification operation.
11. A signature and signature verification method is used for a signature verifier, and is characterized by comprising the following steps:
receiving a message to be signed and a signature result sent by a signer, and calculating a message digest of the message to be signed based on a preset hash operation mode;
Performing identity authentication with a trusted party based on a symmetric key mechanism, and sending a signature verification request to the trusted party after the identity authentication is passed so as to delegate the trusted party to complete signature verification operation according to the message digest, the signature result and a key component sequence prestored by a key distributor associated with a signature party, wherein the signature verification request comprises the message digest and the signature result;
and receiving a signature verification result returned by the trusted party and encrypted by the symmetric key mechanism.
12. A signature and signature verification method for a trusted party associated with a signature verifier, the method comprising:
the method comprises the steps that identity authentication is conducted on the basis of a first symmetric key mechanism and a signature verification party, and a first signature verification request sent by the signature verification party is received after the identity authentication is passed, wherein the first signature verification request comprises a signature result generated by a signature party aiming at a message to be signed and a message digest obtained after the signature verification party calculates the message to be signed based on a preset hash operation mode;
determining a target key distributor associated with the signing party according to the signing result;
performing identity authentication with the target key distributor based on a second symmetric key mechanism, and sending a second signature verification request to the target key distributor after the identity authentication is passed, wherein the second signature verification request comprises the message digest and the signature result, so as to trigger the target key distributor to calculate a verification signature according to the message digest, the signature result and a prestored key component sequence which is the same as the prestored key component sequence in the signature party, and determine and return a signature verification result encrypted based on the second symmetric key mechanism according to the verification signature;
And decrypting the encrypted signature verification result based on the second symmetric key mechanism, secondarily encrypting the decrypted signature verification result based on the first symmetric key mechanism, and sending the secondarily encrypted signature verification result to the signature verification party.
13. A signing and signature verification method for a key distributor associated with a signing party, the method comprising:
generating a basic key and presetting the basic key at the signer, and triggering the signer to cut the basic key into a plurality of signature key components and prestore the signature key components in a key component sequence;
cutting the base key into a plurality of signing key components in the same way as the signing party, and pre-storing the plurality of signing key components in a key component sequence;
receiving a signature result obtained by a signature party which is sent by a signature party associated with the signature party through a receiver and carries out signature operation on a message to be signed by the signature party based on the prestored key component sequence and a message digest obtained by the signature party after the signature party carries out calculation on the message to be signed based on a preset hash operation mode;
And calculating a verification signature according to the message digest, the signature result and the pre-stored key component sequence, and determining and feeding back a signature verification result according to a comparison result of the verification signature and a digital signature calculated by the signature party carried in the signature result.
14. A signature apparatus, characterized in that the signature apparatus comprises:
a key component sequence generating unit, which is used for receiving a basic key sent by a key distributor associated with a signing party, cutting the basic key into a plurality of signing key components and pre-storing the plurality of signing key components in a key component sequence mode;
the signature unit is used for calculating a digital signature aiming at a message to be signed based on a prestored secret key component sequence when the message to be signed is signed, generating a signature result based on the digital signature and identification information of a signing party, sending the message to be signed and the signature result to a signature checking party, triggering the signature checking party to calculate a message digest of the message to be signed based on a preset hash operation mode and entrusting a trusted party to generate and prestore the secret key component sequence in the same mode as that of the signing party according to the message digest, the signature result and a secret key distributing party associated with the signing party to complete signature checking operation.
15. An identification device, characterized in that, the identification device includes:
the message digest generation unit is used for receiving the message to be signed and the signature result sent by the signer and calculating the message digest of the message to be signed based on a preset hash operation mode;
the signature verification request sending unit is used for carrying out identity authentication with a trusted party based on a symmetric key mechanism and sending a signature verification request to the trusted party after the identity authentication is passed so as to entrust the trusted party to complete signature verification operation according to the message digest, the signature result and a key component sequence prestored by a key distributor associated with a signing party, wherein the signature verification request comprises the message digest and the signature result;
and the signature verification result receiving unit is used for receiving the signature verification result returned by the receiver after being encrypted by the symmetric key mechanism.
16. A trusted device, said trusted device associated with a signatory, said trusted device comprising:
the signature verification request receiving unit is used for performing identity authentication with the signature verification party based on a first symmetric key mechanism and receiving a first signature verification request sent by the signature verification party after the identity authentication is passed, wherein the first signature verification request comprises a signature result generated by a signature party aiming at a message to be signed and a message digest obtained by the signature verification party after the signature verification party calculates the message to be signed based on a preset hash operation mode;
The target key distributor determining unit is used for determining a target key distributor associated with the signing party according to the signing result;
the signature verification unit is used for performing identity authentication with the target key distributor based on a second symmetric key mechanism and sending a second signature verification request to the target key distributor after the identity authentication is passed, wherein the second signature verification request comprises the message digest and the signature result so as to trigger the target key distributor to calculate a verification signature according to the message digest, the signature result and a prestored key component sequence which is the same as the prestored key component sequence in the signature party and determine and return a signature verification result encrypted based on the second symmetric key mechanism according to the verification signature;
and the result feedback unit is used for decrypting the encrypted signature verification result based on the second symmetric key mechanism, carrying out secondary encryption on the decrypted signature verification result based on the first symmetric key mechanism, and sending the signature verification result subjected to secondary encryption to the signature verification party.
17. A key distribution apparatus associated with a signer, the key distribution apparatus comprising:
A key component sequence generating unit for generating a base key and prepending the base key at the signer, and triggering the signer to cut the base key into a plurality of signature key components and to pre-store the plurality of signature key components in a key component sequence, while cutting the base key into a plurality of signature key components in the same manner as the signer and pre-storing the plurality of signature key components in a key component sequence;
the receiving unit is used for receiving a signature result obtained by performing signature operation on a message to be signed by a signer through a pre-stored secret key component sequence by the signer associated with the signer and based on the pre-stored secret key component sequence, and a message digest obtained by calculating the message to be signed by the signer based on a preset hash operation mode;
and the signature verification unit is used for calculating a verification signature according to the message digest, the signature result and the prestored key component sequence, and determining and feeding back a signature verification result according to a comparison result of the verification signature and a digital signature calculated by the signer carried in the signature result.
18. A storage medium having stored therein a plurality of instructions adapted to be loaded by a processor to perform the method of any one of claims 10-13.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210660256.XA CN114760072B (en) | 2022-06-13 | 2022-06-13 | Signature and signature verification method, device and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210660256.XA CN114760072B (en) | 2022-06-13 | 2022-06-13 | Signature and signature verification method, device and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114760072A true CN114760072A (en) | 2022-07-15 |
CN114760072B CN114760072B (en) | 2022-09-02 |
Family
ID=82336502
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210660256.XA Active CN114760072B (en) | 2022-06-13 | 2022-06-13 | Signature and signature verification method, device and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114760072B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117094012A (en) * | 2023-08-21 | 2023-11-21 | 中胜信用管理有限公司 | Intelligent verification method and system for electronic authorization order |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019047418A1 (en) * | 2017-09-05 | 2019-03-14 | 深圳奥联信息安全技术有限公司 | Digital signature method, device and system |
CN109818747A (en) * | 2018-12-28 | 2019-05-28 | 苏州科达科技股份有限公司 | Digital signature method and device |
CN111404696A (en) * | 2020-03-31 | 2020-07-10 | 中国建设银行股份有限公司 | Collaborative signature method, security service middleware, related platform and system |
CN112906056A (en) * | 2021-03-17 | 2021-06-04 | 广东工业大学 | Cloud storage key security management method based on block chain |
CN113381856A (en) * | 2021-07-07 | 2021-09-10 | 北京明朝万达科技股份有限公司 | Digital signature and signature verification method, system, device and storage medium |
CN113573304A (en) * | 2020-04-28 | 2021-10-29 | 刘琦 | Signature realization method, signature verification method, signature terminal, signature verification terminal and storage medium |
CN114374523A (en) * | 2022-03-23 | 2022-04-19 | 南京易科腾信息技术有限公司 | Signature verification method and device and storage medium |
-
2022
- 2022-06-13 CN CN202210660256.XA patent/CN114760072B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019047418A1 (en) * | 2017-09-05 | 2019-03-14 | 深圳奥联信息安全技术有限公司 | Digital signature method, device and system |
CN109818747A (en) * | 2018-12-28 | 2019-05-28 | 苏州科达科技股份有限公司 | Digital signature method and device |
CN111404696A (en) * | 2020-03-31 | 2020-07-10 | 中国建设银行股份有限公司 | Collaborative signature method, security service middleware, related platform and system |
CN113573304A (en) * | 2020-04-28 | 2021-10-29 | 刘琦 | Signature realization method, signature verification method, signature terminal, signature verification terminal and storage medium |
CN112906056A (en) * | 2021-03-17 | 2021-06-04 | 广东工业大学 | Cloud storage key security management method based on block chain |
CN113381856A (en) * | 2021-07-07 | 2021-09-10 | 北京明朝万达科技股份有限公司 | Digital signature and signature verification method, system, device and storage medium |
CN114374523A (en) * | 2022-03-23 | 2022-04-19 | 南京易科腾信息技术有限公司 | Signature verification method and device and storage medium |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117094012A (en) * | 2023-08-21 | 2023-11-21 | 中胜信用管理有限公司 | Intelligent verification method and system for electronic authorization order |
CN117094012B (en) * | 2023-08-21 | 2024-04-30 | 中胜信用管理有限公司 | Intelligent verification method and system for electronic authorization order |
Also Published As
Publication number | Publication date |
---|---|
CN114760072B (en) | 2022-09-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110213042B (en) | Cloud data deduplication method based on certificate-free proxy re-encryption | |
US9800416B2 (en) | Distributed validation of digitally signed electronic documents | |
CN111314089B (en) | SM 2-based two-party collaborative signature method and decryption method | |
CN113364576B (en) | Data encryption evidence storing and sharing method based on block chain | |
Mironov | Hash functions: Theory, attacks, and applications | |
US6868160B1 (en) | System and method for providing secure sharing of electronic data | |
CN114730420A (en) | System and method for generating signatures | |
US20030126085A1 (en) | Dynamic authentication of electronic messages using a reference to a certificate | |
JPH10510692A (en) | Computer assisted exchange method of encryption key between user computer unit U and network computer unit N | |
WO2020065633A1 (en) | Method, user device, management device, storage medium and computer program product for key management | |
CN114726546B (en) | Digital identity authentication method, device, equipment and storage medium | |
CN112003707A (en) | Quantum computation attack resistant block chain digital signature encryption method and system | |
WO2012147001A1 (en) | Data encryption | |
CN114760072B (en) | Signature and signature verification method, device and storage medium | |
Kumar et al. | An efficient implementation of digital signature algorithm with SRNN public key cryptography | |
CN116318784B (en) | Identity authentication method, identity authentication device, computer equipment and storage medium | |
CN113656818B (en) | Trusted-free third party cloud storage ciphertext deduplication method and system meeting semantic security | |
CN116318654A (en) | SM2 algorithm collaborative signature system, method and equipment integrating quantum key distribution | |
JP2006319485A (en) | Signature device, signature encryption device, verification device, decoding device, restoration device, information providing device, communication system, signature method, signature encryption method, and verification method | |
Kanagamani et al. | Zero knowledge based data deduplication using in-line Block Matching protocolfor secure cloud storage | |
Abbdal et al. | Secure third party auditor for ensuring data integrity in cloud storage | |
WO2005018138A1 (en) | Generation and validation of diffie-hellman digital signatures | |
CN111723405A (en) | Decentralized multiple digital signature/electronic signature method | |
Rogobete et al. | Hashing and Message Authentication Code Implementation. An Embedded Approach. | |
KR100525124B1 (en) | Method for Verifying Digitally Signed Documents |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |