CN115314205B - Collaborative signature system and method based on key segmentation - Google Patents
Collaborative signature system and method based on key segmentation Download PDFInfo
- Publication number
- CN115314205B CN115314205B CN202211243282.9A CN202211243282A CN115314205B CN 115314205 B CN115314205 B CN 115314205B CN 202211243282 A CN202211243282 A CN 202211243282A CN 115314205 B CN115314205 B CN 115314205B
- Authority
- CN
- China
- Prior art keywords
- terminal
- signature
- server
- key
- key component
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a collaborative signature system and a collaborative signature method based on key partitioning. The invention adopts the key segmentation technology to realize the independent generation and independent storage of the key components at the mobile intelligent terminal password module and the server end; in the signature process, a collaborative signature technology is adopted, the mobile intelligent terminal password module and the server end respectively calculate respective signature results by using respective secret key components, the two parties exchange intermediate signature results, and finally the mobile intelligent terminal password module synthesizes a complete digital signature, so that the problem of safe storage of the secret key components in the mobile intelligent terminal is solved.
Description
Technical Field
The invention belongs to the technical field of cryptographic engineering, and particularly relates to a collaborative signature system and a collaborative signature method based on key segmentation.
Background
With the high-speed development of the mobile internet technology, the mobile intelligent terminal can be widely deepened into all aspects of life of people, and wonderful and convenient life experience is brought.
The application communication content of the mobile intelligent terminal is transmitted through a public wireless channel, is easy to attack and poses serious threat to information safety. Meanwhile, the possibility of being attacked is greatly increased due to the complexity of an operating system and the diversification of applications, and a great deal of safety problems are caused. And the mobile intelligent terminal uses traditional hardware password equipment to guarantee the safety, and if the mobile intelligent terminal is not easy to carry, the mobile intelligent terminal is inconvenient to connect and the like.
In the prior art, CN106327184A discloses a mobile intelligent terminal payment system and method based on secure hardware isolation, which includes: the system comprises a payment server, a mobile intelligent terminal and safety hardware; the security hardware is independent of the mobile intelligent terminal, the security of authentication data of a user is protected, random number generation, certificate request and information signature services are provided for the outside, meanwhile, the security hardware has a security storage function, a private key and a password of a payment certificate of the user are stored in the security hardware, the sensitive data are effectively prevented from being acquired by an attacker, and the payment information is confirmed by the user in the security hardware, so that the payment information is prevented from being maliciously tampered. However, the above prior art has the following technical problems: the terminal must support the safety equipment, and the environment dependence is strong; each user needs to purchase safety equipment, so that the cost is high; the user must carry and use each user and need to purchase the safety equipment, and the application is inconvenient. In addition, CN112241527A in the prior art discloses a key generation method, system and electronic device, wherein a private key is not generated by a device such as a terminal device, but both terminals of a terminal and a server cooperate to generate private key components, respectively, and any terminal cannot recover a complete private key alone, so as to protect the security of the private key from being stolen illegally, but the above prior art has the following technical problems: the terminal key protection depends on an encryption key derived from an equipment identification code of the terminal equipment, an application identification of legal application and a user identification of a legal user for protection, and the three are fixed contents and lack of external variable input, so that the security level of the terminal storage protection is low; the secret key component generated by the server side only uses random numbers and does not use a system private key to participate in operation.
Therefore, how to overcome the problem that the traditional hardware password device is not suitable for the mobile intelligent terminal in the prior art, eliminate the hidden danger of safe storage of the secret key, provide a safe software password module and a collaborative signature service, provide the basic commercial password algorithm computing power for the mobile intelligent terminal, and become a technical problem to be solved in the field.
Disclosure of Invention
The invention provides a collaborative signature system and a collaborative signature method based on key segmentation, which are suitable for a mobile intelligent terminal environment, eliminate information safety hidden dangers and provide cryptographic services for applications. The invention specifically adopts the following technical scheme:
a collaborative signature system based on key segmentation comprises a mobile intelligent terminal password module, a collaborative signature server, a key component generation protocol and a collaborative signature protocol;
the mobile intelligent terminal password module is a software password module and is used for providing mobile intelligent terminal password services for the mobile intelligent terminal, and the mobile intelligent terminal password services comprise terminal key component generation service, terminal key component storage service and terminal collaborative signature service;
the collaborative signing server is matched with the mobile intelligent terminal password module to provide server side password service, and comprises server side collaborative signing service, server side key component generation service and server side key component storage service, wherein the collaborative signing server comprises a physical password card, and the physical password card is connected with the server side collaborative signing service through a server side key component management interface and a password calculation interface.
Further, the terminal key component generating service includes generating a terminal key component by an SM2 algorithm built in a cryptographic module of the mobile intelligent terminal, and the specific process is as follows:
2) The parameters D1 are calculated as a function of time,D1=[d A ]G;
3) Publishing an ID to a collaborative signing server A 、D1;
Wherein, ID A Is a terminal identity.
Further, the terminal key component storage service uses a mobile intelligent terminal password module login password as a key, and adopts SM4 algorithm encryption to protect the terminal key component, and the specific process is as follows:
1) The derived K1 is used with the login password and salt value salt,K1=PBKDF(password,salt);
2) Protected by K1 encryptiond A ,ENCd A =SM4(K1, dA);
3) StoringENCd A 。
Further, the terminal collaborative signature service starts to work after the server side key component is generated, the terminal key component is used for calculating the signature intermediate result of the terminal, the intermediate signature result is exchanged with the server side, and finally the mobile intelligent terminal cryptographic module synthesizes a complete digital signature.
Further, the specific process of calculating the intermediate signature result of the terminal by using the terminal key component, exchanging the intermediate signature result with the server side, and finally synthesizing the complete digital signature by the mobile intelligent terminal cryptographic module includes:
3) Calculating the parameter W A ,W A =[k A1 ]U B +k A2 G={x,y};
4) A hash value e of the data M is computed,e=HASH(M);
5) The calculation of r is carried out in such a way that,r=(e+x)mod n;
6) The calculation of s2 is carried out in such a way that,s2=[d A -1 ][k A1 ]mod n;
7) The calculation of s3 is carried out,s3=(k A2 +r)[d A -1 ]mod n;
8) Publishing s2, s3 to the co-signing server;
9) After the t value disclosed by the server-side cooperative signature service is obtained, the s value is calculated,s=t-r;
10 ) constitute a complete signature value(r,s)。
Furthermore, the physical password card is provided with a PCI-E interface and is used for realizing the generation, storage and password calculation of the key component at the server side.
Further, the specific process of the service side key component generation service is as follows:
2) The parameters D2 are calculated such that,D2=[d 2 ]G;
3) Computing a server-side key component d B ,d B =[d 2 +h·s]G;(h=Hash(D1|| D2||ID A ) Wherein, the Hash is SM3 cipher Hash algorithm, s is the private key of the collaborative signature server;
4) The complete public key P is calculated and,P=[d B ]D1−G;
6) Calculating the parameter U B ,U B =[k B ]G;
Publishing U to terminal B ,P。
Further, the server-side collaborative signing service calculates a signing intermediate result by using a server-side secret key component, exchanges the intermediate signing result in cooperation with the terminal, and finally synthesizes a complete digital signature by the mobile intelligent terminal cryptographic module, wherein the specific process comprises the following steps:
1) The server side calculates the t and the t,t=([d B -1 ][k B ]s2+[d B -1 ]s3)mod n;
2) And disclosing t to the terminal.
The invention also relates to a key partitioning based co-signing method for a system as described above, said method comprising the steps of:
(1) Mobile intelligent terminal password moduleThe block sends out a key component generating instruction and informs the server end of the instruction, and the mobile intelligent terminal password module generates a component d of a complete terminal private key A Then calculating and issuing the D1 declaration parameter to the server side;
(2) The server side generates the component d of the complete private key of the terminal after receiving the key component generation instruction of the terminal B Then, calculating and issuing a complete public key P to the terminal, wherein both parties can not calculate the complete private key of the terminal according to the declaration parameters generated and obtained by the parties;
(3) The mobile intelligent terminal password module sends a collaborative signature application to the server side, and the server side generates a random number k B Recalculating and publishing U B Giving a terminal;
(4) U for receiving server end feedback by mobile intelligent terminal cipher module B Then, calculating a signature part result r, and calculating and disclosing signature intermediate results s2 and s3 to a server side;
(5) Server side use key component d B Calculating and disclosing the intermediate signature result t to the terminal according to the intermediate signature results s2 and s3;
(6) And the mobile intelligent terminal password module calculates to obtain a complete digital signature according to the signature part result r and the signature middle result t.
Further, the step (2) specifically includes:
2) The parameters D2 are calculated such that,D2=[d 2 ]G;
3) Computing server-side key component d B ,d B =[d 2 +h·s]G;(h=Hash(D1|| D2||ID A ) Wherein, the Hash is SM3 cipher Hash algorithm, s is the private key of the collaborative signature server;
4) The complete public key P is calculated and,P=[d B ]D1−G;
go to endEnd disclosure U B 。
The invention solves the problem that the traditional hardware password equipment is not suitable for the mobile intelligent terminal based on the key segmentation technology, eliminates the hidden danger of safe storage of the key, provides a safe software password module and a collaborative signature service, and provides basic commercial password algorithm computing capacity for the mobile intelligent terminal. Compared with the prior art, the invention has the following beneficial effects: (1) The invention adopts a key division mechanism to divide the complete private key of the terminal into a terminal key component and a server-side key component so as to ensure the safe storage of the key at the terminal; (2) The invention provides a collaborative signature mechanism, when a terminal carries out signature, the terminal and a server end respectively calculate respective signature intermediate results, the two parties exchange the signature intermediate results, and finally the terminal synthesizes a complete digital signature; (3) The collaborative signature system does not depend on hardware password equipment, and a complete terminal private key does not appear at any time in a key period, so that the risk of leakage of the complete terminal private key is avoided, and the terminal hardware password equipment performs key protection; (4) The cloud password service system adopts a container-based lightweight security isolation mechanism, and the isolation mechanism combines various measures to guarantee that tenants cannot illegally access; (5) The invention fully supports the domestic cryptographic algorithm and the domestic hardware platform and follows the relevant industrial standard of China.
Drawings
FIG. 1 is a schematic diagram of the system of the present invention.
FIG. 2 is a flow chart of the method of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and the protection scope of the present invention is not limited thereby. It should be noted that the following detailed description is exemplary and is intended to provide further explanation of the disclosure.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the present application. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, and it should be understood that when the terms "comprises" and/or "comprising" are used in this specification, they specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof, unless the context clearly indicates otherwise.
The invention aims to provide a collaborative signature system based on key segmentation and an implementation method thereof, the invention adopts a key segmentation technology to realize independent generation and independent storage of key components at a mobile intelligent terminal cryptographic module and a server end, and the safe storage of keys is ensured; in the signature process, a collaborative signature technology is adopted, the mobile intelligent terminal password module and the server side respectively calculate respective signature results by using respective secret key components, the two sides exchange intermediate signature results, and finally the mobile intelligent terminal password module synthesizes a complete digital signature.
As shown in fig. 1, a collaborative signature system based on key partitioning according to the present invention includes: the mobile intelligent terminal comprises a mobile intelligent terminal password module and a collaborative signature server.
The mobile intelligent terminal cryptographic module is a pure software cryptographic module and provides cryptographic services such as collaborative signature, terminal key component generation and storage for the terminal, and the cryptographic services comprise a terminal key component generation service, a key component storage service and a terminal collaborative signature service based on key segmentation;
the terminal key component generating service based on key segmentation generates the terminal key component through an SM2 algorithm built in a cryptographic module of a mobile intelligent terminal, and the specific process is as follows:
2) The parameters D1 are calculated as a function of time,D1=[d A ]G;
3) Disclosing IDs to a co-signing server A 、D1。(ID A Is terminal identity mark)
The key component storage service uses a mobile intelligent terminal password module login password as a key, and adopts SM4 algorithm encryption to protect the terminal key component, and the specific process is as follows:
1) The derived K1 is used with the login password and salt value salt,K1=PBKDF(password,salt);
2) Protected by K1 encryptiond A ,ENCd A =SM4(K1, dA);
3) StoringENCd A
The terminal collaborative signing service can start working after a server side key component is generated, calculates a signing intermediate result of a terminal by using the terminal key component, exchanges the intermediate signing result with the server side, and finally synthesizes a complete digital signature by a mobile intelligent terminal password module, and the specific process is as follows:
3) Calculating the parameter W A ,W A =[k A1 ]U B +k A2 G={x,y};
4) A hash value e of the data M is computed,e=HASH(M);
5) The calculation of r is carried out in such a way that,r=(e+x)mod n;
6) The calculation of s2 is carried out in such a way that,s2=[d A -1 ][k A1 ]mod n;
7) The calculation of s3 is carried out,s3=(k A2 +r)[d A -1 ]mod n;
8) Exposing s2, s3 to the co-signing server;
9) After the t value disclosed by the server-side collaborative signature service is obtained, the s value is calculated,s=t-r;
10 ) constitute a complete signature value(r,s);
The collaborative signature server is matched with a terminal password module to realize cryptographic services such as collaborative signature, server side key component generation and storage and the like, and comprises a physical password card and a server side collaborative signature service.
The physical password card is provided with a PCI-E interface and realizes password equipment for generating, storing and calculating the key component of the server side.
The server side key component generation process is as follows:
2) The parameters D2 are calculated such that,D2=[d 2 ]G;
3) Computing a server-side key component d B ,d B =[d 2 +h·s]G;(h=Hash(D1|| D2||ID A ) Hash is SM3 cryptographic Hash algorithm, s is private key of the collaborative signature server)
4) The complete public key P is calculated and,P=[d B ]D1−G;
6) Calculating the parameter U B ,U B =[k B ]G;
7) Disclosing U to terminal B ,P;
The server-side collaborative signing service calculates a signing intermediate result by using a server-side secret key component, exchanges the intermediate signing result in cooperation with the terminal, and finally synthesizes a complete digital signature by the mobile intelligent terminal cryptographic module.
1) The server side calculates the t and calculates the t,t=([d B -1 ][k B ]s2+[d B -1 ]s3)mod n;
2) Disclosing t to the terminal;
as shown in fig. 2, a collaborative signing method based on key partitioning according to the present invention includes the following steps:
(1) The mobile intelligent terminal password module sends out a secret key component generation instruction and informs the server side of the instruction, and the mobile intelligent terminal password module generates a component d of a complete private key of the terminal A And then calculating and issuing the D1 declaration parameter to the server side.
2) The parameters D1 are calculated as a function of time,D1=[d A ]G;
3) Disclosing IDs to a co-signing server A 、D1。(ID A Is terminal identity mark)
(2) The server side generates the component d of the complete private key of the terminal after receiving the key component generation instruction of the terminal B And then, calculating and issuing the complete public key P to the terminal, wherein both parties can not calculate the complete private key of the terminal according to the declaration parameters generated and obtained by the parties.
2) The parameters D2 are calculated so that,D2=[d 2 ]G;
3) Computing a server-side key component d B ,d B =[d 2 +h·s]G;(h=Hash(D1|| D2||ID A ) Hash is SM3 cryptographic Hash algorithm, s is private key of the collaborative signature server
4) The complete public key P is calculated and,P=[d B ]D1−G;
5) Disclosing U to terminal B ;
(3) The mobile intelligent terminal password module sends a collaborative signature application to the server side, and the server side generates a selected random number k B Recalculating and publishing U B To the terminal.
2) Calculating the parameter U B ,U B =[k B ]G;
(4) U fed back by server end is received to mobile intelligent terminal cipher module B And then, calculating a signature part result r, and calculating and disclosing signature intermediate results s2 and s3 to the server side.
3) Calculating the parameter W A ,W A =[k A1 ]U B +k A2 G={x,y};
4) A hash value e of the data M is computed,e=HASH(M);
5) The calculation of r is carried out in such a way that,r=(e+x)mod n;
6) The calculation of s2 is carried out in such a way that,s2=[d A -1 ][k A1 ]mod n;
7) The calculation of s3 is carried out,s3=(k A2 +r)[d A -1 ]mod n;
8) Exposing s2, s3 to the co-signing server;
(5) Server side using key component d B And calculating and disclosing the intermediate signature result t to the terminal according to the intermediate signature results s2 and s 3.
1) The server side calculates the t and the t,t=([d B -1 ][k B ]s2+[d B -1 ]s3)mod n;
2) Disclosing t to the terminal;
(6) And the mobile intelligent terminal password module calculates to obtain a complete digital signature according to the signature part result r and the signature middle result t.
1) After the t value disclosed by the server-side collaborative signature service is obtained, the s value is calculated,s=t-r;
2) Composing a complete signature value(r,s);
As described above, only the preferred embodiments of the present invention are described, and it should be noted that, for those skilled in the art, several modifications and variations can be made without departing from the technical principle of the present invention, and these modifications and variations should be considered as the protection scope of the present invention.
Claims (6)
1. A collaborative signature system based on key segmentation is characterized by comprising a mobile intelligent terminal cryptographic module, a collaborative signature server, a key component generation protocol and a collaborative signature protocol;
the mobile intelligent terminal password module is a software password module and is used for providing mobile intelligent terminal password services for the mobile intelligent terminal, and the mobile intelligent terminal password services comprise terminal key component generation service, terminal key component storage service and terminal collaborative signature service;
the collaborative signing server is matched with the mobile intelligent terminal password module to provide server side password service, and comprises server side collaborative signing service, server side key component generation service and server side key component storage service, wherein the collaborative signing server comprises a physical password card, and the physical password card is connected with the server side collaborative signing service through a server side key component management interface and a password calculation interface;
the terminal key component generation service includes generating a terminal key component, and the specific process is as follows:
2) The parameters D1 are calculated as a function of time,D1=[d A ]G;
3) Publishing an ID to a collaborative signing server A 、D1;
Wherein, ID A Is a terminal identity;
the specific process of calculating the intermediate signature result of the terminal by using the terminal key component, exchanging the intermediate signature result with the server side and finally synthesizing the complete digital signature by the mobile intelligent terminal cryptographic module comprises the following steps:
3) Calculating the parameter W A ,W A =[k A1 ]U B +k A2 G={x,y};
4) A hash value e of the data M is computed,e=HASH(M);
5) The calculation of r is carried out in such a way that,r=(e+x)mod n;
6) MeterCalculating the sum of the s2,s2=[d A -1 ][k A1 ]mod n;
7) The calculation of s3 is carried out in such a way that,s3=(k A2 +r)[d A -1 ]mod n;
8) Publishing s2, s3 to the co-signing server;
9) After the t value disclosed by the server-side collaborative signature service is obtained, the s value is calculated,s=t-r;
10 Constitute a complete signature value(r,s);
The specific process of the server side key component generating service is as follows:
2) The parameters D2 are calculated so that,D2=[d 2 ]G;
3) Computing a server-side key component d B ,d B =[d 2 +h·f]G;h=Hash(D1|| D2||ID A ) Wherein, the Hash is SM3 cipher Hash algorithm, f is private key of the cooperative signature server;
4) The complete public key P is calculated and,P=[d B ]D1−G;
6) Calculating the parameter U B ,U B =[k B ]G;
Disclosing U to terminal B ,P;
The server-side collaborative signing service calculates a signing intermediate result by using a server-side secret key component, exchanges the intermediate signing result in cooperation with a terminal, and finally synthesizes a complete digital signature by a mobile intelligent terminal password module, wherein the specific process comprises the following steps:
1) The server side calculates the t and calculates the t,t=([d B -1 ][k B ]s2+[d B -1 ]s3)mod n;
2) T is disclosed to the terminal.
2. The collaborative signature system based on key partitioning as claimed in claim 1, wherein the terminal key component storage service uses a mobile smart terminal cryptographic module login password as a key, and uses SM4 algorithm to encrypt and protect the terminal key component, and the specific process is as follows:
1) K1 is derived using the login password and salt,
K1=PBKDF(password,salt);
2) Protected by K1 encryptiond A ,ENCd A =SM4(K1, dA);
3) StoringENCd A 。
3. The key partitioning-based cooperative signing system according to claim 1, wherein the terminal cooperative signing service starts to work after the server side key component is generated, calculates the intermediate signing result of the terminal by using the terminal key component, exchanges the intermediate signing result with the server side, and finally synthesizes the complete digital signature by the mobile intelligent terminal cryptographic module.
4. The key partitioning-based cooperative signing system of claim 1, wherein said physical cryptographic card has a PCI-E interface for implementing server-side key component generation, storage and cryptographic computation.
5. A key-split based co-signing method for use in a system according to any of claims 1-4, said method comprising the steps of:
(1) Mobile intelligent terminal password moduleThe block sends out a key component generation instruction and informs the server end of the instruction, and the mobile intelligent terminal password module generates a component d of a complete private key of the terminal A Then calculating and issuing the D1 declaration parameter to a server side;
(2) The server side generates the component d of the complete private key of the terminal after receiving the key component generation instruction of the terminal B Then, calculating and issuing a complete public key P to the terminal, wherein both parties can not calculate the complete private key of the terminal according to the declaration parameters generated and obtained by the own party;
(3) The mobile intelligent terminal password module sends a collaborative signature application to the server side, and the server side generates a selected random number k B Recalculating and publishing U B Giving a terminal;
(4) U for receiving server end feedback by mobile intelligent terminal cipher module B Then, calculating a signature part result r, and calculating and disclosing signature intermediate results s2 and s3 to a server side;
(5) Server side use key component d B Calculating and disclosing the intermediate signature result t to the terminal according to the intermediate signature results s2 and s3;
(6) And the mobile intelligent terminal password module calculates to obtain a complete digital signature according to the signature part result r and the signature middle result t.
6. The key partitioning-based co-signing method according to claim 5, wherein the step (2) specifically comprises:
2) The parameters D2 are calculated so that,D2=[d 2 ]G;
3) Computing a server-side key component d B ,d B =[d 2 +h·f]G;h=Hash(D1|| D2||ID A ) Wherein, the Hash is SM3 cipher Hash algorithm, f is private key of the collaborative signature server;
4) The complete public key P is calculated and,P=[d B ]D1−G;
5) Publishing U to terminal B 。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211243282.9A CN115314205B (en) | 2022-10-11 | 2022-10-11 | Collaborative signature system and method based on key segmentation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211243282.9A CN115314205B (en) | 2022-10-11 | 2022-10-11 | Collaborative signature system and method based on key segmentation |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115314205A CN115314205A (en) | 2022-11-08 |
CN115314205B true CN115314205B (en) | 2023-01-03 |
Family
ID=83868189
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211243282.9A Active CN115314205B (en) | 2022-10-11 | 2022-10-11 | Collaborative signature system and method based on key segmentation |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115314205B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116827542B (en) * | 2023-08-29 | 2023-11-07 | 江苏省国信数字科技有限公司 | Digital certificate management method and system of intelligent device |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107196763A (en) * | 2017-07-06 | 2017-09-22 | 数安时代科技股份有限公司 | SM2 algorithms collaboration signature and decryption method, device and system |
CN109274503A (en) * | 2018-11-05 | 2019-01-25 | 北京仁信证科技有限公司 | Distributed collaboration endorsement method and distributed collaboration signature apparatus, soft shield system |
CN110224812A (en) * | 2019-06-12 | 2019-09-10 | 江苏慧世联网络科技有限公司 | A kind of method and equipment that the electronic signature mobile client calculated based on Secure is communicated with Collaboration Server |
CN111200502A (en) * | 2020-01-03 | 2020-05-26 | 信安神州科技(广州)有限公司 | Collaborative digital signature method and device |
CN112187469A (en) * | 2020-09-21 | 2021-01-05 | 浙江省数字安全证书管理有限公司 | SM2 multi-party collaborative digital signature method and system based on key factor |
CN112632630A (en) * | 2019-10-08 | 2021-04-09 | 航天信息股份有限公司 | SM 2-based collaborative signature calculation method and device |
CN113468580A (en) * | 2021-07-23 | 2021-10-01 | 建信金融科技有限责任公司 | Multi-party collaborative signature method and system |
CN113676333A (en) * | 2021-08-23 | 2021-11-19 | 西安邮电大学 | Method for generating SM2 blind signature through cooperation of two parties |
CN113849831A (en) * | 2021-08-27 | 2021-12-28 | 北京握奇数据股份有限公司 | Two-party collaborative signature and decryption method and system based on SM2 algorithm |
CN113872767A (en) * | 2021-08-19 | 2021-12-31 | 北京握奇数据股份有限公司 | Two-party collaborative signature method and device based on ECDSA algorithm |
CN114567448A (en) * | 2022-04-29 | 2022-05-31 | 华南师范大学 | Collaborative signature method and collaborative signature system |
CN115002759A (en) * | 2022-06-14 | 2022-09-02 | 北京电子科技学院 | Cloud collaborative signature system and method based on cryptographic algorithm |
-
2022
- 2022-10-11 CN CN202211243282.9A patent/CN115314205B/en active Active
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107196763A (en) * | 2017-07-06 | 2017-09-22 | 数安时代科技股份有限公司 | SM2 algorithms collaboration signature and decryption method, device and system |
CN109274503A (en) * | 2018-11-05 | 2019-01-25 | 北京仁信证科技有限公司 | Distributed collaboration endorsement method and distributed collaboration signature apparatus, soft shield system |
CN110224812A (en) * | 2019-06-12 | 2019-09-10 | 江苏慧世联网络科技有限公司 | A kind of method and equipment that the electronic signature mobile client calculated based on Secure is communicated with Collaboration Server |
CN112632630A (en) * | 2019-10-08 | 2021-04-09 | 航天信息股份有限公司 | SM 2-based collaborative signature calculation method and device |
CN111200502A (en) * | 2020-01-03 | 2020-05-26 | 信安神州科技(广州)有限公司 | Collaborative digital signature method and device |
CN112187469A (en) * | 2020-09-21 | 2021-01-05 | 浙江省数字安全证书管理有限公司 | SM2 multi-party collaborative digital signature method and system based on key factor |
CN113468580A (en) * | 2021-07-23 | 2021-10-01 | 建信金融科技有限责任公司 | Multi-party collaborative signature method and system |
CN113872767A (en) * | 2021-08-19 | 2021-12-31 | 北京握奇数据股份有限公司 | Two-party collaborative signature method and device based on ECDSA algorithm |
CN113676333A (en) * | 2021-08-23 | 2021-11-19 | 西安邮电大学 | Method for generating SM2 blind signature through cooperation of two parties |
CN113849831A (en) * | 2021-08-27 | 2021-12-28 | 北京握奇数据股份有限公司 | Two-party collaborative signature and decryption method and system based on SM2 algorithm |
CN114567448A (en) * | 2022-04-29 | 2022-05-31 | 华南师范大学 | Collaborative signature method and collaborative signature system |
CN115002759A (en) * | 2022-06-14 | 2022-09-02 | 北京电子科技学院 | Cloud collaborative signature system and method based on cryptographic algorithm |
Also Published As
Publication number | Publication date |
---|---|
CN115314205A (en) | 2022-11-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111639361B (en) | Block chain key management method, multi-person common signature method and electronic device | |
CN108989047B (en) | SM2 algorithm-based cooperative signature method and system for two communication parties | |
CN111314089B (en) | SM 2-based two-party collaborative signature method and decryption method | |
US8422670B2 (en) | Password authentication method | |
Lin et al. | A new strong-password authentication scheme using one-way hash functions | |
CN109412790A (en) | A kind of user authentication of internet of things oriented and key agreement system and method | |
CN113301022B (en) | Internet of things equipment identity security authentication method based on block chain and fog calculation | |
CN106936592B (en) | Three-party authentication key agreement method based on extended chaos algorithm | |
CN107483191A (en) | A kind of SM2 algorithm secret keys segmentation signature system and method | |
CN109272314B (en) | Secure communication method and system based on two-party collaborative signature calculation | |
CN113676333A (en) | Method for generating SM2 blind signature through cooperation of two parties | |
CN112436938B (en) | Digital signature generation method and device and server | |
CN112118113A (en) | Multi-party cooperative group signature method, device, system and medium based on SM2 algorithm | |
CN111447065A (en) | Active and safe SM2 digital signature two-party generation method | |
CN115314205B (en) | Collaborative signature system and method based on key segmentation | |
Ali et al. | RFID authentication scheme based on hyperelliptic curve signcryption | |
US9641333B2 (en) | Authentication methods, systems, devices, servers and computer program products, using a pairing-based cryptographic approach | |
CN115174104A (en) | Attribute-based online/offline signature method and system based on secret SM9 | |
CN116599659B (en) | Certificate-free identity authentication and key negotiation method and system | |
CN110266483B (en) | Quantum communication service station key negotiation method, system and device based on asymmetric key pool pair and QKD | |
Liu et al. | pKAS: A Secure Password‐Based Key Agreement Scheme for the Edge Cloud | |
CN111756537A (en) | Two-party cooperative decryption method, system and storage medium based on SM2 standard | |
CN114095229B (en) | Method, device and system for constructing data transmission protocol of energy internet | |
Zhang et al. | Blockchain Multi-signature Wallet System Based on QR Code Communication | |
CN114513316B (en) | Anonymous authentication method based on identity, server and user terminal equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |