CN115361120A - Method for realizing SM2 encryption and decryption information tampering prevention based on multiple random scrambling - Google Patents

Method for realizing SM2 encryption and decryption information tampering prevention based on multiple random scrambling Download PDF

Info

Publication number
CN115361120A
CN115361120A CN202210980877.6A CN202210980877A CN115361120A CN 115361120 A CN115361120 A CN 115361120A CN 202210980877 A CN202210980877 A CN 202210980877A CN 115361120 A CN115361120 A CN 115361120A
Authority
CN
China
Prior art keywords
point
random
encryption
calculating
scalar
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210980877.6A
Other languages
Chinese (zh)
Inventor
颜昕明
董文强
王亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Wise Security Technology Co Ltd
Original Assignee
Guangzhou Wise Security Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Wise Security Technology Co Ltd filed Critical Guangzhou Wise Security Technology Co Ltd
Priority to CN202210980877.6A priority Critical patent/CN115361120A/en
Publication of CN115361120A publication Critical patent/CN115361120A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a method for realizing SM2 encryption and decryption information tampering resistance based on multiple random scrambling, which adopts a scalar randomization mask method in all scalar multiplication processes, and specifically adopts the following steps: selecting an input scalar d 1 Scalar multiplication is carried out on the sum of the sum and an arbitrary point P on the curve to obtain [ d ] 1 ]P: firstly, whether the P point coordinate accords with an elliptic curve equation of an SM2 algorithm is verified, and then a true random number m is generated by a hardware physical true random number generation unit 1 Calculating and generating the random point M by using a Montgomery Ladder algorithm 1 =[m 1 ]P; through BRIP flow, with M 1 Computing Q for random points 1 =[t 1 ]P,t 1 =d 1 ‑m 1 Calculation of completion Q 1 After point coordinates, reuse point Q 1 Minus the random point M 1 The result is the point [ d ] 1 ]P=Q 1 ‑M 1 . The random mask processing method during s calculation in the signature process ensures that the whole encryption and decryption process can be prevented from being attacked by SPA, DPA, ZPA and high-order DPA, prevents information from being tampered, and improves the safety of data communication.

Description

Method for realizing SM2 encryption and decryption information tampering prevention based on multiple random scrambling
Technical Field
The invention relates to the technical field of data encryption and decryption, in particular to a method for preventing information tampering in SM2 encryption and decryption based on multiple random scrambling.
Background
The SM2 algorithm is an asymmetric encryption algorithm designed by the Chinese national password administration based on an elliptic curve, and comprises operation flows of key generation, encryption, decryption, signature verification and the like. In the operation process, the encryption and the signature verification are calculated only by using the public key, so that the problem of private key information leakage does not exist. But the key generation, decryption and signature are provided with a private key d A If the private key d is not protected in the process of participating in the operation, the private key d can be speculated by external attack means such as SPA, DPA, correlation analysis and the like A In turn, causes SM2 signature information to be tampered with, or causes encrypted data to be decrypted, causing information leakage.
The SM2 algorithm is one of elliptic curve algorithms, and the core of the SM2 algorithm is the implementation of point multiplication calculation. The point multiplication which is not designed for anti-attack generally uses binary expansion method, and the private key d A Directly participate in the operation, according to the private key d A Different bits, different algorithm flows, using side channel analysis, easy backward-deducing d A The value of (c). Once the private key d A Leakage, easy counterfeiting of signatures, tampering of encrypted data, and fatal security risks.
The risk points for key generation and decryption are both in the scalar multiplication process of the points. The risk point of the signature is in the process of scalar multiplication of the point and subsequent s calculation of the signature result. The point multiplication algorithm generally adopts the BRIP and Montgomery Ladder as the anti-attack algorithm. The BRIP realizes the averaging and randomization of the scalar multiplication process of the elliptic curve by using random points, has the capability of resisting attacks such as first-order DPA, ZPA, RPA and the like, but cannot resist the correlation analysis of second-order DPA. Montgomery Ladder can realize the power consumption balance in the process of elliptic curve scalar multiplication, has the function of resisting SPA, but cannot resist DPA.
Therefore, the present application provides a method for preventing information tampering by SM2 encryption and decryption based on multiple random scrambling, which can resist high-order DPA analysis attacks.
Disclosure of Invention
The invention aims to provide a method for preventing information tampering by SM2 encryption and decryption based on multiple random scrambling, so as to solve the problems in the prior art.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows:
a method for realizing SM2 encryption and decryption information tampering prevention based on multiple random scrambling adopts a dot multiplication process with a random mask code with a mark size in the process of encrypting and decrypting data by adopting an SM2 algorithm, and the dot multiplication process with the random mask code with the mark size comprises the following steps:
selecting an input scalar d 1 Scalar multiplication is carried out on the sum and any point P on the curve to obtain [ d 1 ]P: firstly, whether the P point coordinate accords with an elliptic curve equation of an SM2 algorithm or not is verified, and then a true random number m is generated by a hardware physical true random number generation unit 1 Calculating and generating the random point M by using a Montgomery Ladder algorithm 1 =[m 1 ]P; through BRIP process, with M 1 Computing Q for random points 1 =[t 1 ]P,t 1 =d 1 -m 1 Calculation of completion Q 1 After point coordinates, reuse point Q 1 Minus the random point M 1 The result is the point [ d ] 1 ]P=Q 1 -M 1
Preferably, the elliptic curve equation is adopted as follows:
the module value p is used for limiting the value range of the coordinates and parameters of the points on the elliptic curve; and a and b are parameters of the elliptic curve.
Preferably, the Montgomery Ladder algorithm is used to calculate and generate the random point M 1 =[m 1 ]P, specifically comprising:
inputting: coordinates P, u-bit integer
Figure BDA0003800383550000021
And m is 1(u-1) =1,
And (3) outputting: point coordinate M 1 =[m 1 ]P。
Preferably, by BRIP scheme with M 1 Computing Q for random points 1 =[t 1 ]P specifically comprises the following steps:
inputting: u bit integer
Figure BDA0003800383550000022
A point coordinate P;
and (3) outputting: point coordinate Q 1 =[t 1 ]P;
And (3) calculating flow:
1) Generating a random coordinate point R by using a Montgomery Ladder algorithm;
2) Calculating T0= R, T1= -R, T2= P-R;
3) J decreases from u-1 to 0 performs:
T0=[2]T0
if t 1 J-th bit =0
T0=T0+T1
Otherwise
T0=T0+T2
4) Output Q 1 =T0+T1。
Preferably, the key generation process includes the following steps:
generating a true random number k 1 Calculating P by adopting the dot multiplication process of the random mask with the mark 1 Point coordinates, P 1 =[k 1 ]G, determining the calculated P 1 Whether the point coordinate is valid or not, if so, obtaining a key pair (k) 1 ,P 1 ) And storing the key pair; otherwise, returning to regenerate the true random number k 1 Repeatedly calculate P 1 The coordinates of the points.
Preferably, the signature process in the SM2 encryption and decryption process specifically includes the following processes:
e is calculated according to the SM2 standard flow, and then a true random number k is generated 2 And k 3 Computing (x) using said dot product process with scalar random mask 1 ,y 1 )=[k 2 ]G, wherein G is an elliptic curve base point; judgment (x) 1 ,y 1 ) If the point coordinate is valid, if yes, calculating r = (e + x) again 1 ) mod n; judging r =0 or r + k 1 If n is satisfied, the error is exitedOutputting the signature process; if not, further calculating f = k 2 *d A (mod n),s=((k 3 +f)*(k 3 *k 2 -r f)) (mod n), again determining whether s is greater than or equal to 1 and less than n; if yes, the digital signature is determined to be (r, s), otherwise, the signature process is wrong, and the signature process is exited.
The invention has the beneficial effects that:
the invention provides a method for realizing SM2 encryption and decryption information tampering prevention based on multiple random scrambling, which adopts a scalar random mask method in all scalar multiplication processes and a random mask processing method in s calculation in a signature process, so that SPA, DPA, ZPA and high-order DPA attacks can be prevented in the whole encryption and decryption processes, and information tampering is prevented.
Drawings
FIG. 1 is a flow chart of dot product with scalar random mask used in example 1;
fig. 2 is a schematic diagram of a key generation flow employed in embodiment 1;
FIG. 3 is a schematic diagram of a signature flow provided in example 1;
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the invention, are intended for purposes of illustration only and are not intended to limit the scope of the invention.
Examples
The embodiment provides a method for preventing information tampering by SM2 encryption and decryption based on multiple random scrambling, which comprises the steps of generating a key, signing, verifying a signature, encrypting and finally decrypting, wherein a dot product process with a scalar random mask code is adopted, and the process specifically comprises the following steps:
selecting an input scalar d 1 Scalar multiplication is carried out on the sum and any point P on the curve to obtain [ d 1 ]P: firstly, whether the P point coordinate accords with an elliptic curve equation of an SM2 algorithm or not is verified, and then a hardware random number generating unit generates a true random number m 1 Computing the Generation random using the Montgomery Ladder algorithmMachine point M 1 =[m 1 ]P; through BRIP process, with M 1 Computing Q for random points 1 =[t 1 ]P,t 1 =d 1 -m 1 Calculation of completion Q 1 After point coordinates, reuse point Q 1 Minus the random point M 1 The result is the point [ d ] 1 ]P。
Based on the above special dot multiplication method, this embodiment provides a complete encryption and decryption process, and the specific process of each step is:
and (3) a key generation flow:
inputting: first, an effective Fq (q = p and p is a prime number greater than 3, or q = 2) is input m ) A set of upper elliptic curve system parameters. Expressed in terms of elliptic curve parameters (a, b, c, d, p).
And (3) outputting: a key pair (d) associated with elliptic curve system parameters 2 ;P)。
1) Generation of integer d by random number generator 2 ∈[1;n-2];
2) G is the base point, and the point P = (x) is calculated using the dot product flow with scalar random mask P ;y P )=[d 2 ]G;
3) The key pair is (d) 2 (ii) a P) in which d) 2 P is a private key and P is a public key.
Signature process:
assuming that a message to be signed is M, in order to obtain a digital signature (r, s) of the message M, a user a as a signer should implement the following operation steps:
a1: setting M = Z A ||M;
A2: calculating e = Hv (M), converting the data type of e into an integer;
a3: generating a random number k ∈ [1,n-1] by using a random number generator;
a4: computing elliptic curve points (x) using a point multiplication procedure with scalar random masks 1 ,y 1 )=[k]G, mixing x 1 ,y 1 Converts the data type of (a) to an integer;
a5: calculation of r = (e + x) 1 ) modn, return A3 if r =0 or r + k = n;
a6: calculation f = k 3 *d A (mod n),s=((k 3 +f)*(k 3 *k 2 -r f)) (mod n), return to A3 if s =0, otherwise go to step A7;
a7: and converting the data types of r and s into byte strings according to the byte conversion technical content recorded in the SM2 algorithm specification to obtain the signature (r, s) of the message M.
And (3) signature verification process:
in order to verify the received message M ' and its digital signature (r ', s '), the user B as verifier should implement the following operational steps:
b1: checking whether r 'is an E [1,n-1] is established or not, and if not, verifying that the R' is not passed;
b2: checking whether s 'is an E [1,n-1] or not, and if not, verifying that the S' is not passed;
b3: setting M' = Z A ||M';
B4: calculating e ' = Hv (M '), and converting the data type of e ' into an integer;
b5: converting the data type of r 'and s' into an integer, calculating t = (r '+ s') mod n, and if t =0, then the verification is not passed;
b6: computing elliptic curve points (x) using a point multiplication procedure with scalar random masks 1 ';y 1 ')=[s′]G+[t]P A
B7: x is to be 1 'the data type is converted into an integer, and R = (e' + x) is calculated 1 ') mod n, checking whether R = R' is true, and if true, verifying to pass; otherwise, the verification is not passed.
And (3) encryption flow:
setting the message to be transmitted as bit string M, k len Is a bit length of M.
In order to encrypt the plaintext M, the user a as the encryptor should implement the following operation steps:
a1: generating a random number k ∈ [1,n-1] by using a random number generator;
a2: calculating an elliptic curve point C 1 =[k]G=(x 1 ,y 1 ) Mixing C with 1 Converting the data type of (a) into a bit string;
a3: calculate the ellipseCircle curve point S = [ h ]]P B If S is an infinite point, an error is reported and quit is carried out;
a4: calculate the elliptic Curve Point [ k ]]P B =(x 2 ,y 2 ) Will coordinate x 2 、y 2 Converting the data type of (a) into a bit string;
a5: calculation of t = KDF (x) 2 ||y 2 Klen), if t is a full 0 bit string, returning to A1;
a6: computing
Figure BDA0003800383550000051
A7: calculating C 3 =Hash(x 2 ||M||y 2 );
A8: output ciphertext C = C 1 ||C 3 ||C 2
And (3) decryption process:
let k len As C in the ciphertext 2 The bit length of (c).
To cipher text C = C 1 ||C 3 ||C 2 The user B who is the decryptor should implement the following operation steps:
b1: extracting a bit string C from C 1 Mixing C with 1 Is converted into a point on the elliptic curve, verification C 1 Whether the elliptic curve equation is satisfied or not, if not, an error is reported and the operation is exited;
b2: calculating elliptic curve point S = [ h ]]C 1 If S is an infinite point, an error is reported and quit is performed;
b3: using a dot product flow with scalar random mask, calculate [ d B ]C 1 =(x 2 ,y 2 ) Will coordinate x 2 、y 2 Converting the data type of (a) into a bit string;
b4: calculation of t = KDF (x) 2 ||y 2 ,k len ) If t is all 0 bit string, reporting error and exiting;
b5: taking out the bit string C from C 2 Calculating
Figure BDA0003800383550000061
B6: calculate u = Hash (x) 2 ||M'||y 2 ) Taking out the bit string C from C 3 If u ≠ C 3 If so, reporting an error and exiting;
b7: the plaintext M' is output.
By adopting the technical scheme disclosed by the invention, the following beneficial effects are obtained:
the invention provides a method for realizing SM2 encryption and decryption information tampering prevention based on multiple random scrambling, which adopts a scalar random mask method in all scalar multiplication processes and a random mask processing method in s calculation in a signature process, so that SPA, DPA, ZPA and high-order DPA attacks can be prevented in the whole encryption and decryption processes, and information tampering is prevented.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and improvements can be made without departing from the principle of the present invention, and such modifications and improvements should also be considered within the scope of the present invention.

Claims (6)

1. A method for realizing SM2 encryption and decryption information tampering prevention based on multiple random scrambling is characterized in that in the process of encrypting and decrypting data by adopting an SM2 algorithm, a dot multiplication process with a random mask with a mark is adopted, and the dot multiplication process with the random mask with the mark comprises the following steps:
selecting an input scalar d 1 Scalar multiplication is carried out on the sum and any point P on the curve to obtain [ d 1 ]P: firstly, whether the P point coordinate accords with an elliptic curve equation of an SM2 algorithm is verified, and then a hardware physical true random number generating unit generates a true random number m 1 Calculating and generating the random point M by using a Montgomery Ladder algorithm 1 =[m 1 ]P; through BRIP flow, with M 1 Computing Q for random points 1 =[t 1 ]P,t 1 =d 1 -m 1 Calculating completion Q 1 After point coordinates, reuse point Q 1 Subtracting random point M 1 The result is the point [ d ] 1 ]P=Q 1 -M 1
2. The method for realizing SM2 encryption and decryption information tampering prevention based on multiple random scrambling according to claim 1, wherein the adopted elliptic curve equation is as follows: y is 2 =x 3 +ax+b(mod p)
The module value p limits the value range of the coordinates and parameters of the points on the elliptic curve; and a and b are parameters of the elliptic curve.
3. The method for achieving SM2 encryption and decryption information tampering resistance based on multiple random scrambling as claimed in claim 1, wherein the Montgomery Ladder algorithm is used to calculate and generate the random point M 1 =[m 1 ]P specifically comprises the following steps:
inputting: coordinates P, u-bit integer
Figure FDA0003800383540000011
m 1(j) E.g., {0,1}, and m 1(u-1) =1,
And (3) outputting: point coordinate M 1 =[m 1 ]P。
4. The method for achieving SM2 encryption and decryption information tampering resistance based on multiple random scrambling as claimed in claim 1, wherein M is used as M through BRIP process 1 Computing Q for random points 1 =[t 1 ]P specifically comprises the following steps:
inputting: u bit integer
Figure FDA0003800383540000012
t 1(j) Belongs to {0,1}, and a point coordinate P;
and (3) outputting: point coordinate Q 1 =[t 1 ]P;
And (3) calculating flow:
1) Generating a random coordinate point R by using a Montgomery Ladder algorithm;
2) Calculating T0= R, T1= -R, T2= P-R;
3) And j decreases from u-1 to 0 performs:
T0=[2]T0
if t 1 J bit =0 then
T0=T0+T1
Otherwise
T0=T0+T2
4) Output Q 1 =T0+T1。
5. The method for realizing SM2 encryption and decryption information tampering prevention based on multiple random scrambling as claimed in claim 1, wherein the key generation process comprises the following steps:
generating true random numbers k 1 Calculating P by adopting the dot multiplication process of the random mask with the mark 1 Point coordinates, P 1 =[k 1 ]G, determining the calculated P 1 Whether the point coordinate is valid or not, if so, obtaining a key pair (k) 1 ,P 1 ) And storing the key pair; otherwise, returning to regenerate the true random number k 1 Repeatedly calculate P 1 Point coordinates.
6. The method for achieving SM2 encryption and decryption information tampering prevention based on multiple random scrambling as claimed in claim 1, wherein the signature process in the SM2 encryption and decryption process specifically comprises the following processes:
e is calculated according to the SM2 standard flow, and then a true random number k is generated 2 And k 3 Computing (x) using said dot product process with scalar random mask 1 ,y 1 )=[k 2 ]G, wherein G is an elliptic curve base point; judgment (x) 1 ,y 1 ) If the point coordinate is valid, if yes, calculating r = (e + x) again 1 ) mod n; judging r =0 or r + k 1 If yes, the signature process is wrongly exited; if not, further calculating f = k 2 *d A (mod n),s=((k 3 +f)*(k 3 *k 2 -r f)) (mod n), again determining whether s is greater than or equal to 1 and less than n; if yes, the digital signature is determined to be (r, s), otherwise, the signature process is wrong, and the signature process is exited.
CN202210980877.6A 2022-08-16 2022-08-16 Method for realizing SM2 encryption and decryption information tampering prevention based on multiple random scrambling Pending CN115361120A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210980877.6A CN115361120A (en) 2022-08-16 2022-08-16 Method for realizing SM2 encryption and decryption information tampering prevention based on multiple random scrambling

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210980877.6A CN115361120A (en) 2022-08-16 2022-08-16 Method for realizing SM2 encryption and decryption information tampering prevention based on multiple random scrambling

Publications (1)

Publication Number Publication Date
CN115361120A true CN115361120A (en) 2022-11-18

Family

ID=84001292

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210980877.6A Pending CN115361120A (en) 2022-08-16 2022-08-16 Method for realizing SM2 encryption and decryption information tampering prevention based on multiple random scrambling

Country Status (1)

Country Link
CN (1) CN115361120A (en)

Similar Documents

Publication Publication Date Title
CN107147484B (en) Floating point number fully homomorphic encryption method facing privacy protection
CN110933045A (en) Block chain digital asset privacy protection method based on commitment
CN107733648B (en) Identity-based RSA digital signature generation method and system
CN111314089B (en) SM 2-based two-party collaborative signature method and decryption method
CN103414569B (en) A kind of method of the public key cryptography setting up attack resistance
US6298153B1 (en) Digital signature method and information communication system and apparatus using such method
CN114157427B (en) SM2 digital signature-based threshold signature method
CN110958219B (en) SM2 proxy re-encryption method and device for medical cloud shared data
CN107395368B (en) Digital signature method, decapsulation method and decryption method in media-free environment
CN107911209B (en) Method for establishing security public key password for resisting quantum computing attack
CN107124274A (en) Digital signature method and device based on SM2
CN112422288B (en) SM2 algorithm-based two-party collaborative signature method for resisting energy analysis attack
CN113779645B (en) Quantum digital signature and quantum digital signature encryption method
CN109951276B (en) Embedded equipment remote identity authentication method based on TPM
CN114095181B (en) Threshold ring signature method and system based on cryptographic algorithm
US20040086113A1 (en) Methods for point compression for jacobians of hyperelliptic curves
CN111030801A (en) Multi-party distributed SM9 key generation and ciphertext decryption method and medium
CN111355582A (en) Two-party combined signature and decryption method and system based on SM2 algorithm
CN110855425A (en) Lightweight multiparty cooperative SM9 key generation and ciphertext decryption method and medium
CN114666032A (en) Block chain transaction data privacy protection method based on homomorphic encryption
CN113132104A (en) Active and safe ECDSA (electronic signature SA) digital signature two-party generation method
CN109064170B (en) Group signature method without trusted center
CN115865313A (en) Lightweight privacy protection longitudinal federal learning model parameter aggregation method
CN112511310B (en) Confusion method for encrypted identity blind signature
CN115361120A (en) Method for realizing SM2 encryption and decryption information tampering prevention based on multiple random scrambling

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination