CN115589296A - Certificate signature scheme based on SM9 signature algorithm - Google Patents

Certificate signature scheme based on SM9 signature algorithm Download PDF

Info

Publication number
CN115589296A
CN115589296A CN202211203626.3A CN202211203626A CN115589296A CN 115589296 A CN115589296 A CN 115589296A CN 202211203626 A CN202211203626 A CN 202211203626A CN 115589296 A CN115589296 A CN 115589296A
Authority
CN
China
Prior art keywords
certificate
signer
signature
algorithm
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211203626.3A
Other languages
Chinese (zh)
Inventor
安浩杨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Qianfang Technology Co ltd
Wuhan University WHU
Original Assignee
Shanghai Qianfang Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Qianfang Technology Co ltd filed Critical Shanghai Qianfang Technology Co ltd
Priority to CN202211203626.3A priority Critical patent/CN115589296A/en
Publication of CN115589296A publication Critical patent/CN115589296A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention is suitable for the technical field of information security, and provides a certificate signing scheme based on an SM9 signing algorithm, wherein the method comprises the following steps: step S100, initializing and calculating a system, wherein a certificate issuing organization generates a random number as a private key and calculates a public key, then randomly selecting a signer private key, and calculating the public key to produce a signer private key pair; step S200, authorizing the certificate, providing identity information to a certificate issuing structure by the signer, verifying the identity information by the certificate issuing structure according to the information and the key information, calculating and generating the certificate after the information passes, and feeding the certificate back to the signer; step S300, signature calculation and the like. The signature structure based on the SM9 cryptographic algorithm combines the advantages of the traditional public key cryptography and the encryption technology based on the identity, and solves the problems of complex certificate management and key escrow. The scheme can resist attack of Type 1 and Type 2 enemies at the same time.

Description

Certificate signature scheme based on SM9 signature algorithm
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a certificate signing scheme based on an SM9 signing algorithm.
Background
With the continuous deepening of information network technology in the fields of finance, government affairs, communication and the like, digital signatures are increasingly required to meet the continuously new application scenarios and requirements as important tools for realizing digital authentication. The digital signature has the characteristics of identity validity authentication, repudiation resistance, forgery prevention and the like, so that the digital signature is generally applied to the scenes of network communication, electronic commerce, electronic government affairs and the like at present. Traditional digital signature technology requires a set of public key infrastructure and cumbersome certificate management, and although identity-based cryptosystems get rid of these disadvantages, security problems still exist due to key escrow.
The signature process based on certificate signing requires the signer private key and his certificate, while the verification requires only the signer public key. A conventional public key infrastructure, having to send its certificate to the verifier at the same time as the signature, rather than just sending the signature, would require more bandwidth for signature transmission. Whereas a credential is used to generate a signature based on a credential signature without having to send the credential at the same time as the signature, a verifier can ensure that the credential exists by verifying the validity of the signature.
The SM9 algorithm is an identification cipher algorithm based on elliptic curve bilinear pairings, is issued by the national cipher administration in 2016 (3, 28) months and by the standard table number GM/T0044-2016 SM9 identification cipher algorithm), meets the application requirements of an electronic authentication service system and the like, and fills the blank of a domestic identification cipher system. It mainly comprises three parts: digital signature algorithm, public key encryption algorithm and key exchange protocol. Here we use the parameters and criteria of the digital signature algorithm.
In summary, the patent designs a certificate signing scheme based on the SM9 signing algorithm.
Disclosure of Invention
The embodiment of the invention provides a certificate signing scheme based on an SM9 signature algorithm, aiming at solving the problems that a set of public key infrastructure and complicated certificate management are needed in the traditional digital signature technology, and although an identity-based cryptosystem gets rid of the defects, the safety problem still exists due to the key escrow.
The embodiment of the invention is realized in such a way that a certificate signing scheme based on SM9 signature algorithm comprises the following steps:
step S100, initializing and calculating a system, wherein a certificate issuing organization generates a random number as a private key and calculates a public key, then randomly selecting a signer private key, and calculating the public key to produce a signer private key pair;
step S200, authorizing the certificate, providing identity information to a certificate issuing structure by the signer, verifying the identity information by the certificate issuing structure according to the information and the key information, calculating and generating the certificate after the information passes, and feeding the certificate back to the signer;
step S300, signature calculation, wherein a signer inputs a message to be signed, performs signature calculation and outputs a signature value;
and step S400, verifying and calculating, namely verifying and calculating the signature value output in the step S and judging the correctness of the signature value.
As a preferred implementation scheme of the invention, the parameter selection of the method is consistent with the standard parameter of the SM9 signature algorithm, and the specific symbols are described as follows:
q: a large prime number;
Figure BDA0003872631260000021
a set of integers consisting of 1,2, …, q-1;
Figure BDA0003872631260000022
a group of addition cycles of order q;
Figure BDA0003872631260000023
a multiplication cyclic group of order q;
P 1 ,P 2 : are respectively a group
Figure BDA0003872631260000024
And
Figure BDA0003872631260000025
a generator of (2);
g u : multiplicative group
Figure BDA0003872631260000026
The u-th power of the middle element g;
[k] p is a k times point of a point P on the elliptic curve, and k is a positive integer;
e: from
Figure BDA0003872631260000031
To G T Bilinear pairwise mapping;
H 1 (·),H 2 (. O): the cryptographic functions derived from the cryptographic hash function are all
Figure BDA0003872631260000032
A: a signer A;
CA: a certificate authority;
d: a system master private key held secretly by the CA;
P pub1 ,P pub2 : the system master public key disclosed by CA has the calculation formula of P pub1 =[d]P 1 ,P pub2 =[d]P 2
The AliceInfo: personal information of signer a;
ID: a signer identity;
(SK A ,PK A ): a public and private key pair of signer A;
Cert A : signer a's certificate
S A : a private key of signer A based on a certificate system;
m: a message to be signed;
σ = (h, S): a signature value;
mod q: performing modulo-q operation; for example, 23mod 7 ≡ 2;
x | | y: the concatenation of x and y, where x, y may be a string of bits or a string of bytes.
As a preferred embodiment of the present invention, in step S100, a system is initialized and calculated, a certificate authority generates a random number as a private key, and calculates a public key, and then randomly selects a signer private key, and performs a public key calculation to produce a signer private key pair, which includes the following detailed steps: wherein a denotes a signer and CA denotes a certificate authority;
a) Certificate authority generating random numbers
Figure BDA0003872631260000033
As a private key and computing a public key P pub1
[d]P 1 ,P pub2 =[d]P 2
b) Signer A random selection
Figure BDA0003872631260000041
As private key, the public key PK is calculated A =[s A ]P 2 Generating own public and private key pair (SK) A ,PK A )。
As a preferred embodiment of the present invention, in step S200, the certificate is authorized, the signer provides identity information to the certificate issuing structure, and the certificate issuing structure verifies the identity information according to the information and the key information, and calculates and generates a certificate to be fed back to the signer after the information passes through the detailed steps as follows:
a) Signer a provides information to CA
b) CA authentication information
c) If the verification is passed, CA calculates t = H 1 (P pub1 ,P pub2 ,PK A ,ID A )
d) CA generates certificate Cert A =[d(t+d) -1 ]P1, and sending to A.
As a preferred embodiment of the invention, the information provided by the signer A comprises his public key PK A And any necessary additional identity information.
As a preferred embodiment of the present invention, in step S300, the detailed steps of signature calculation, entering a message to be signed by a signer, performing signature calculation, and outputting a signature value are as follows:
a) Certificate system-based private key for computing signer
Figure BDA0003872631260000042
b) Computing
Figure BDA0003872631260000043
Element g in (1) 1 =e(P 1 ,P pub2 )
c) Random selection
Figure BDA0003872631260000044
And calculate
Figure BDA0003872631260000045
h=H2(m||w),
Figure BDA0003872631260000046
d) Calculation of S = [ l =]S A
e) Signature σ = (h, S) of output message m.
In a preferred embodiment of the present invention, in the step S400, the verification calculation is performed, and an algorithm for performing the verification calculation on the signature value output in the above step and determining the correctness of the signature value is as follows:
a) Computing
Figure BDA0003872631260000047
Element g in (1) 2 =e(P pub1 ,PK A )
b) Calculation of t = H 1 (P pub1 ,P pub2 ,PK A ,ID A )
c) Calculate u = e (S, [ t ]]P 2 +P pub2 )
d) Computing
Figure BDA0003872631260000051
e) H = H is judged 2 Whether (m | | w) is true or not, if yes, the sigma is a legal signature; otherwise, the signature is invalid.
As a preferred embodiment of the present invention, the correctness verification algorithm in step S400 is as follows:
Figure BDA0003872631260000052
Figure BDA0003872631260000053
Figure BDA0003872631260000054
a certificate signing scheme based on the SM9 signing algorithm, comprising:
an initialization unit for performing system initialization calculations;
a certificate authorization unit to perform a certificate authorization calculation;
a signature calculation unit for calculating a signature value;
a verification calculation unit for completing a verification algorithm.
As a preferred embodiment of the present invention, the parameter selection in the present system is consistent with the standard parameter of the SM9 signature algorithm.
The invention has the beneficial effects that: the scheme is based on a signature structure of a state cryptographic algorithm SM9, combines the advantages of the traditional public key cryptography and the encryption technology based on identity, and solves the problems of complex certificate management and key escrow. The scheme can resist attack of Type 1 and Type 2 enemies at the same time.
Drawings
FIG. 1 is a diagram of the method steps of a certificate signing scheme based on the SM9 signing algorithm of the present invention;
fig. 2 is a schematic diagram of a certificate signing scheme based on the SM9 signing algorithm according to the present invention;
fig. 3 is a block diagram of a certificate signing scheme based on the SM9 signing algorithm according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The invention solves the problem that the existing SM 9-based certificate signature can not resist the attack of a Type 2 enemy, combines the advantages of the traditional public key cryptography and the identity-based encryption technology, and simultaneously solves the problems of complex certificate management and key escrow.
The embodiment of the invention is realized as follows, and the certificate signing scheme based on the SM9 signing algorithm comprises the following steps:
step S100, initializing and calculating a system, wherein a certificate issuing organization generates a random number as a private key and calculates a public key, then randomly selecting a signer private key, and calculating the public key to produce a signer private key pair;
step S200, authorizing the certificate, providing identity information to a certificate issuing structure by the signer, verifying the identity information by the certificate issuing structure according to the information and the key information, calculating and generating the certificate after the information passes, and feeding the certificate back to the signer;
step S300, signature calculation, wherein a signer inputs a message to be signed, performs signature calculation and outputs a signature value;
and step S400, verifying and calculating, namely verifying and calculating the signature value output in the step S and judging the correctness of the signature value.
Further, the parameter selection of the method is consistent with the standard parameter of the SM9 signature algorithm, and the specific symbols are described as follows:
q: a large prime number;
Figure BDA0003872631260000071
a set of integers consisting of 1,2,,, q-1;
Figure BDA0003872631260000072
a group of addition cycles of order q;
Figure BDA0003872631260000073
a multiplication loop group of order q;
P 1 ,P 2 : are respectively a group
Figure BDA0003872631260000074
And
Figure BDA0003872631260000075
a generator of (2);
g u : multiplicative group
Figure BDA0003872631260000076
The u-th power of the middle element g;
[k] p: k times the point P on the elliptic curve, k being a positive integer;
e: from
Figure BDA0003872631260000077
To G T Bilinear pairwise mapping;
H 1 (·),H 2 (. O): the cryptographic functions derived from the cryptographic hash function are all
Figure BDA0003872631260000078
A: a signer A;
CA: a certificate authority;
d: a system master private key held secretly by the CA;
P pub1 ,P pub2 : the system master public key disclosed by CA has the calculation formula of P pub1 =[d]P 1 ,P pub2 =[d]P 2
The AliceInfo: personal information of signer a;
ID: a signer identity;
(SK A ,PK A ): a public and private key pair of signer A;
Cert A : signer a's certificate
S A : a private key of signer A based on a certificate system;
m: a message to be signed;
σ = (h, S): a signature value;
mod q: performing modulo-q operation; for example, 23mod 7 ≡ 2;
x | | y: the concatenation of x and y, where x, y may be a string of bits or a string of bytes.
Further, in step S100, the system initializes calculation, the certificate authority generates a random number as a private key, calculates a public key, then randomly selects a signer private key, and performs public key calculation to produce a signer private key pair, which includes the following detailed steps: wherein a denotes a signer and CA denotes a certificate authority;
a) Certificate authority generating random numbers
Figure BDA0003872631260000081
As a private key and computing a public key P pub1
[d]P 1 ,P pub2 =[d]P 2
b) Signer A random selection
Figure BDA0003872631260000082
As private key, the public key PK is calculated A =[s A ]P2, generating own public and private key pair (SK) A ,PK A )。
Further, in step S200, the certificate is authorized, the signer provides identity information to the certificate issuing structure, the certificate issuing structure verifies the identity information according to the information and the key information, and after the information passes through the certificate, the certificate is calculated and generated to be fed back to the signer, and the detailed steps of:
a) Signer a provides information to CA
b) CA authentication information
c) If the verification is passed, CA calculates t = H 1 (P pub1 ,P pub2 ,PK A ,ID A )
d) CA generates certificate Cert A =[d(t+d) -1 ]P 1 And sent to a.
Further, the information provided by the signer A includes his public key PK A And any necessary additional identity information.
Further, in step S300, the detailed steps of signature calculation, wherein the signer inputs the message to be signed, performs signature calculation, and outputs a signature value are as follows:
a) Certificate system-based private key for computing signer
Figure BDA0003872631260000091
b) Computing
Figure BDA0003872631260000092
Element g in (1) 1 =e(P 1 ,P pub2 )
c) Random selection
Figure BDA0003872631260000093
And calculate
Figure BDA0003872631260000094
h=H 2 (m||w),
Figure BDA0003872631260000095
d) Calculation S = [ l =]S A
e) Signature σ = (h, S) of output message m.
Further, in the step S400, the verification calculation is performed to verify the signature value output in the above step, and the algorithm for determining the correctness is as follows:
a) Calculating out
Figure BDA0003872631260000096
Element g in (1) 2 =e(P pub1 ,PK A )
b) Calculation of t = H 1 (P pub1 ,P pub2 ,PK A ,ID A )
c) Calculate u = e (S, [ t ]]P 2 +P pub2 )
d) Computing
Figure BDA0003872631260000097
e) H = H is judged 2 Whether the (m | | w) is true or not, if true, the sigma is a legal signature; otherwise, the reverse is carried outThe signature is invalid.
Further, the correctness verification algorithm in step S400 is as follows:
Figure BDA0003872631260000098
Figure BDA0003872631260000101
Figure BDA0003872631260000102
Figure BDA0003872631260000103
a certificate signing scheme based on the SM9 signature algorithm, comprising:
an initialization unit for performing system initialization calculations;
a certificate authority unit for performing certificate authority calculations;
a signature calculation unit for calculating a signature value;
a verification calculation unit for completing a verification algorithm.
Further, the parameter selection in the system is consistent with the standard parameter of the SM9 signature algorithm.
Example one
Referring to fig. 1 to 3, the present invention proposes a certificate signing scheme based on SM9 signing algorithm, and a detailed description is given below.
The specific scheme flow is as follows: the specific scheme flow is as follows: a denotes a user and CA denotes a certificate authority.
1) Initialization
a) Certificate authority generating random numbers
Figure BDA0003872631260000111
As a private key and computing a public key P pub1
[d]P 1 ,P pub2 =[d]P 2
b) User A random selection
Figure BDA0003872631260000112
As private key, the public key PK is calculated A =[s A ]P 2 Generates own public and private key pair (SK) A ,PK A )。
2) Certificate authorization
a) UserA provides information, aliceinfo, to CA, including his public key PK A And any necessary additional identity information such as her name.
b) The CA verifies the information.
c) If the verification is passed, CA calculates t = H 1 (P pub1 ,P pub2 ,PK A ,ID A ),
d) CA generates certificate Cert A =[d(t+d) -1 ]P 1 And sent to a.
3) Signature
a) User computing own private key based on certificate system
Figure BDA0003872631260000113
b) Computing
Figure BDA0003872631260000114
Element g in (1) 1 =e(P 1 ,P pub2 )。
c) Random selection
Figure BDA0003872631260000115
And calculate
Figure BDA0003872631260000116
h=H 2 (m||w),
Figure BDA0003872631260000117
d) Calculation S = [ l =]S A
e) Signature σ = (h, S) of output message m.
4) Authentication
a) Computing
Figure BDA0003872631260000118
Element g in (1) 2 =e(P pub1 ,PK A )。
b) Calculation of t = H 1 (P pub1 ,P pub2 ,PK A ,ID A )。
c) Calculate u = e (S, [ t ]]P 2 +P pub2 )
d) Computing
Figure BDA0003872631260000119
e) H = H is judged 2 Whether (m | | w) is true or not, if yes, the sigma is a legal signature; otherwise, the signature is invalid.
Correctness:
Figure BDA0003872631260000121
Figure BDA0003872631260000122
Figure BDA0003872631260000123
example two
Referring to fig. 3, the present invention further provides a certificate signing scheme based on SM9 signature algorithm, when in use, first, the initialization unit performs system initialization calculation; then the certificate authorization unit executes certificate authorization calculation; the signature calculation unit calculates a signature value; the verification calculation unit performs verification algorithm to verify the verification algorithm.
Further, the parameter selection in the system is consistent with the standard parameter of the SM9 signature algorithm.
In summary, the signature structure based on SM9 of the present invention combines the advantages of the conventional public key cryptography and the identity-based encryption technology, and solves the problems of complicated certificate management and key escrow. Compared with the existing research results, the scheme has lower communication cost and is suitable for environments with limited computing capacity or expensive communication bandwidth.
It should be understood that, although the steps in the flowcharts of the embodiments of the present invention are shown in sequence as indicated by the arrows, the steps are not necessarily executed in sequence as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a portion of the steps in various embodiments may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is specific and detailed, but not to be understood as limiting the scope of the present invention. It should be noted that various changes and modifications can be made by those skilled in the art without departing from the spirit of the invention, and these changes and modifications are all within the scope of the invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (10)

1. A certificate signing scheme based on SM9 signature algorithm is characterized by comprising the following steps:
step S100, initializing and calculating a system, wherein a certificate issuing organization generates a random number as a private key and calculates a public key, then randomly selecting a signer private key, and calculating the public key to produce a signer private key pair;
step S200, authorizing the certificate, providing identity information to a certificate issuing structure by the signer, verifying the identity information by the certificate issuing structure according to the information and the key information, calculating and generating the certificate after the information passes, and feeding the certificate back to the signer;
step S300, signature calculation, wherein a signer inputs a message to be signed, performs signature calculation and outputs a signature value;
and step S400, verifying and calculating, namely verifying and calculating the signature value output in the step S and judging the correctness of the signature value.
2. The certificate signing scheme based on the SM9 signing algorithm as claimed in claim 1, wherein the method parameter selection is consistent with the standard parameter of the SM9 signing algorithm, and the specific symbols are described as follows:
q: a large prime number;
Figure FDA0003872631250000011
a set of integers consisting of 1,2, …, q-1;
Figure FDA0003872631250000012
an addition cyclic group of order q;
Figure FDA0003872631250000013
a multiplication loop group of order q;
P 1 ,P 2 : are respectively a group
Figure FDA0003872631250000014
And
Figure FDA0003872631250000015
a generator of (2);
g u : multiplicative group
Figure FDA0003872631250000016
The u-th power of the middle element g;
[k] p is a k-time point of a point P on the elliptic curve, and k is a positive integer;
e: from
Figure FDA0003872631250000017
To G T Bilinear pairwise mapping;
H 1 (·),H 2 (. O): the cryptographic functions derived from the cryptographic hash function are all
Figure FDA0003872631250000018
A: a signer A;
CA: a certificate authority;
d: a system master private key held by the CA secret;
P pub1 ,P pub2 : the system master public key disclosed by CA has the calculation formula of P pub1 =[d]P 1 ,P pub2 =[d]P 2
The AliceInfo: personal information of signer a;
ID: a signer identity;
(SK A ,PK A ): a public and private key pair of signer A;
Cert A : signer a's certificate
S A : certificate-based privacy for signer aA key;
m: a message to be signed;
σ = (h, S): a signature value;
mod q: performing modulo-q operation; for example, 23mod 7 ≡ 2;
x | | y: the concatenation of x and y, where x, y may be a string of bits or a string of bytes.
3. The SM9 signature algorithm-based certificate signature scheme as claimed in claim 2 wherein in step S100, the system initiates calculation, the certificate authority generates a random number as a private key and calculates a public key, then randomly selects a signer private key, and performs public key calculation to generate a signer private key pair, the detailed steps are as follows: wherein a denotes a signer and CA denotes a certificate authority;
a) Certificate authority generating random numbers
Figure FDA0003872631250000021
As a private key and computing a public key P pub1 =[d]P 1 ,P pub2 =[d]P 2
b) Signer A random selection
Figure FDA0003872631250000022
As private key, the public key PK is calculated A =[s A ]P 2 Generates own public and private key pair (SK) A ,PK A )。
4. The certificate signing scheme according to claim 3, wherein in step S200, the certificate is authorized, the signer provides identity information to the certificate issuing organization, and the certificate issuing organization verifies the identity information and the key information according to the information, and calculates and generates a certificate to feed back to the signer after the information passes through the detailed steps as follows:
a) Signer a provides information to CA
b) CA authentication information
c) If the verification is passed, CA calculates t = H 1 (P pub1 ,P pub2 ,PK A ,ID A )
d) CA generates certificate Cert A =[d(t+d) -1 ]P 1 And sent to a.
5. The certificate signing scheme based on SM9 signing algorithm as claimed in claim 4, characterized in that the information that signer a provides includes his public key PK A And any necessary additional identity information.
6. The certificate signing scheme based on SM9 signing algorithm as claimed in claim 5, wherein the step S300, signature calculation, the detailed steps of the signer inputting the message to be signed, performing signature calculation and outputting the signature value are as follows:
a) Certificate system-based private key for computing signer
Figure FDA0003872631250000031
b) Computing
Figure FDA0003872631250000032
Element g in (1) 1 =e(P 1 ,P pub2 )
c) Random selection
Figure FDA0003872631250000033
And calculate
Figure FDA0003872631250000034
d) Calculation of S = [ l =]S A
e) Signature σ = (h, S) of output message m.
7. The certificate signing scheme based on SM9 signing algorithm as claimed in claim 6, wherein the step S400, verification calculation, performs verification calculation on the signature value output from the above step, and the algorithm for judging its correctness is as follows:
a) Computing
Figure FDA0003872631250000035
Element g in (1) 2 =e(P pub1 ,PK A )
b) Calculation of t = H 1 (P pub1 ,P pub2 ,PK A ,ID A )
c) Calculate u = e (S, [ t ]]P 2 +P pub2 )
d) Computing
Figure FDA0003872631250000036
e) H = H is judged 2 Whether (m | | w) is true or not, if yes, the sigma is a legal signature; otherwise, the signature is invalid.
8. The certificate signing scheme based on SM9 signing algorithm as claimed in claim 6, wherein the correctness verification algorithm in step S400 is as follows:
Figure FDA0003872631250000041
Figure FDA0003872631250000042
Figure FDA0003872631250000043
9. the certificate signing scheme based on SM9 signing algorithm as claimed in claim 9, further comprising:
an initialization unit for performing system initialization calculations;
a certificate authority unit for performing certificate authority calculations;
a signature calculation unit for calculating a signature value;
a verification calculation unit for completing a verification algorithm.
10. The SM9 signature algorithm-based certificate signing scheme of claim 9, wherein the parameters in the system are chosen to be consistent with the SM9 signature algorithm standard parameters.
CN202211203626.3A 2022-09-29 2022-09-29 Certificate signature scheme based on SM9 signature algorithm Pending CN115589296A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211203626.3A CN115589296A (en) 2022-09-29 2022-09-29 Certificate signature scheme based on SM9 signature algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211203626.3A CN115589296A (en) 2022-09-29 2022-09-29 Certificate signature scheme based on SM9 signature algorithm

Publications (1)

Publication Number Publication Date
CN115589296A true CN115589296A (en) 2023-01-10

Family

ID=84772732

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211203626.3A Pending CN115589296A (en) 2022-09-29 2022-09-29 Certificate signature scheme based on SM9 signature algorithm

Country Status (1)

Country Link
CN (1) CN115589296A (en)

Similar Documents

Publication Publication Date Title
CN108989050B (en) Certificateless digital signature method
US8245047B2 (en) Group signature scheme with improved efficiency, in particular in a join procedure
Cheng et al. Cryptanalysis and improvement of a certificateless aggregate signature scheme
CN111342973B (en) Safe bidirectional heterogeneous digital signature method between PKI and IBC
CN102387019B (en) Certificateless partially blind signature method
CN113300856B (en) Heterogeneous mixed signcryption method capable of proving safety
López-García et al. A pairing-based blind signature e-voting scheme
Baek et al. Universal designated verifier signature proof (or how to efficiently prove knowledge of a signature)
Li et al. Efficient ID-based message authentication with enhanced privacy in wireless ad-hoc networks
CN110943845A (en) Method and medium for cooperatively generating SM9 signature by two light-weight parties
Shim Design principles of secure certificateless signature and aggregate signature schemes for IoT environments
Huang et al. Partially blind ECDSA scheme and its application to bitcoin
Shen et al. A blind signature based on discrete logarithm problem
CN115580408A (en) SM 9-based certificateless signature generation method and system
CN115174056A (en) Chameleon signature generation method and device based on SM9 signature
Chang et al. Threshold untraceable signature for group communications
Wang et al. A secure ring signcryption scheme for private and anonymous communication
CN115589296A (en) Certificate signature scheme based on SM9 signature algorithm
Ma et al. Certificateless group inside signature
Zhang et al. A novel authenticated encryption scheme and its extension
CN112636918B (en) Efficient two-party collaborative signature method based on SM2
CN115174053B (en) Signature generation method and device for repudiation ring authentication based on SM9 algorithm
Zhang et al. Efficient and optimistic fair exchanges based on standard RSA with provable security
Wu et al. Efficient self-certified proxy CAE scheme and its variants
Tsai et al. A robust secure self-certified concurrent signature scheme from bilinear pairings.

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20230403

Address after: 200232 floor 1-3, No.24, Lane 315, Fenggu Road, Xuhui District, Shanghai

Applicant after: Shanghai qianfang Technology Co.,Ltd.

Applicant after: WUHAN University

Address before: 200232 floor 1-3, No.24, Lane 315, Fenggu Road, Xuhui District, Shanghai

Applicant before: Shanghai qianfang Technology Co.,Ltd.

TA01 Transfer of patent application right