CN114978536A - Multi-party combined signature method and system based on SM2 algorithm - Google Patents

Multi-party combined signature method and system based on SM2 algorithm Download PDF

Info

Publication number
CN114978536A
CN114978536A CN202210530903.5A CN202210530903A CN114978536A CN 114978536 A CN114978536 A CN 114978536A CN 202210530903 A CN202210530903 A CN 202210530903A CN 114978536 A CN114978536 A CN 114978536A
Authority
CN
China
Prior art keywords
communication party
sub
signature value
parameter
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210530903.5A
Other languages
Chinese (zh)
Other versions
CN114978536B (en
Inventor
吴艳
谢芳炎
林良梁
叶友校
王文春
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Kinsec Co ltd
Original Assignee
Fujian Kinsec Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Kinsec Co ltd filed Critical Fujian Kinsec Co ltd
Priority to CN202210530903.5A priority Critical patent/CN114978536B/en
Publication of CN114978536A publication Critical patent/CN114978536A/en
Application granted granted Critical
Publication of CN114978536B publication Critical patent/CN114978536B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves

Abstract

The invention discloses a multi-party combined signature method and a system based on SM2 algorithm.A first communication party generates a first sub-key pair, and a second communication party generates a second sub-key pair; the first communication party signs the received message to be signed to obtain a signature value and sends the signature value to the second communication party; the second communication party verifies the signature value according to the first sub-secret key pair to obtain a first verification result, the message to be signed is operated according to the second sub-secret key pair based on the first verification result to obtain a partial signature value parameter, and the partial signature value parameter is sent to the first communication party; the first communication party calculates a complete signature value according to the partial signature value parameter and the first sub-key pair, and obtains a combined signature result according to the complete signature value, so that the private key data of the user can be well hidden, the difficulty of obtaining the key by using an attack means is improved, and the security of the key can be effectively improved.

Description

Multi-party combined signature method and system based on SM2 algorithm
Technical Field
The invention relates to the technical field of information security, in particular to a multi-party combined signature method and system based on SM2 algorithm.
Background
In the initial stage of Certificate application, each CA (Certificate Authority) commonly uses a USB key as a Certificate storage medium. The user signature private key is generated in the key, the signature private key cannot be derived from the key, signature operation is carried out in the key, and the measures ensure the safety of generation, storage and use of the signature private key.
In recent years, the application of the certificate of the mobile terminal is rapidly developed, the mobile terminal generally does not have a USB interface directly, and currently, the SD/TF card, the audio key, the bluetooth key, the NFC (Near Field Communication) card and the file mode are commonly used to store the digital certificate, or the signature and decryption services provided by the cloud are used, and the currently commonly used single SM2 algorithm has the following risks:
(1) key generation security risk: when the key pair is generated, a complete key appears, and an attacker can acquire the key through memory detection and other means;
(2) key storage security risk: the private key is stored in a plaintext mode, a segmented mode and the like, and an attacker can read or copy the private key of the user through trojans and the like;
(3) and (4) secret key operation security risk: when the private key is used for data signing and decryption operation, the private key is operated in a complete key mode, and an attacker can acquire the private key through means such as memory detection.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: the multi-party combined signature method and system based on the SM2 algorithm can effectively improve the security of the secret key.
In order to solve the technical problem, the invention adopts a technical scheme that:
a multi-party joint signature method based on SM2 algorithm includes steps:
the first communication party generates a first sub-key pair, and the second communication party generates a second sub-key pair;
the first communication party signs the received message to be signed to obtain a signature value and sends the signature value to the second communication party;
the second communication party verifies the signature value according to the first sub-secret key pair to obtain a first verification result, the message to be signed is operated according to the second sub-secret key pair based on the first verification result to obtain a partial signature value parameter, and the partial signature value parameter is sent to the first communication party;
and the first communication party calculates a complete signature value according to the partial signature value parameter and the first sub-key pair, and obtains a joint signature result according to the complete signature value.
In order to solve the technical problem, the invention adopts another technical scheme as follows:
a multi-party federated signature system based on the SM2 algorithm, comprising a first communication party and a second communication party, the first communication party comprising a first memory, a first processor and a first computer program stored on the first memory and executable on the first processor, the second communication party comprising a second memory, a second processor and a second computer program stored on the second memory and executable on the second processor, the first processor implementing the following steps when executing the first computer program:
the first communication party generates a first sub-key pair, and the second communication party generates a second sub-key pair;
the first communication party signs the received message to be signed to obtain a signature value and sends the signature value to the second communication party;
the second processor, when executing the second computer program, implements the steps of:
the second communication party verifies the signature value according to the first sub-secret key pair to obtain a first verification result, the message to be signed is operated according to the second sub-secret key pair based on the first verification result to obtain a partial signature value parameter, and the partial signature value parameter is sent to the first communication party;
the first processor, when executing the first computer program, implements the steps of:
and the first communication party calculates a complete signature value according to the partial signature value parameter and the first sub-key pair, and obtains a joint signature result according to the complete signature value.
The invention has the beneficial effects that: the first communication party and the second communication party respectively generate sub-key pairs, the sub-key pairs respectively store the sub-key pairs, the complete private key does not exist in any party, during signature operation, the first communication party signs a received message to be signed and sends a signature value to the second communication party, the second communication party verifies the signature value according to the first sub-key pair to obtain a first verification result, the message to be signed is operated according to the second sub-key based on the first verification result to obtain a partial signature value parameter, the first communication party calculates a complete signature value according to the partial signature value parameter and the first sub-key pair and obtains a combined signature result according to the complete signature value, namely, the two parties use the sub-key pairs to operate and exchange parameters, and finally, the complete signature value is calculated in one party, and the private key does not completely appear even in the process of signature operation, the method can well hide the private key data of the user, improves the difficulty of obtaining the secret key by using an attack means, and thus can effectively improve the security of the secret key.
Drawings
FIG. 1 is a flowchart illustrating the steps of a multi-party joint signature method based on SM2 algorithm according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a multi-party joint signature system based on the SM2 algorithm according to an embodiment of the present invention.
Detailed Description
In order to explain technical contents, achieved objects, and effects of the present invention in detail, the following description is made with reference to the accompanying drawings in combination with the embodiments.
Referring to fig. 1, an embodiment of the present invention provides a multi-party joint signature method based on SM2 algorithm, including the steps of:
the first communication party generates a first sub-key pair, and the second communication party generates a second sub-key pair;
the first communication party signs the received message to be signed to obtain a signature value and sends the signature value to the second communication party;
the second communication party verifies the signature value according to the first sub-secret key pair to obtain a first verification result, the message to be signed is operated according to the second sub-secret key pair based on the first verification result to obtain a partial signature value parameter, and the partial signature value parameter is sent to the first communication party;
and the first communication party calculates a complete signature value according to the partial signature value parameter and the first sub-key pair, and obtains a joint signature result according to the complete signature value.
From the above description, the beneficial effects of the present invention are: the first communication party and the second communication party respectively generate sub-key pairs, the sub-key pairs respectively store the sub-key pairs, the complete private key does not exist in any party, during signature operation, the first communication party signs a received message to be signed and sends a signature value to the second communication party, the second communication party verifies the signature value according to the first sub-key pair to obtain a first verification result, the message to be signed is operated according to the second sub-key based on the first verification result to obtain a partial signature value parameter, the first communication party calculates a complete signature value according to the partial signature value parameter and the first sub-key pair and obtains a combined signature result according to the complete signature value, namely, the two parties use the sub-key pairs to operate and exchange parameters, and finally, the complete signature value is calculated in one party, and the private key does not completely appear even in the process of signature operation, the method can well hide the private key data of the user, improves the difficulty of obtaining the secret key by using an attack means, and thus can effectively improve the security of the secret key.
Further, the first correspondent generating a first sub-key pair includes:
a first communication party generates a first random number and calculates a first sub private key according to the first random number;
the first communication party generates a first sub public key according to a base point of a preset elliptic curve and the first sub private key;
and the first communication party obtains a first sub-secret key pair according to the first sub-private key and the first sub-public key.
As can be seen from the above description, the first communication party generates its own sub-key pair, where neither the sub-private key nor the sub-public key is a complete key, and therefore, even if the sub-key pair of the first communication party is obtained, the sub-key pair cannot be used to perform corresponding encryption and decryption operations, so that the security of the key is improved, and further, the data security is improved.
Further, the obtaining, by the first communication party, a first sub-key pair according to the first sub-private key and the first sub-public key includes:
the first communication party calculates a first parameter according to the first random number and the base point and sends the first parameter to a second communication party;
the second correspondent generating a second sub-key pair comprises:
the second communication party generates a second random number and calculates a second sub-private key according to the second random number;
the second communication party generates a second sub public key according to the second sub private key and the base point;
the second communication party generates a second parameter according to the second random number and the base point, and generates a second public key according to the second random number, the first parameter and the second parameter;
the second communication party sends the second public key and the second parameter to the first communication party;
and the first communication party generates a first public key according to the first random number, the second parameter and the first parameter, judges whether the first public key is equal to the second public key or not, and determines that the generation of the secret key is successful if the first public key is equal to the second public key.
As can be seen from the above description, the first communication party sends the required parameters to the second communication party, the second communication party calculates the second sub-private key according to the second random number, and generates the second sub-public key according to the second sub-private key and the base point, so that the second communication party generates its own sub-key pair, and at the same time, calculates the complete public key using the first communication party parameters, and sends the required parameters and the complete public key to the first communication party, so that the first communication party compares the generated complete public key with the complete public key generated by the second communication party, thereby determining whether the key generation is successful, and thus ensuring that both parties can respectively store their own key pairs.
Further, the signing the received message to be signed by the first communication party to obtain a signature value, and sending the signature value to the second communication party includes:
the first communication party generates a third random number and generates a third parameter according to the third random number and the base point;
and the first communication party signs the received message to be signed according to the first sub private key to obtain a signature value, and sends the signature value and the third parameter to the second communication party.
It can be known from the above description that, when signing, the first communication party only sends the signature value and the corresponding parameter to the second communication party, so that the second communication party signs, thereby implementing joint signature and improving the security of the signature process.
Further, the obtaining, by the first communication party, a first sub-key pair according to the first sub-private key and the first sub-public key further includes:
the first communication party sends the first sub public key to the second communication party;
the second communication party verifies the signature value according to the first sub-key pair to obtain a first verification result, and the second communication party performs operation on the message to be signed according to the second sub-key pair based on the first verification result to obtain a partial signature value parameter, and sends the partial signature value parameter to the first communication party, including:
the second communication party verifies the signature value according to the first sub public key to obtain a first verification result;
the second communication party judges whether the first verification result is successful, if so, the second communication party generates a fourth random number and a fifth random number, and calculates a first elliptic curve point according to the fourth random number, the fifth random number, the third parameter, the first sub public key, the second sub private key and the base point, wherein the first elliptic curve point comprises a first coordinate;
and the second communication party calculates the message digest of the message to be signed, calculates the message to be signed according to the message digest, the first coordinate, the second sub-private key, the fourth random number and the fifth random number to obtain a partial signature value parameter, and sends the partial signature value parameter to the first communication party.
As can be seen from the above description, the second communication party calculates the message digest of the message to be signed, and operates the message to be signed according to the message digest, the first coordinate, the second sub-private key, the fourth random number, and the fifth random number, and sends the corresponding partial signature value parameter to the first communication party, so that the reliability of the signature is improved, and the subsequent first communication party can calculate the complete signature value.
Further, the operating the message to be signed according to the message digest, the first coordinate, the second sub-private key, the fourth random number, and the fifth random number to obtain a partial signature value parameter, and sending the partial signature value parameter to the first communication party includes:
the second communication party calculates a first partial signature value parameter according to the message digest and the first coordinate;
the second communication party judges whether the first part of signature value parameters are equal to a first preset value or not, if yes, the second communication party returns to the step of generating a fourth random number and a fifth random number, and if not, a second part of signature value parameters are calculated according to the second sub-private key and the fifth random number;
and calculating a third partial signature value parameter according to the second sub-private key, the fourth random number, the fifth random number and the first partial signature value parameter, and sending the first partial signature value parameter, the second partial signature value parameter and the third partial signature value parameter to the first communication party.
As can be seen from the above description, the second communication party calculates the first part of signature value parameters according to the message digest and the first coordinate, calculates the second part of signature value parameters according to the second sub-private key and the fifth random number when the first part of signature value parameters is not equal to the first preset value, calculates the third part of signature value parameters according to the second sub-private key, the fourth random number, the fifth random number and the first verification parameter, and sends the first part of signature value parameters, the second part of signature value parameters and the third part of signature value parameters to the first communication party, thereby improving the validity of the signature.
Further, the calculating, by the first communication party, a full signature value according to the partial signature value parameter and the first sub-key pair, and obtaining a joint signature result according to the full signature value includes:
and the first communication party calculates a complete signature value according to the partial signature value parameter, the third random number and the first sub-private key, judges whether the complete signature value is equal to a second preset value or not, returns to the step of executing the first communication party to generate the third random number if the complete signature value is equal to the second preset value, and determines that the joint signature is successful and obtains a joint signature result if the complete signature value is not equal to the second preset value.
As can be seen from the above description, the first correspondent calculates the complete signature value according to the partial signature value parameter, the third random number, and the first sub-private key, and determines that the joint signature is successful when the complete signature value is not equal to the second preset value, otherwise, performs the signature again, thereby implementing a safe and effective joint signature.
Further, the generating of the first sub-key pair by the first communication party and the generating of the second sub-key pair by the second communication party further include:
the first communication party acquires a ciphertext, wherein the ciphertext comprises a first ciphertext, a second ciphertext and a third ciphertext;
the first communication party signs the first ciphertext to obtain a second signature value, and sends the second signature value and the first ciphertext to the second communication party;
the second communication party verifies the second signature value to obtain a second verification result, calculates a fourth parameter according to the second sub private key and the first ciphertext based on the second verification result, and sends the fourth parameter to the first communication party;
and the first communication party decrypts the ciphertext according to the fourth parameter, the first sub private key and the first ciphertext to obtain a plaintext.
As can be seen from the above description, the first communication party signs the first ciphertext, and sends the obtained second signature value and the first ciphertext to the second communication party, the second communication party verifies the second signature value to obtain a second verification result, calculates a fourth parameter according to the second sub-private key and the first ciphertext based on the second verification result, and sends the fourth parameter to the first communication party, and the first communication party decrypts the ciphertext according to the fourth parameter, the first sub-private key, and the first ciphertext to obtain a plaintext, thereby implementing the joint decryption, and improving the security of the decryption process.
Further, the decrypting, by the first communication party, the ciphertext according to the fourth parameter, the first sub-private key, and the first ciphertext to obtain a plaintext includes:
the first communication party calculates a second elliptic curve point according to the fourth parameter, the first sub private key and the first ciphertext, wherein the second elliptic curve point comprises a third coordinate and a fourth coordinate;
the first communication party acquires the bit length of the second ciphertext and calculates a fifth parameter according to the third coordinate, the fourth coordinate and the bit length;
the first communication party calculates a plaintext according to the fifth parameter and the second ciphertext, and calculates a sixth parameter according to the third coordinate, the fourth coordinate and the plaintext;
and the first communication party judges whether the sixth parameter is equal to the third ciphertext, and if so, outputs the plaintext.
As can be seen from the above description, the first communication party performs decryption by using the parameters sent by the second communication party in combination with the key stored by the first communication party, so that the validity of the joint decryption is ensured, and the data security is improved.
Referring to fig. 2, another embodiment of the present invention provides a multi-party joint signature system based on SM2 algorithm, including a first communication party and a second communication party, where the first communication party includes a first memory, a first processor and a first computer program stored in the first memory and executable on the first processor, the second communication party includes a second memory, a second processor and a second computer program stored in the second memory and executable on the second processor, and the first processor implements the steps performed by the first communication party in the multi-party joint signature method based on SM2 algorithm when executing the first computer program;
the second processor, when executing the second computer program, performs the steps performed by the second communication party in the multi-party joint signature method based on the SM2 algorithm.
The invention discloses a multi-party combined signature method and a system based on SM2 algorithm, which can be applied to application scenes needing signature encryption, and are explained by the following specific implementation modes:
example one
The method comprises the steps that a first communication party and a second communication party share a set of preset elliptic curves;
referring to fig. 1, the multi-party joint signature method based on SM2 algorithm of the present embodiment includes the steps of:
s1, the first communication party generates a first sub-key pair, and the second communication party generates a second sub-key pair, which specifically includes:
s11, the first communication party generates a first random number and calculates a first sub-private key according to the first random number;
specifically, the first communication party generates a first random number D 1 ∈[1,n-1]And according to the first random number D 1 Computing a first sub-private key d 1 =(D 1 -1) -1 (ii) a n is the order corresponding to the base point G in the preset elliptic curve in the finite field;
s12, the first communication party generates a first sub public key according to a base point of a preset elliptic curve and the first sub private key;
specifically, the first communication party is according to a base point G of a preset elliptic curve and a first sub private key d 1 Generating a first sub-public key P 1 =d 1 [*]G, wherein [. X [ ]]Representing an elliptic curve point multiplication operation;
s13, the first communication party obtains a first sub-key pair according to the first sub-private key and the first sub-public key;
specifically, the first sub-key pair comprises the first sub-private key d 1 And said first sub-public key P 1
S14, the first communication party calculates a first parameter according to the first random number and the base point, and sends the first parameter to a second communication party, and the first communication party sends the first sub public key to the second communication party;
specifically, the first communication party is based on the first random number D 1 Calculating a first parameter Q from the base point G 1 =D 1 [*]G, and the first parameter Q 1 Sending the first sub public key P to the second communication party 1 Sending the information to a second communication party;
s15, the second communication party generates a second random number and calculates a second sub-private key according to the second random number;
specifically, the second communication party generates the second random number D 2 ∈[1,n-1]And according to the second random number D 2 Computing a second sub-private key d 2 =(D 2 -1) -1
S16, the second communication party generates a second sub public key according to the second sub private key and the base point;
specifically, the second communication party is according to the second sub-private key d 2 Generating a second sub-public key P with the base point G 2 =d 2 [*]G;
S17, the second communication party generates a second parameter according to the second random number and the base point, and generates a second public key according to the second random number, the first parameter and the second parameter;
specifically, the second communication party is based on the second random number D 2 Generating a second parameter Q from the base point G 2 =D 2 [*]G, and according to a second random number D 2 A first parameter Q 1 And a second parameter Q 2 Generating a second public key P ═ D 2 [*]Q 1 [-]Q 1 [-]Q 2 Wherein [ -]Representing an elliptic curve point subtraction operation;
s18, the second communication party sends the second public key and the second parameter to the first communication party;
specifically, the second communication party connects the second public key P and the second parameter Q 2 Sending the information to a first communication party;
s19, the first communication party generates a first public key according to the first random number, the second parameter and the first parameter, and judges whether the first public key is equal to the second public key, if yes, the key generation is determined to be successful; if not, returning to execute S11;
specifically, the first communication party is based on the first random number D 1 A second parameter Q 2 And a first parameter Q 1 Generating a first public key P * And judges the first public key P * Whether the key is equal to the second public key P or not, if yes, the key is determined to be successfully generated; if not, returning to execute S11;
s2, the first communication party signs the received message to be signed to obtain a signature value, and sends the signature value to the second communication party, which specifically includes:
s21, the first communication party generates a third random number and generates a third parameter according to the third random number and the base point;
specifically, the first communication party generates the third random number k 1 ∈[1,n-1]And according to a third random number k 1 Generating a third parameter T from the base point G 1 =k 1 [*]G;
S22, the first communication party signs the received message to be signed according to the first sub private key to obtain a signature value, and sends the signature value and the third parameter to the second communication party;
specifically, the first communication party is according to a first sub-private key d 1 Signing the received message to be signed to obtain a signature value sign1, and signing the signature value sign1 and a third parameter T 1 Sending the signature to a second communication party, wherein the signature is carried out by using the existing signature process;
s3, the second communication party verifies the signature value according to the first sub-key pair to obtain a first verification result, performs an operation on the message to be signed according to the second sub-key pair based on the first verification result to obtain a partial signature value parameter, and sends the partial signature value parameter to the first communication party, which specifically includes:
s31, the second communication party verifies the signature value according to the first sub public key to obtain a first verification result; it should be noted that the second communication party cannot obtain the first sub private key of the first communication party, and can only use the first sub public key therein to verify a signature value;
s32, the second communication party judges whether the first verification result is successful, if yes, the S33 is executed; if not, an error is reported for quitting;
s33, the second communication party generates a fourth random number and a fifth random number, and calculates a first elliptic curve point according to the fourth random number, the fifth random number, the third parameter, the first sub public key, the second sub private key and the base point, where the first elliptic curve point includes a first coordinate;
wherein the first coordinate is x 1
Specifically, the second communication party generates the fourth random number k 2 And a fifth random number k 3 And according to the fourth random number k 2 A fifth random number k 3 A third parameter T 1 First sub public key P 1 A second sub-private key d 2 Calculating the first base point from the base point GElliptic curve point (x) 1 ,y 1 )=k 3 [*](T 1 [+]P 1 )[+]((k 2 +d 2 )*k 3 )[*]G, wherein [ +]Representing an elliptic curve point addition operation;
s34, the second communication party calculates a message digest of the message to be signed, and calculates the message to be signed according to the message digest, the first coordinate, the second sub-private key, the fourth random number, and the fifth random number to obtain a partial signature value parameter, and sends the partial signature value parameter to the first communication party, which specifically includes:
s341, the second communication party calculates the message digest of the message to be signed;
specifically, the second communication party calculates the message digest e ═ H of the message to be signed v (),H v () A cryptographic hash function representing a message digest length of v;
s342, the second communication party calculates a first partial signature value parameter according to the message digest and the first coordinate;
specifically, the second communication party is based on the message digest e and the first coordinate x 1 Calculating a first partial signature value parameter r ═ e + x 1 ) mod n, where mod represents a modulo operation;
s343, the second communication party judges whether the first part signature value parameter is equal to a first preset value, if yes, the step of generating a fourth random number and a fifth random number by the second communication party is returned to be executed, and if not, a second part signature value parameter is calculated according to the second sub private key and the fifth random number;
wherein the first preset value is 0;
specifically, the second communication party determines whether the first partial signature value parameter r is equal to 0, if so, the process returns to S33, and if not, the process is performed according to the second sub-private key d 2 And a fifth random number k 3 Calculating a second partial signature value parameter s 1 =(d 2 *k 3 )mod n;
S344, calculating a third partial signature value parameter according to the second sub-private key, the fourth random number, the fifth random number, and the first verification parameter, and sending the first partial signature value parameter, the second partial signature value parameter, and the third partial signature value parameter to the first communication party;
in particular, according to the second sub-private key d 2 A fourth random number k 2 A fifth random number k 3 And the first verification parameter r calculates a third partial signature value parameter s 2 =(d 2 *((k 2 +d 2 )*k 3 + r)) mod n, and a first partial signature value parameter r, a second partial signature value parameter s 1 And a third partial signature value parameter s 2 Sending the data to a first communication party;
s4, the first communication party calculates a complete signature value according to the partial signature value parameter and the first sub-key pair, and obtains a joint signature result according to the complete signature value, which specifically includes:
the first communication party calculates a complete signature value according to the partial signature value parameter, the third random number and the first sub-private key, judges whether the complete signature value is equal to a second preset value or not, if yes, returns to execute S21, and if not, determines that the joint signature is successful and obtains a joint signature result;
wherein the second preset value is 0;
specifically, the first communication party is based on the partial signature value parameters (including a first partial signature value parameter r and a second partial signature value parameter s) 1 And a third partial signature value parameter s 2 ) A third random number k 1 And a first sub-private key d 1 Calculating the full signature value s ═ d (d) 1 *(k 1 +d 1 )*s 1 +d 1 *s 2 R) mod n, and judging whether the full signature value S is equal to 0, if so, returning to execute S21, and if not, determining that the joint signature is successful and obtaining a joint signature result (r, S);
s5, the first communication party obtains ciphertext, and the ciphertext comprises a first ciphertext, a second ciphertext and a third ciphertext;
specifically, the first communication party obtains a ciphertext, which includes a first ciphertext C 1 The first stepTwo cipher texts C 2 And a third ciphertext C 3
S6, the first communication party signs the first ciphertext to obtain a second signature value, and sends the second signature value and the first ciphertext to the second communication party, which specifically includes:
s61, the first communication party verifies whether the first ciphertext is on the preset elliptic curve, if so, the S62 is executed; if not, an error is reported and quit is carried out;
specifically, the first communication party verifies the first ciphertext C 1 If the current position is on the preset elliptic curve, executing S62;
s62, the first communication party calculates a third elliptic curve point according to the first ciphertext and judges whether the third elliptic curve point is an infinite point, if so, an error is reported and the communication party exits, and if not, S63 is executed;
specifically, the first communication party is according to the first ciphertext C 1 Calculating a third elliptic curve point S [ -h [ ]]C 1 Judging whether the third elliptic curve point S is an infinite point, if so, reporting an error to exit, and if not, executing S63;
s63, the first communication party signs the first ciphertext to obtain a second signature value, and the second signature value and the first ciphertext are sent to the second communication party;
specifically, the first communication party is to the first ciphertext C 1 Signing is carried out to obtain a second signature value sign1, and a second name value sign1 and a first ciphertext C are obtained 1 Sending the information to a second communication party;
s7, the second communication party verifies the second signature value to obtain a second verification result, whether the second verification result is successful or not is judged, and if yes, S8 is executed; if not, an error is reported and quit is carried out;
s8, the second communication party calculates a fourth parameter according to the second sub private key and the first ciphertext and sends the fourth parameter to the first communication party;
specifically, the second communication party is according to the second sub-private key d 2 And a first ciphertext C 1 Calculate the firstFour parameter T 2 =d 2 -1 [*]C 1 And the fourth parameter T is used 2 Sending the information to a first communication party;
s9, the first communication party decrypts the ciphertext according to the fourth parameter, the first sub-private key, and the first ciphertext to obtain a plaintext, which specifically includes:
s91, the first communication party calculates a second elliptic curve point according to the fourth parameter, the first sub private key and the first ciphertext, wherein the second elliptic curve point comprises a third coordinate and a fourth coordinate;
wherein the third coordinate is x 2 The fourth coordinate is y 2
Specifically, the first communication party is according to the fourth parameter T 2 First sub-private key d 1 And a first ciphertext C 1 Calculating a second elliptic curve point (x) 2 ,y 2 )=d 1 -1 [*]T 2 [-]C 1
S92, the first communication party obtains the bit length of the second ciphertext, and calculates a fifth parameter according to the third coordinate, the fourth coordinate and the bit length;
specifically, the first communication party obtains the second ciphertext C 2 And according to a third coordinate x 2 The fourth coordinate y 2 And bit length klen to calculate a fifth parameter t ═ KDF (x) 2 ||y 2 Klen), and judging whether the fifth parameter t is all 0, if yes, reporting an error and exiting, and if not, executing S93;
s93, the first communication party calculates a plaintext according to the fifth parameter and the second ciphertext, and calculates a sixth parameter according to the third coordinate, the fourth coordinate and the plaintext;
specifically, the first communication party is according to the fifth parameter t and the second ciphertext C 2 Calculating the plaintext M ═ C 2 ^ t and according to the third coordinate x 2 The fourth coordinate y 2 And the plaintext M' calculates a sixth parameter u ═ Hash (x) 2 ||M’||y 2 );
S94, the first communication party determines whether the sixth parameter is equal to the third ciphertext, and if so, outputs the plaintext;
specifically, the first communication party determines whether the sixth parameter u is equal to the third ciphertext C 3 If yes, outputting a plaintext M', otherwise, reporting an error and exiting;
the joint decryption processes S5-S9 and the joint signature processes S2-S4 may be performed simultaneously, and the encryption processes corresponding to the joint decryption processes S5-S9 are conventional encryption processes, which are not described herein again.
Example two
Referring to fig. 2, a multi-party joint signature system based on SM2 algorithm of this embodiment includes a first communication party and a second communication party, where the first communication party includes a first memory, a first processor and a first computer program stored in the first memory and operable on the first processor, and the second communication party includes a second memory, a second processor and a second computer program stored in the second memory and operable on the second processor, and the first processor implements the steps performed by the first communication party in embodiment one when executing the first computer program;
the second processor, when executing the second computer program, implements the steps performed by the second communicant in the first embodiment.
In summary, according to the multiparty joint signature method and system based on the SM2 algorithm provided by the present invention, a first communication party generates a first sub-key pair, a second communication party generates a second sub-key pair, the first sub-key pair includes a first sub-private key and a first sub-public key, the second sub-key pair includes a second sub-private key and a second sub-public key, each of the sub-key pairs stores its own sub-key pair, and the complete private key does not exist in any party, so that the security of the key is improved; the first communication party signs the received message to be signed to obtain a signature value and sends the signature value to the second communication party; the second communication party verifies the signature value according to the first sub-secret key pair to obtain a first verification result, the message to be signed is operated according to the second sub-secret key pair based on the first verification result to obtain a partial signature value parameter, and the partial signature value parameter is sent to the first communication party; the first communication party calculates a complete signature value according to the partial signature value parameter and the first sub-key pair, and obtains a joint signature result according to the complete signature value; meanwhile, after the first communication party acquires the ciphertext, signing the first ciphertext, sending the obtained second signature value and the first ciphertext to the second communication party, verifying the second signature value by the second communication party to obtain a second verification result, calculating a fourth parameter according to a second sub-private key and the first ciphertext based on the second verification result, sending the fourth parameter to the first communication party, and decrypting the ciphertext by the first communication party according to the fourth parameter, the first sub-private key and the first ciphertext to obtain a plaintext, so that combined decryption is realized, and the security of a decryption process is improved; even in the process of signature operation, the private key can not completely appear, the data of the private key of the user can be well hidden, the difficulty of obtaining the private key by using an attack means is improved, and therefore the security of the private key can be effectively improved.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all equivalent changes made by using the contents of the present specification and the drawings, or applied directly or indirectly to the related technical fields, are included in the scope of the present invention.

Claims (10)

1. A multi-party combined signature method based on SM2 algorithm is characterized by comprising the following steps:
the first communication party generates a first sub-key pair, and the second communication party generates a second sub-key pair;
the first communication party signs the received message to be signed to obtain a signature value and sends the signature value to the second communication party;
the second communication party verifies the signature value according to the first sub-secret key pair to obtain a first verification result, the message to be signed is operated according to the second sub-secret key pair based on the first verification result to obtain a partial signature value parameter, and the partial signature value parameter is sent to the first communication party;
and the first communication party calculates a complete signature value according to the partial signature value parameter and the first sub-key pair, and obtains a joint signature result according to the complete signature value.
2. The multi-party joint signature method based on the SM2 algorithm of claim 1, wherein the first communication party generating the first sub-key pair comprises:
a first communication party generates a first random number and calculates a first sub private key according to the first random number;
the first communication party generates a first sub public key according to a base point of a preset elliptic curve and the first sub private key;
and the first communication party obtains a first sub-secret key pair according to the first sub-private key and the first sub-public key.
3. The SM2 algorithm-based multi-party joint signature method of claim 2, wherein the obtaining of the first sub-key pair by the first communication party according to the first sub-private key and the first sub-public key comprises:
the first communication party calculates a first parameter according to the first random number and the base point and sends the first parameter to a second communication party;
the second correspondent generating a second sub-key pair comprises:
the second communication party generates a second random number and calculates a second sub-private key according to the second random number;
the second communication party generates a second sub public key according to the second sub private key and the base point;
the second communication party generates a second parameter according to the second random number and the base point, and generates a second public key according to the second random number, the first parameter and the second parameter;
the second communication party sends the second public key and the second parameter to the first communication party;
and the first communication party generates a first public key according to the first random number, the second parameter and the first parameter, judges whether the first public key is equal to the second public key or not, and determines that the generation of the secret key is successful if the first public key is equal to the second public key.
4. The SM2 algorithm-based multi-party joint signature method of claim 3, wherein the first communication party signs a received message to be signed to obtain a signature value, and sends the signature value to the second communication party comprises:
the first communication party generates a third random number and generates a third parameter according to the third random number and the base point;
and the first communication party signs the received message to be signed according to the first sub private key to obtain a signature value, and sends the signature value and the third parameter to the second communication party.
5. The SM2 algorithm-based multiparty joint signature method according to claim 4, wherein the obtaining of the first sub-key pair by the first communication party according to the first sub-private key and the first sub-public key further comprises:
the first communication party sends the first sub public key to the second communication party;
the second communication party verifies the signature value according to the first sub-key pair to obtain a first verification result, and the second communication party performs operation on the message to be signed according to the second sub-key pair based on the first verification result to obtain a partial signature value parameter, and sends the partial signature value parameter to the first communication party, including:
the second communication party verifies the signature value according to the first sub public key to obtain a first verification result;
the second communication party judges whether the first verification result is successful, if so, the second communication party generates a fourth random number and a fifth random number, and calculates a first elliptic curve point according to the fourth random number, the fifth random number, the third parameter, the first sub public key, the second sub private key and the base point, wherein the first elliptic curve point comprises a first coordinate;
and the second communication party calculates the message digest of the message to be signed, calculates the message to be signed according to the message digest, the first coordinate, the second sub-private key, the fourth random number and the fifth random number to obtain a partial signature value parameter, and sends the partial signature value parameter to the first communication party.
6. The SM2 algorithm-based multi-party joint signature method according to claim 5, wherein the operating the message to be signed according to the message digest, the first coordinate, the second sub-private key, the fourth random number, and the fifth random number to obtain a partial signature value parameter, and sending the partial signature value parameter to the first communication party comprises:
the second communication party calculates a first partial signature value parameter according to the message digest and the first coordinate;
the second communication party judges whether the first part of signature value parameters are equal to a first preset value or not, if yes, the second communication party returns to the step of generating a fourth random number and a fifth random number, and if not, a second part of signature value parameters are calculated according to the second sub-private key and the fifth random number;
and calculating a third partial signature value parameter according to the second sub-private key, the fourth random number, the fifth random number and the first partial signature value parameter, and sending the first partial signature value parameter, the second partial signature value parameter and the third partial signature value parameter to the first communication party.
7. The multi-party joint signature method based on SM2 algorithm of claim 4, wherein the first communication party calculating a full signature value from the partial signature value parameter and the first sub-key pair and obtaining a joint signature result from the full signature value comprises:
and the first communication party calculates a complete signature value according to the partial signature value parameter, the third random number and the first sub-private key, judges whether the complete signature value is equal to a second preset value or not, returns to the step of executing the first communication party to generate the third random number if the complete signature value is equal to the second preset value, and determines that the joint signature is successful and obtains a joint signature result if the complete signature value is not equal to the second preset value.
8. The SM2 algorithm-based multi-party joint signature method of claim 3, wherein the generation of the first sub-key pair by the first communication party and the generation of the second sub-key pair by the second communication party further comprises:
the first communication party acquires a ciphertext, wherein the ciphertext comprises a first ciphertext, a second ciphertext and a third ciphertext;
the first communication party signs the first ciphertext to obtain a second signature value, and sends the second signature value and the first ciphertext to the second communication party;
the second communication party verifies the second signature value to obtain a second verification result, calculates a fourth parameter according to the second sub private key and the first ciphertext based on the second verification result, and sends the fourth parameter to the first communication party;
and the first communication party decrypts the ciphertext according to the fourth parameter, the first sub private key and the first ciphertext to obtain a plaintext.
9. The SM2 algorithm-based multi-party joint signature method according to claim 8, wherein the first communication party decrypts the ciphertext according to the fourth parameter, the first sub-private key and the first ciphertext to obtain plaintext, and comprises:
the first communication party calculates a second elliptic curve point according to the fourth parameter, the first sub private key and the first ciphertext, wherein the second elliptic curve point comprises a third coordinate and a fourth coordinate;
the first communication party acquires the bit length of the second ciphertext and calculates a fifth parameter according to the third coordinate, the fourth coordinate and the bit length;
the first communication party calculates a plaintext according to the fifth parameter and the second ciphertext, and calculates a sixth parameter according to the third coordinate, the fourth coordinate and the plaintext;
and the first communication party judges whether the sixth parameter is equal to the third ciphertext, and if so, outputs the plaintext.
10. A multi-party joint signature system based on SM2 algorithm, comprising a first communication party and a second communication party, the first communication party comprising a first memory, a first processor and a first computer program stored on the first memory and executable on the first processor, the second communication party comprising a second memory, a second processor and a second computer program stored on the second memory and executable on the second processor, the first processor implementing the steps performed by the first communication party in a multi-party joint signature method based on SM2 algorithm as claimed in any one of claims 1-9 when executing the first computer program;
the second processor, when executing the second computer program, performs the steps performed by the second communication party in a multi-party joint signature method based on the SM2 algorithm as claimed in any of claims 1-9.
CN202210530903.5A 2022-05-16 2022-05-16 Multi-party joint signature method and system based on SM2 algorithm Active CN114978536B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210530903.5A CN114978536B (en) 2022-05-16 2022-05-16 Multi-party joint signature method and system based on SM2 algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210530903.5A CN114978536B (en) 2022-05-16 2022-05-16 Multi-party joint signature method and system based on SM2 algorithm

Publications (2)

Publication Number Publication Date
CN114978536A true CN114978536A (en) 2022-08-30
CN114978536B CN114978536B (en) 2024-01-30

Family

ID=82984149

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210530903.5A Active CN114978536B (en) 2022-05-16 2022-05-16 Multi-party joint signature method and system based on SM2 algorithm

Country Status (1)

Country Link
CN (1) CN114978536B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014120121A1 (en) * 2013-01-29 2014-08-07 Certicom Corp. Modified sm2 elliptic curve signature algorithm supporting message recovery
CN107124274A (en) * 2017-05-18 2017-09-01 深圳奥联信息安全技术有限公司 Digital signature method and device based on SM2
CN110971405A (en) * 2019-12-06 2020-04-07 支付宝(杭州)信息技术有限公司 SM2 signing and decrypting method and system with cooperation of multiple parties
CN111314089A (en) * 2020-02-18 2020-06-19 数据通信科学技术研究所 SM 2-based two-party collaborative signature method and decryption method
CN112422288A (en) * 2020-10-26 2021-02-26 中国科学院大学 SM2 algorithm-based two-party collaborative signature method for resisting energy analysis attack

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014120121A1 (en) * 2013-01-29 2014-08-07 Certicom Corp. Modified sm2 elliptic curve signature algorithm supporting message recovery
CN107124274A (en) * 2017-05-18 2017-09-01 深圳奥联信息安全技术有限公司 Digital signature method and device based on SM2
CN110971405A (en) * 2019-12-06 2020-04-07 支付宝(杭州)信息技术有限公司 SM2 signing and decrypting method and system with cooperation of multiple parties
CN111314089A (en) * 2020-02-18 2020-06-19 数据通信科学技术研究所 SM 2-based two-party collaborative signature method and decryption method
CN112422288A (en) * 2020-10-26 2021-02-26 中国科学院大学 SM2 algorithm-based two-party collaborative signature method for resisting energy analysis attack

Also Published As

Publication number Publication date
CN114978536B (en) 2024-01-30

Similar Documents

Publication Publication Date Title
CN107196763B (en) SM2 algorithm collaborative signature and decryption method, device and system
CN107948189B (en) Asymmetric password identity authentication method and device, computer equipment and storage medium
CN109309569B (en) SM2 algorithm-based collaborative signature method and device and storage medium
CN109088726B (en) SM2 algorithm-based collaborative signing and decrypting method and system for two communication parties
US8670563B2 (en) System and method for designing secure client-server communication protocols based on certificateless public key infrastructure
CN111314089B (en) SM 2-based two-party collaborative signature method and decryption method
US7716482B2 (en) Conference session key distribution method in an ID-based cryptographic system
CN107248909B (en) Certificateless secure signature method based on SM2 algorithm
US7899184B2 (en) Ends-messaging protocol that recovers and has backward security
CN109150897B (en) End-to-end communication encryption method and device
CN111342955B (en) Communication method and device and computer storage medium
CN110971411B (en) SM2 homomorphic signature method for encrypting private key by multiplying based on SOTP technology
CN114726546B (en) Digital identity authentication method, device, equipment and storage medium
CN112118113A (en) Multi-party cooperative group signature method, device, system and medium based on SM2 algorithm
CN111355582A (en) Two-party combined signature and decryption method and system based on SM2 algorithm
CN114095181A (en) Threshold ring signature method and system based on state cryptographic algorithm
CN113132104A (en) Active and safe ECDSA (electronic signature SA) digital signature two-party generation method
CN112364335B (en) Identification identity authentication method and device, electronic equipment and storage medium
CN111901123B (en) SM2 signature generation method, storage medium and terminal
CN111756537B (en) Two-party cooperative decryption method, system and storage medium based on SM2 standard
CN114760046A (en) Identity authentication method and device
CN116318654A (en) SM2 algorithm collaborative signature system, method and equipment integrating quantum key distribution
CN114978536B (en) Multi-party joint signature method and system based on SM2 algorithm
CN116232578A (en) Multi-party collaborative signature system, method and equipment integrating quantum key distribution
CN114978488A (en) SM2 algorithm-based collaborative signature method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant