CN115766019A - Ciphertext private key-based ECDSA digital signature generation method and system - Google Patents
Ciphertext private key-based ECDSA digital signature generation method and system Download PDFInfo
- Publication number
- CN115766019A CN115766019A CN202211265723.5A CN202211265723A CN115766019A CN 115766019 A CN115766019 A CN 115766019A CN 202211265723 A CN202211265723 A CN 202211265723A CN 115766019 A CN115766019 A CN 115766019A
- Authority
- CN
- China
- Prior art keywords
- signature
- user terminal
- mod
- ecdsa
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The method for generating the ECDSA digital signature based on the ciphertext private key comprises the following steps: the user terminal has Q U =d U G,S U =E(d U ),d U The ECDSA private key of the user is G as a base point, the order of G is n, Q U Is d U The corresponding public key E (-) is homomorphic encryption operation, and the signature auxiliary device or system has or can obtain a private key for decryption operation; when required using d U When signing message M: firstly, calculating to obtain a hash value e of the message M; the user terminal, signature auxiliary device or system is in [1,n-1]]Internal random selection of integer k 1 、k 2 And the two calculate R = k cooperatively without exposing respective secrets 1 k 2 G or R = (k) 1 +k 2 ) G; calculation of r = x R mod n,x R From (x) R ,y R ) = R; obtaining s = ((k) by homomorphic encryption cooperative calculation 2 k 1 ) ‑1 (e+d U ) Mod n or s = ((k) 2 +k 1 ) ‑1 (e+d U ) Mod n; (r, s) is the digital signature of message M.
Description
Technical Field
The invention belongs to the technical field of passwords, and particularly relates to an ECDSA digital signature generation method and system based on a ciphertext private key.
Background
For a user terminal computing environment (such as a personal computer, a mobile phone, a tablet computer, and other mobile terminals) which does not have a cryptographic hardware to store a signature private key and perform cryptographic operation by using the signature private key, a digital signature collaborative generation scheme based on secret sharing is often adopted to ensure the security of the signature private key and a generated digital signature. ECDSA (Elliptic Current Digital Signature Algorithm) is a Digital Signature Algorithm based on Elliptic Curve point groups widely adopted internationally at present, and is explained briefly as follows (see "Standard for effective Cryptographic, SEC 1:
the order of the elliptic curve point group (subgroup) of the ECDSA or the order of the base point G is a prime number n, and the signature private key d of the user U Is [1,n-1]An integer that is randomly selected within the group of integers, the public key is Q U =d U G; when signing the message M, a hash value e of the message M is calculated by using a hash function (actually, e is an integer converted and derived from the hash value H = H (M) of the message M, but generally, e is simply the hash value of the message M, and the description of the invention also applies); in [1,n-1]Randomly selecting an integer k, and calculating R = kG; calculation of r = x R mod n, where x R Is taken from (x) R ,y R ) = R (actual calculation is to put x in a prescribed manner first R Convert an integer and then take its modulo n remainder, but this is usually described); if r =0, k is reselected, and R, r are recalculated until r is not 0; calculate s = k -1 (e+rd U ) (ii) a If s =0, k is reselected, and s is recalculated until s is not 0; then (r, s) is a digital signature for message M.
It should be noted that there are many digital signature algorithms based on elliptic curve point groups, which belong to different digital signature algorithms, and the ECDSA of the present invention is a specific elliptic curve digital signature algorithm widely used in the world at present, and the name of the ECDSA is ECDSA (the international commonly accepted name, see the above documents).
The present digital signature based on secret sharing for ECDSA has a problem that other digital signatures besides the user cooperatively generate parties, the private signature key of the user, i.e. the secret share of the private signature key of the user, is shared, which does not completely conform to the electronic signature law of the people's republic of china, the electronic signature law requires that the signature making data when generating the electronic signature is proprietary and controlled by the signer, and for the digital signature, the signature making data, i.e. the signature private key, therefore, how to ensure the validity and security of the generated digital signature without sharing the private signature key of the ECDSA signature, i.e. how to ensure the secure storage and use of the private signature making key (signature making data) stored in the user terminal without using the private signature key to cooperatively generate the secret share of the private signature key of the parties, is a technical problem that needs to be solved, and how to ensure the secure storage and use of the private signature (signature making data) stored in the user terminal appears to be lost because the private signature (making data) stored in the user terminal is stolen and the secret signature is leaked or the signature is caused by stealing the signature.
Disclosure of Invention
The invention aims to solve the problems of the conventional ECDSA (electronic signature integration) digital signature collaborative generation technical scheme based on secret sharing, and provides a corresponding technical scheme to overcome the defects of the prior art.
Aiming at the purpose of the invention, the technical scheme provided by the invention comprises an ECDSA digital signature generation method based on a ciphertext private key and a corresponding system.
In the following description of the present invention, if P, Q is an element (point) in the elliptic curve point group, P + Q represents a point addition of P, Q, P-Q represents an inverse element of P plus Q, kP represents a point addition of k elliptic curve points P, i.e., P + ·+ P (k P in total, and kP is an inverse addition element of a result of point addition of | k | elliptic curve points P if k is a negative number); c. C -1 Representing the modulo n inverse of integer c (i.e., cc) -1 mod n = 1); unless otherwise stated, the multiplication inverses in the present patent application are all modulo n with respect to the order n of the ECDSA elliptic curve point group (i.e. the order n of the base point G)The inverse of the multiplication; multiple integer multiplication (including integer symbol parameter, variable multiplication, constant and integer symbol parameter, variable multiplication), omitting multiplication sign ". Cndot." such as k, without ambiguity 1 ·k 2 Simplified as k 1 k 2 3 · c reduces to 3c; mod n denotes the modulo n operation (modulo operation) whose operator mod n is the lowest priority, e.g., a + b mod n equals (a + b) mod n, a-b mod n equals (a-b) mod n, and ab mod n equals (ab) mod n.
The method for generating the ECDSA based on the ciphertext private key is concretely as follows.
The user terminal has Q U =d U G, with secret S U =E(d U ) Wherein d is U Signing private key for ECDSA of user, G is base point of ECDSA elliptic curve point group (subgroup), Q U Signing private key d for ECDSA of user U The corresponding public key, E (-) is the encryption operation using the homomorphic encryption algorithm;
the user terminal is a computing device (e.g., a personal computer, a mobile phone, a tablet computer) of a user; the homomorphic encryption algorithm is an addition homomorphic encryption algorithm or a full homomorphic encryption algorithm; the signature assistance device or system has a private key SK of a decryption operation corresponding to a public key employed by an encryption operation E (-) of a homomorphic encryption algorithm 1 (private key of homomorphic encryption algorithm) or private key SK of decryption operation corresponding to public key employed in encryption operation E (-) of homomorphic encryption algorithm 1 Encrypted as ciphertext T via a key employing a signature assistance device or system sk1 Wherein for SK 1 The key of the signature auxiliary device or system used for encryption comprises a symmetric key or a public key (wherein the public key comprises a common public key, such as the public key of common public key cryptographic algorithms like RSA and SM2, or the group public key of the group-oriented encryption algorithm), and the user terminal stores a private key SK for performing decryption operation corresponding to the public key used for encryption operation E (-) in the user terminal 1 Ciphertext T of sk1 (T sk1 Not secret to the signature assistance device or system, but may be secret to a computing device, system, outside of the signature assistance device or system); the signature assisting device or system is assisting or assistingThe user terminal completes the calculation device or system for generating and calculating the digital signature;
when the ECDSA signature private key d of the user needs to be used U When digitally signing the message M, the user terminal and the signature assistance apparatus or system generate a digital signature for the message M as follows (it is necessary to use the ECDSA signature private key d of the user U The subject of the digital signature for the message M may be an application, a system, inside or outside the user terminal, that needs to invoke the digital signature function in the user terminal):
the user terminal calculates a hash value e of the message M by using the message M and a hash function (hash function), and sends e to the signature auxiliary device or system, or the signature auxiliary device or system calculates the hash value e of the message M by using the message M and the hash function (hash function), and sends e to the user terminal;
the user terminal is [1,n-1]Randomly selecting an integer k in the interval 1 Where n is the order of the base point G (i.e., the order of the ECDSA elliptic curve point group (subgroup)), and n is a prime number;
the signature auxiliary device or system is in [1,n-1]]Randomly selecting an integer k in the interval 2 ;
User terminal and signature assistance device or system without exposing respective secrets k 1 、k 2 The following calculation is done in the case of (1):
the user terminal is ensuring that the signature assistance device or system does not reselect k 2 In the case of (1), R = k is calculated by interacting with a signature assistance device or system 1 k 2 G;
Signature assistance device or system in ensuring that a user terminal does not reselect k 1 In the case of (1), R is obtained by interactive calculation with the user terminal f =k 1 k 2 G;
Alternatively, the first and second electrodes may be,
the user terminal is ensuring that the signature assistance device or system does not reselect k 2 In the case of (a), R = (k) is calculated by interacting with a signature assistance device or system 1 +k 2 )G;
Signature assistance device or system in securing a userTerminal does not reselect k 1 In the case of (1), R is obtained by interactive calculation with the user terminal f =(k 1 +k 2 )G;
If R and/or R f Zero (point of infinity), the user terminal, signature assistance device or system reselects k 1 、k 2 Recalculated R, R f Up to R and R f Is not zero;
user terminal calculates r = x R mod n, where x R Is taken from (x) R ,y R )=R;
Signature assistance apparatus or system for calculating r f =x Rf mod n, where x Rf Is taken from (x) Rf ,y Rf )=R f ;
User terminal and signature assistance device or system check r and/or r f If the number is 0 (integer 0), if so, the user terminal and the signature auxiliary device or system reselect k 1 、k 2 Recalculated R, R f Recalculate r, r f Up to r and r f Are both different from 0;
the subscriber terminal and the signature assistant device or system check whether (e + rd) will occur, respectively U ) mod n =0 and/or (e + r) f d U ) mod n =0, i.e. if s =0 would occur, where s is the parameter s in the digital signature (r, s) to be computed;
if yes, the user terminal and the signature auxiliary device or the system reselect k 1 、k 2 Recalculated R, R f Recalculating r, r f Until (e + rd) does not occur U ) mod n =0 and/or (e + r) f d U ) mod n =0, or go to error handling;
if (e + rd) does not occur U ) mod n =0 and/or (e + r) f d U ) If mod n =0, performing subsequent calculation processing;
the subscriber terminal calculates s in one of the following ways 1 :
s 1 The first calculation method is as follows:
R、R f using the formula ofR=k 1 k 2 G、R f =k 1 k 2 G;
The user terminal is [1,n-1]]Randomly selecting an integer b from b, e, r and S U 、k 1 The calculation result is obtained through a homomorphic encryption algorithm:
s 10 =((k 1 ) -1 e-b)mod n,s 11 =E(b+(k 1 ) -1 rd U (mod n)),
or, s 10 =((k 1 ) -1 (e-b))mod n,s 11 =E((k 1 ) -1 (b+rd U )(mod n)),
Or, s 10 =((k 1 ) -1 (e-rb))mod n,s 11 =E((k 1 ) -1 (r(d U + b)) (mod n)), where (k) is 1 ) -1 Is k is 1 The inverse of the modulo n multiplication of;
s 10 、s 11 numerical value pairs(s) 10 ,s 11 ) Composition s 1 ;
s 1 And a second calculation method:
R、R f the formula used is R = k 1 k 2 G、R f =k 1 k 2 G;
User terminal using e, r, S U 、k 1 Calculated by a homomorphic encryption algorithm, the following are obtained:
s 1 =E((k 1 ) -1 (e+rd U ) (mod n)), wherein (k) 1 ) -1 Is k 1 The inverse of the modulo n multiplication of;
s 1 and a third calculation mode:
R、R f the formula used is R = k 1 k 2 G、R f =k 1 k 2 G;
E (-) is the encryption algorithm of the full homomorphism correspondingly;
signature assistance device or system computing c 2 =E((k 2 ) -1 ) Wherein (k) 2 ) -1 Is k 2 Inverse of modulo n multiplication of c 2 Is sent toA user terminal;
user terminal using e, r, S U 、k 1 、c 2 Calculated by a homomorphic encryption algorithm, the following are obtained:
s 1 =E((k 1 k 2 ) -1 (e+rd U ) (mod n)), wherein (k) 1 k 2 ) -1 Is k 1 k 2 (or (k) 1 k 2 ) mod n) is the inverse of the modulo n multiplication;
s 1 and the calculation method is as follows:
R、R f the formula adopted is R = (k) 1 +k 2 )G、R f =(k 1 +k 2 )G;
Signature assistance device or system computing c 2 =E(k 2 ) C is mixing 2 Sending the data to a user terminal;
the user terminal is [1,n-1]Randomly selecting an integer b from b, e, r and S U 、k 1 、c 2 Calculated by a homomorphic encryption algorithm, the following are obtained:
s 10 =E(b(k 1 +k 2 )(mod n)),s 11 =E(b(e+rd U )(mod n));
s 10 、s 11 numerical value pairs(s) 10 ,s 11 ) Composition s 1 ;
Is calculated to obtain s 1 Thereafter, the user terminal will s 1 Sending to a signature assistance device or system;
private key SK of a decryption operation if it corresponds to the public key employed by the encryption operation E (-) of the homomorphic encryption algorithm 1 Encrypted as ciphertext T via a key employing a signature assistance device or system sk1 If the data is stored in the user terminal, the user terminal will also store T sk1 To a signature assistance device or system which decrypts T sk1 Obtaining the private key SK of the decryption operation corresponding to the public key used by the encryption operation E (-) of the homomorphic encryption algorithm 1 ;
For s 1 In the first calculation mode, the signature auxiliary device or system uses the private key SK 1 Decrypting the value pair s 1 S in 11 Obtaining s 11 Is given 12 Calculating s = ((k) 2 ) -1 (s 10 +s 12 ))mod n;
For s 1 In the second calculation mode, the signature auxiliary device or system uses the private key SK 1 Decryption s 1 Obtaining s 1 Is given 12 Calculating s = ((k) 2 ) -1 s 12 )mod n;
For s 1 Third, the signature auxiliary device or system uses the private key SK 1 Decryption s 1 Obtaining s 1 Is given 12 Calculating s = s 12 mod n;
For s 1 In the fourth calculation mode, the signature auxiliary device or system uses the private key SK 1 Decrypting the value pair s 1 S in 10 、s 11 Respectively obtain s 10 Is given 12 ,s 11 Is given 13 Calculating s = ((s) 12 ) -1 s 13 ) mod n, where(s) 12 ) -1 Is s is 12 The inverse of the modulo n multiplication of;
the signature auxiliary device or system returns s to the user terminal; before returning s to the user terminal, the signature assistance device or system verifies whether s is using e, k 1 、k 2 、r f And public key Q U Corresponding private key d U Calculating according to the ECDSA calculation mode, if so, continuing, otherwise, performing error processing;
user terminal verifies whether s is used e, k 1 、k 2 R and public key Q U Corresponding private key d U Calculating according to the ECDSA digital signature calculation mode, if the verification is passed, (r, s) is the digital signature of the message M, otherwise, carrying out error processing;
(for s) 1 Calculation methods one, two, three, s = ((k) 1 k 2 ) -1 (e+rd U ) Mod n for s 1 Calculation mode four, s = ((k) 1 +k 2 ) -1 (e+rd U ))mod n)
In the above formula of the encryption operation E (·) using a homomorphic encryption algorithm, a (mod n), where a is an integer and represents an integer congruent with a modulo n (two integers a, b modulo n congruent, i.e., a mod n = b mod n, and represents a ≡ b (mod n), (mod n) operator with the lowest priority);
the signature assisting device or system assists and assists the user terminal to complete the generation of the digital signature (such as decrypting s) 1 Before or before s) is calculated), the user who authenticated and confirmed to use the user terminal, i.e. the signer, is the public key Q U Or a system (e.g. application service system) relying on the invocation of the signature assistance device or system to authenticate and confirm that the user using the user terminal, i.e. the signer, is the public key Q U Is the owner of (note that here, the signer, which is not the authentication verification user, is the public key Q U Corresponding private key d U The owner of (c);
the user terminal implements the digital signature calculation and generation steps through a password program or a password module or a password component which implements the password function in the user terminal, and implements the ECDSA digital signature function.
For the above ECDSA digital signature generation method based on ciphertext private key, the user terminal and the signature auxiliary device or system do not expose own secret k 1 、k 2 And ensuring that the other party does not reselect k 1 、k 2 In the case of (1), R = k is obtained by interactive calculation 1 k 2 G、R f =k 1 k 2 One method of G is as follows:
user terminal calculation of R 1 =k 1 G, calculating R 1 Is a hash value of h 1 (using any suitable hashing algorithm), and (h) is divided into 1 Sending to a signature assistance device or system;
signature assistance device or system for calculating R 2 =k 2 G, calculating R 2 Is a hash value of h 2 H is to be 2 Sending the data to a user terminal;
h for user terminal to receive signature auxiliary device or system 2 Then, R is reacted with 1 Sending to a signature assistance device or system;
the signature assistance device or system receives h of the user terminal 1 Then, R is reacted with 2 Sending the data to a user terminal;
the user terminal receives R 2 Thereafter, the received R is calculated and checked 2 Is h or not 2 If not, the error processing is carried out, and if yes, R = k is obtained through calculation 1 R 2 ;
Reception of R by signature assistance device or system 1 Thereafter, the received R is calculated and checked 1 Is h or not 1 If not, the error processing is carried out, and if yes, R is obtained through calculation f =k 2 R 1 。
For the above ECDSA digital signature generation method based on ciphertext private key, the user terminal and the signature auxiliary device or system do not expose own secret k 1 、k 2 And ensuring that the other party does not reselect k 1 、k 2 In the case of (b), R = (k) is obtained by interactive calculation 1 +k 2 )G、R f =(k 1 +k 2 ) One method of G is as follows:
user terminal calculation of R 1 =k 1 G, calculating R 1 Is a hash value of h 1 (using any suitable hashing algorithm), and (h) dividing 1 Sending to a signature assistance device or system;
signature assistance device or system for calculating R 2 =k 2 G, calculating R 2 Is a hash value of h 2 H is to be 2 Sending the data to a user terminal;
h for user terminal to receive signature auxiliary device or system 2 Then, R is reacted with 1 Sending to a signature assistance device or system;
the signature assistance device or system receives h of the user terminal 1 Then, R is reacted with 2 Sending the data to a user terminal;
the user terminal receives R 2 Thereafter, the received R is calculated and checked 2 Whether the hash value of (a) is h 2 If not, the error processing is carried out, and if yes, R = R is obtained through calculation 1 +R 2 ;
Reception of R by signature assistance device or system 1 Then, the received R is calculated and checked 1 Of (2)Whether the hash value is h 1 If not, the error processing is carried out, and if yes, R is obtained through calculation f =R 1 +R 2 。
The above four s 1 The calculation modes are the first, second and fourth modes, and the comprehensive calculation amount of the user terminal is less (including the calculation of R, s) 1 ) The mode is the third largest. The first mode introduces a randomly selected integer b on the basis of the homomorphic remainder, which leads d to be directly cracked from homomorphic encryption operation results U Becomes more difficult.
For the above ECDSA digital signature generation method based on the ciphertext private key, the user terminal and the signature auxiliary device or system respectively check whether (e + rd) occurs U ) mod n =0 and/or (e + r) f d U ) One way to do this for the case of mod n =0 (i.e. whether s =0 would occur, where s is the parameter s in the digital signature (r, s) to be computed) is as follows:
user terminal checks eG + rQ U If it is zero (infinite point of elliptic curve point group), if it is, then (e + rd) appears U ) mod n =0, otherwise not;
signature assistance device or system checks eG + r f Q U If it is zero (infinite point of elliptic curve point group), if it is, then (e + r) appears f d U ) mod n =0, otherwise nothing.
For the above ECDSA digital signature generation method based on ciphertext private key, the signature auxiliary device or system verifies whether s uses e, k 1 、k 2 、r f And public key Q U Corresponding private key d U The method obtained by the calculation according to the ECDSA comprises the following steps:
signature assistance device or system check verification (r) f S) whether the message is a digital signature of the message M, if so, the verification is passed, otherwise, the verification fails;
alternatively, the signature assisting apparatus or system checks the verification sR f Whether or not the value of (d) is equal to eG + r f Q U And if the verification result is the same as the verification result, the verification is passed, and otherwise, the verification fails.
For the above based ciphertextThe ECDSA digital signature generation method of the private key verifies whether s uses e and k or not by the user terminal 1 、k 2 R and public key Q U Corresponding private key d U The method obtained by the calculation according to the ECDSA calculation mode comprises the following steps:
the user terminal checks whether the verification (r, s) is the digital signature of the message M, if so, the verification is passed, otherwise, the verification fails;
alternatively, the user terminal checks to verify whether the value of sR is equal to eG + rQ U And if the verification result is the same as the verification result, the verification is passed, and otherwise, the verification fails.
To d is paired U The key pair of the cryptographic homomorphic cryptographic algorithm may be either pre-owned, i.e. permanent, or may be a pair d U Temporarily generated upon encryption. If the key pair is temporarily generated, the corresponding pair S U Private key SK for performing decryption operations 1 Is usually encrypted as ciphertext data T sk1 Stored in the user terminal (SK of course) 1 Encrypted to be stored in a user account of the signature assistance device or system).
For private key SK 1 The encryption algorithm adopted by the encryption can be a symmetric key encryption algorithm or a public key encryption algorithm (asymmetric key encryption algorithm); if it is paired with the private key SK 1 The encryption algorithm used for encryption is a public key encryption algorithm, and may be a common public key encryption algorithm (non-group-oriented encryption algorithm) or a group-oriented encryption algorithm (group encryption algorithm for short). The group-oriented encryption algorithm referred to herein refers to a class of public key encryption algorithms: a group has a public key and each member of the group has a private key (the private keys of different members are usually different), and using the data encrypted by the group public key, each member of the group can decrypt using its own private key.
From the point of view of security protection of the private key of the user signature, the temporarily generated key pair of the homomorphic encryption algorithm is more secure (because of the private key SK performing the decryption operation) 1 Disclosure may at most cause disclosure of ECDSA private signature key of one user), it should be preferable to use a key pair of a temporarily generated homomorphic encryption algorithm, but using a permanent set of keysThe cipher text data T can be saved by the key pair of the long homomorphic encryption algorithm sk1 。
For the above ECDSA digital signature generation method based on the ciphertext private key, S is prevented U The security enhancement scheme of the stolen ECDSA digital signature generation method based on the ciphertext private key is as follows.
When a user (using a program in a user terminal or other terminals) accesses an application service system and needs to digitally sign a message M by using an ECDSA signature private key of the user, the application service system issues a security token for the user; the security token is an authorization certificate for requesting a signature auxiliary device or a system to assist, cooperatively generate or/and calculate a digital signature (the security token indicates to a digital signature cooperative generation service system that the digital signature cooperative generation request is authorized and guaranteed by an application service system; the security token does not need to contain the identity information of a user, but at least one of the user identity information and public key information is contained from the security perspective);
the application service system (such as through a client program or other means) transmits the security token or the acquired information of the security token to a password program or a password module or a password component implementing the ECDSA digital signature function in the user terminal; the acquisition information of the security token is information for acquiring the security token issued by the application service system (at this time, the security token is stored on the network);
the user terminal (a password program or a password module or a password component for implementing the ECDSA digital signature function) submits the security token or the acquisition information of the security token to a signature auxiliary device or system;
if the acquisition information of the security token is submitted to the signature auxiliary device or the system, the signature auxiliary device or the system acquires the security token issued by the application service system by using the acquisition information;
the signature assistance device or system verifies the validity of the security token (e.g. verifying the validity of an asymmetric key or a symmetric key digital signature of the security token, such as HMAC, and time validity), and thereafter the user terminal (in the cryptographic program or cipher implementing the ECDSA digital signature function)Module or password component) and signature auxiliary device or system, according to the above-mentioned ECDSA digital signature generation method based on ciphertext private key, using S U A digital signature for the message M is generated.
The mode that the application service system transmits the security token or the acquired information of the security token to the password program or the password module or the password component implementing the ECDSA digital signature function in the user terminal comprises the following steps:
if a client program used by a user for accessing the application service system and a password program or a password module or a password component for implementing the ECDSA digital signature function are located in the same user terminal, the application service system transmits the security token or the acquisition information of the security token to the password program or the password module or the password component for implementing the ECDSA digital signature function in the user terminal through the client program;
or, if the client program used by the user to access the application service system and the password program or the password module or the password component for implementing the ECDSA digital signature function are located in different user terminals, the application service system displays a barcode (two-dimensional code or multi-dimensional code) through the client program used by the user, and then transmits the acquired information of the security token or the security token to the password program or the password module or the password component for implementing the ECDSA digital signature function in the user terminal in a way that the user scans the barcode through the user terminal;
or, if the user terminal is a mobile communication terminal (e.g., a mobile phone), the application service system sends the short message through the mobile communication terminal of the user, starts a password program implementing the ECDSA digital signature function in the mobile communication terminal of the user through information (e.g., URL Schema) contained in the short message, and transmits the security token or the information obtained by the security token to the password program implementing the ECDSA digital signature function in the mobile communication terminal of the user automatically through the start information (e.g., URL Schema) or through a mode of inputting information in the short message by the user.
In the above to prevent S U The security enhancement scheme of the ECDSA digital signature generation method based on the ciphertext private key based on the stolen security enhancement scheme is as follows:
the homomorphic encryption algorithm corresponding to the homomorphic encryption operation E (-) is a fully homomorphic encryption algorithm;
while the application service system issues a security token to the user (terminal), it is at [1,n-1]]Randomly selecting an integer k 0 Calculating R 0 =k 0 G,c 0 =E((k 0 ) -1 ) Or c 0 =E(k 0 ) Wherein (k) 0 ) -1 Is k is 0 Is inverted modulo n, then R is inverted 0 Together with a security token, to a signature assistance device or system, R, via a user terminal 0 Secured by a security token (e.g. R) 0 Is part of a security token, or R 0 Is part of a security token), c) is transmitted 0 Or c 0 The acquired information is transmitted to the user terminal;
if the user terminal receives c 0 The user terminal obtains c using the obtained information 0 ;
The signature assistance device or system determines R by the security token after verifying the validity of the received security token 0 The effectiveness of (a);
the user terminal or the signature auxiliary device or the system calculates to obtain a hash value e of the message M;
the user terminal is [1,n-1]Randomly selecting an integer k in the interval 1 The signature auxiliary device or system is in [1,n-1]]Randomly selecting an integer k in the interval 2 ;
User terminal and signature assistance device or system without exposing respective secrets k 1 、k 2 The following calculation is done in the case of (1):
user terminal ensuring signature assistance device or system does not reselect k 2 In the case of (1), R = k is calculated by interacting with a signature assistance device or system 1 k 2 R 0 ;
Signature assistance device or system in ensuring that a user terminal does not reselect k 1 In the case of (1), R is obtained by interactive calculation with the user terminal f =k 1 k 2 R 0 ;
Alternatively, the first and second electrodes may be,
the user terminal is ensuring that the signature assistance device or system does not reselect k 2 In the case of (a), R = (k) is calculated by interacting with a signature assistance device or system 1 +k 2 )R 0 ;
Signature assistance device or system in ensuring that a user terminal does not reselect k 1 In the case of (1), R is obtained by interactive calculation with the user terminal f =(k 1 +k 2 )R 0 ;
If R and/or R f Zero (point of infinity), the user terminal, signature assistance device or system reselects k 1 、k 2 Recalculated R, R f Up to R and R f Is not zero;
user terminal calculates r = x R mod n, where x R Is taken from (x) R ,y R )=R;
Signature assistance device or system calculates r f =x Rf mod n, where x Rf Is taken from (x) Rf ,y Rf )=R f ;
User terminal and signature assistance device or system checking r and/or r f If it is 0 (integer 0), if so, the user terminal and the signature assistance device or system reselect k 1 、k 2 Recalculated R, R f Recalculating r, r f Up to r and r f Are both different from 0;
the subscriber terminal and the signature assistant device or system check whether (e + rd) will occur, respectively U ) mod n =0 and/or (e + r) f d U ) mod n =0, i.e. if s =0 would occur, where s is the parameter s in the digital signature (r, s) to be computed;
if yes, the user terminal and the signature auxiliary device or the system reselect k 1 、k 2 Recalculated R, R f Recalculating r, r f Until (e + rd) does not occur U ) mod n =0 and/or (e + r) f d U ) mod n =0, or go to error handling;
if (e + rd) does not occur U ) mod n =0 and/or (e + r) f d U ) If mod n =0, performing subsequent calculation processing;
the subscriber terminal calculates s in one of the following ways 1 :
s 1 And a fifth calculation mode:
R、R f the formula used is R = k 1 k 2 R 0 、R f =k 1 k 2 R 0 ,c 0 =E((k 0 ) -1 );
User terminal using e, r, S U 、c 0 、k 1 Calculated by a homomorphic encryption algorithm, the following are obtained:
s 1 =E((k 0 k 1 ) -1 (e+rd U ) (mod n)), in which (k) 0 k 1 ) -1 Is k 0 k 1 (or (k) 0 k 1 ) mod n) is the inverse of the modulo n multiplication;
s 1 a sixth calculation mode:
R、R f the formula used is R = k 1 k 2 R 0 、R f =k 1 k 2 R 0 ,c 0 =E((k 0 ) -1 );
Signature assistance device or system computing c 2 =E((k 2 ) -1 ) Wherein (k) 2 ) -1 Is k 2 Inverse of modulo n multiplication of c 2 Sending the data to a user terminal;
user terminal using e, r, S U 、c 0 、k 1 、c 2 Calculated by a homomorphic encryption algorithm, the following are obtained:
s 1 =E((k 0 k 1 k 2 ) -1 (e+rd U ) (mod n)), wherein (k) 0 k 1 k 2 ) -1 Is k 0 k 1 k 2 (or (k) 0 k 1 k 2 ) mod n) is the inverse of the modulo n multiplication;
s 1 a seventh calculation mode:
R、R f the formula adopted is R = (k) 1 +k 2 )R 0 、R f =(k 1 +k 2 )R 0 ,c 0 =E(k 0 );
Signature assistance device or system computing c 2 =E(k 2 ) C is mixing 2 Sending the data to a user terminal;
the user terminal is [1,n-1]Randomly selecting an integer b from b, e, r and S U 、c 0 、k 1 、c 2 Calculated by a homomorphic encryption algorithm, the following are obtained:
s 10 =E(bk 0 (k 1 +k 2 )(mod n)),s 11 =E(b(e+rd U )(mod n));
s 10 、s 11 numerical value pairs(s) 10 ,s 11 ) Composition s 1 ;
Is calculated to obtain s 1 Thereafter, the user terminal will s 1 Sending to a signature assistance device or system;
private key SK of a decryption operation if it corresponds to the public key employed by the encryption operation E (-) of the homomorphic encryption algorithm 1 Encrypted as ciphertext T via a key employing a signature assistance device or system sk1 Then the user terminal will also T sk1 To a signature assistance device or system which decrypts T sk1 Obtaining the private key SK of the decryption operation corresponding to the public key used by the encryption operation E (-) of the homomorphic encryption algorithm 1 ;
For s 1 In the fifth calculation mode, the signature auxiliary device or system uses the private key SK 1 Decryption s 1 Obtaining s 1 Is given 12 Calculating s = ((k) 2 ) -1 s 12 )mod n;
For s 1 Sixth, the signature auxiliary device or system uses the private key SK 1 Decryption s 1 Obtaining s 1 Is given 12 Calculating s = s 12 mod n;
For s 1 Seventh, the signature auxiliary device or system uses the private key SK 1 Decrypting the value pair s 1 S in 10 、s 11 Respectively obtain s 10 Is given 12 ,s 1 In the clear text of 1 s 13 Calculating s = ((s) 12 ) -1 s 13 ) mod n, where(s) 12 ) -1 Is s is 12 The inverse of modulo n multiplication of (d);
the signature auxiliary device or system returns s to the user terminal; before returning s to the user terminal, the signature assistance device or system verifies whether s is using e, k 0 、k 1 、k 2 、r f And a public key Q U Corresponding private key d U Calculating according to the ECDSA calculation mode, if so, continuing, and if the verification fails, switching to error processing;
user terminal verifies whether s is used e, k 0 、k 1 、k 2 R and public key Q U Corresponding private key d U Calculating according to the ECDSA digital signature calculation mode, if the verification is passed, (r, s) is the digital signature of the message M, otherwise, carrying out error processing;
(for s) 1 Calculation modes five and six, s = ((k) 0 k 1 k 2 ) -1 (e+rd U ) Mod n for s 1 Calculation method seven, s = (((k)) 1 +k 2 )k 0 ) -1 (e+rd U ))mod n)
Before assisting and assisting the user terminal to complete the generation of the digital signature, the signature assisting device or system authenticates and confirms that the user using the user terminal, i.e. the signer, is the public key Q U Or a system (e.g. application service system) relying on the invocation of the signature assistance device or system, first authenticates that the user using the user terminal, i.e. the signer, is the public key Q U Of the security token (of course, the security token may also contain this effect, but this is not essential).
User terminal and signature assistance device or system ensuring against reselection of k 2 、k 1 In the case of (1), R = k is obtained by interactive calculation 1 k 2 R 0 、R f =k 1 k 2 R 0 Or R = (k) 1 +k 2 )R 0 、R f =(k 1 +k 2 )R 0 With user terminals and signaturesAssistance in ensuring that the other party does not reselect k 2 、k 1 In the case of (1), R = k is obtained by interactive calculation 1 k 2 G、R f =k 1 k 2 G or R = (k) 1 +k 2 )G、R f =(k 1 +k 2 ) G can be used in the same manner except that R is present 0 Substitute for G (R) 0 Non-secret);
signature assistance device or system verifies whether s is using e, k 0 、k 1 、k 2 、r f And public key Q U Corresponding private key d U Calculating according to ECDSA calculation mode, and verifying whether s is used e, k by the user terminal 0 、k 1 、k 2 R and public key Q U Corresponding private key d U Calculated according to the calculation mode of the ECDSA, k can be adopted or not 0 The same way of authentication (since authentication does not use a specific k) 0 、k 1 、k 2 )。
On the basis of the security enhancement scheme described above, one scheme for preventing the theft of security tokens is as follows:
when an application service system issues a security token to a user (terminal), randomly selecting an integer w as a perturbation parameter in [1,n-1], encrypting w into ciphertext data which can be decrypted only by a signature auxiliary device or system (for example, encrypting with a public key of the signature auxiliary device or system, or sharing a secret between the application service system and the signature auxiliary device or system, so that an encryption key is derived from the secret), and then transmitting the ciphertext data of w together with the security token to the signature auxiliary device or system through the user terminal, wherein the plaintext or ciphertext data of w is subjected to security protection of the security token (for example, a hash value of the ciphertext data of w or w is a part of the security token, or the ciphertext data of w is a part of the security token);
after verifying the validity of the received security token, the signature auxiliary device or system decrypts the ciphertext of the disturbance parameter w to obtain the plaintext of w, and meanwhile, the validity of the plaintext or the ciphertext of w is determined through the security token;
then, the user terminal and the signature auxiliary device or system generate a digital signature (r, s) aiming at the message M according to the ECDSA digital signature generation method based on the ciphertext private key;
signature assistance device or system computing s w = (s + w) mod n or s w = (sw) mod n, resulting in perturbed digital signature (r, s) w );
(r,s w ) Submitted or returned to the application service system without passing through the user terminal;
application service system calculates s =(s) w -w) mod n or s = (w) -1 s w ) mod n, where w -1 The digital signature (r, s) for message M is recovered as the modulo-n inverse of w.
The above scheme can prevent the security token from being stolen because only the application service system signing the security token can obtain the correct digital signature.
Ciphertext S for various schemes described above U Can be encrypted again (double encryption) as a ciphertext T U (double encryption). If S U Is encrypted again to become a ciphertext T U And then stored in the user terminal, the user terminal decrypts the re-encrypted S when generating the digital signature for the message M U Ciphertext data T of U To obtain S U (Note here S U Itself also ciphertext). Here for S U The re-encryption is to solve S U Is safe to store, prevents S U And the product is stolen after being stolen.
Associating a security token with S U The mode of re-encryption is combined, and the following scheme for further enhancing the security of the ECDSA digital signature generation method based on the ciphertext private key is provided:
S U encrypted by a symmetric key or a public key to form ciphertext data T U (ii) a For decrypting ciphertext data T U SK (key) of 2 The symmetric key or the private key is encrypted (by adopting the symmetric key or the public key) to form ciphertext data T sk2 The signature auxiliary device or system being useful for decrypting ciphertext data T sk2 SK (K) key 3 (symmetric or private key); ciphertext data T U And ciphertext data T sk2 Storing in the user terminal;
when a user (using a program in a user terminal or other terminals) accesses an application service system and needs to digitally sign a message M by using an ECDSA signature private key of the user, the application service system issues a security token for the user; the application service system (such as through a client program or other means) transmits the security token or the acquired information of the security token to a password program or a password module or a password component implementing the ECDSA digital signature function in the user terminal;
the user terminal (the password program or the password module or the password component for implementing the ECDSA digital signature function) combines the security token or the acquisition information of the security token with T sk2 Submitted to a signature assistance device or system;
if the acquisition information of the security token is submitted to the signature auxiliary device or the system, the signature auxiliary device or the system acquires the security token issued by the application service system by using the acquisition information;
after the signature assistance device or system verifies the validity of the security token (e.g., verifying the validity of an asymmetric key or a symmetric key digital signature of the security token, such as HMAC, and time validity), the key SK is used 3 Decrypting ciphertext data T sk2 Obtaining the secret key SK 2 Secret key SK 2 Returning to the user terminal;
user terminal (cipher program or cipher module or cipher component implementing ECDSA digital signature function) utilizes secret key SK 2 Decrypting ciphertext data T U To obtain S U (S U Ciphertext that is homomorphic encrypted), then the user terminal and the signature auxiliary device or system utilize S according to the ECDSA digital signature generation method based on the ciphertext private key U A digital signature for message M is generated.
How to confirm that the user is a public key Q, a signature assistance device or system, or a system that invokes a signature assistance device or system (e.g., an application service system) U The owner of (a) is not part of the present invention, and the possible ways to implement the invention include: signature assistance device or system, tube for invoking a signature assistance device or systemManaging and maintaining user account with user's public key Q U (ii) a Or the account of the user is bound with the digital certificate of the user, and the digital certificate of the user has a user public key Q U 。
For the method for generating the ECDSA digital signature based on the ciphertext private key, the method for generating and distributing the ECDSA signature key pair of the user comprises the following steps:
the method I comprises the following steps:
ECDSA signature key pair Q generated by a trusted program in a user terminal U 、d U For the signature private key d U Encrypting to obtain ciphertext S U D is mixing d U Discard and then add S U (and Q) U ) Safe storage; the trusted program is a program (subjected to security test and evaluation) provided by a password program or a password module developer or a password service provider;
the second method comprises the following steps:
ECDSA signing key pair Q is generated by a trusted program in another terminal, such as a script program in a browser U 、d U D for the private signature key U Encrypted to obtain ciphertext S U D is mixing U Discarding, and scanning S by barcode (such as two-dimensional code and multi-dimensional code) U (and Q) U ) Transmitting to the user terminal for storage; the other terminal is used for storing and using S U A computing device other than the user terminal of (1);
the third method comprises the following steps:
generation of ECDSA signature key pair Q by a key generation apparatus or system U 、d U For the signature private key d U Encrypted to obtain ciphertext S U D is mixing U Discard and then put S in a secure manner U (and Q) U ) Transmitting to the user terminal for storage;
the method is as follows:
the key generation device or system is in [1,n-1]]Randomly selecting an integer d 1 To d is paired 1 S is obtained by adopting homomorphic encryption algorithm for encryption U1 =E(d 1 ) Calculating Q U1 =d 1 G, mixing S U1 、Q U1 Sent to the user terminalA terminal;
the user terminal is [1,n-1]]Randomly selecting an integer d 2 Using a homomorphic encryption algorithm, S U1 Is calculated to obtain S U =E(d 1 d 2 ) Calculating Q U =d 2 Q U1 ;
User terminal is not exposed 1 d 2 In the case of (2), verify d 1 d 2 And [1,n-1]One ECDSA signature private key d inside U Modulo n congruence, i.e. d 1 d 2 =d U (mod n) and has Q U =d U G, i.e. verifying that there is d U =(d 1 d 2 ) mod n and Q U =d U G;
The fifth mode is as follows:
the key generation device or system is in [1,n-1]]Randomly selecting an integer d 1 To d is paired 1 S is obtained by adopting homomorphic encryption algorithm for encryption U1 =E(d 1 ) Calculating Q U1 =d 1 G, mixing S U1 、Q U1 Sending the data to a user terminal;
the user terminal is [1,n-1]]Randomly selecting an integer d 2 Calculating Q U =d 2 G+Q U1 (ii) a Examination of Q U If the key is zero (the infinity point of the elliptic curve point group), if so, the key generation apparatus or system is again at [1,n-1]]Randomly selecting an integer d 1 Recalculating S U1 、Q U1 The user terminal is in [1,n-1 again]Randomly selecting an integer d 2 Calculating Q U =d 2 G+Q U1 ,Q U Until it is a non-zero element;
user terminal using homomorphic encryption algorithm, S U1 Calculating to obtain S U =E(d 1 +d 2 );
User terminal is not exposed 1 +d 2 In the case of (2), verify d 1 +d 2 And [1,n-1]One ECDSA signature private key d inside U Modulo n congruence, i.e. d 1 +d 2 =d U (mod n) and has Q U =d U G, i.e. verification of d U =(d 1 +d 2 ) mod n and Q U =d U G;
For the above ECDSA signature private key generation and distribution mode, if d is encrypted U Or d 1 d 2 Or d 1 +d 2 If the homomorphic encryption algorithm public key used is temporarily generated, d is generated U Or d 1 The device, system or program uses a symmetric key or a public key to encrypt a corresponding private key SK of a homomorphic encryption algorithm for decryption operation 1 Encrypt to obtain SK 1 Ciphertext T of sk1 In which a public key pair SK is used 1 The encryption is suitable for all five ECDSA signature key pairs, and adopts symmetric key pair SK 1 Encryption is only applicable to the third, fourth and fifth generation and distribution modes of the ECDSA signature key pair.
Generally, a program or a device or a system generating the ECDSA private signature key signs information, such as a Certificate Signing Request (CSR), which proves that a user has a corresponding public key, using the generated private signature key, and establishes an initial connection between the user and the public key.
On the basis of the ECDSA digital signature generation method based on the ciphertext private key, a corresponding ECDSA digital signature generation system based on the ciphertext private key can be constructed, and the system comprises a signature auxiliary device or system, and a password program or a password module or a password component in a user terminal; the user terminal stores a user ECDSA signature private key d U Is encrypted to U (ii) a When a digital signature needs to be performed on a message M by using an ECDSA signature private key of a user, a password program or a password module or a password component in a user terminal and a signature auxiliary device or system cooperatively generate a digital signature for the message M according to the ECDSA digital signature generation method based on the ciphertext private key, wherein the password program or the password module or the password component in the user terminal implements operation processing executed by the user terminal in the ECDSA digital signature generation method based on the ciphertext private key. Further, the system may further comprise a key generation apparatus or system, a trusted program for ECDSA signing key pair generation.
From the above description, it can be seen that the user's scheme for generating ECs is based on the present inventionSignature private key d of DSA digital signature U Encrypted to form a ciphertext S U The form of the secret key d is completely stored and used by a user, and other entities do not sign the secret key d U I.e. the digital signature (electronic signature) production data d of the user U Is proprietary to the user, and the signature creation data d is used in generating the digital signature U The method is completely controlled by a user (terminal), and meanwhile, various schemes are provided for further ensuring the safe use and storage of the ciphertext private key, so that the storage and use of the signature making data better accord with the electronic signature method of the people's republic of China, the storage and use of the signature making data are strictly protected, and the generated digital signature is safe.
Drawings
Fig. 1 is a schematic diagram of the basic structure and application of the system of the present invention.
Fig. 2 is a schematic diagram of a signature assistance device or system-centric deployment scenario of the present invention.
Fig. 3 is a schematic diagram of a distributed deployment scenario of the signature assistance device or system of the present invention.
Fig. 4 is a schematic diagram of a scenario of independent deployment of the signature assistance device or system of the present invention.
Detailed Description
The following describes a specific embodiment of the present invention. The following is merely illustrative of possible embodiments of the present invention and is not intended to limit the scope of the invention.
The implementation of the invention adopts a homomorphic encryption algorithm, which can be an addition homomorphic encryption algorithm (such as Paillier algorithm) and a fully homomorphic encryption algorithm (such as BGV, BFV and CKKS), can be an accurate homomorphic encryption algorithm (such as Paillier, BGV and BFV) and can also be an approximate homomorphic encryption algorithm (such as CKKS). Corresponding to the approximate homomorphic encryption algorithm, after data is obtained through decryption, the absolute value of the data is rounded nearby, and the sign bit is unchanged.
In the following description, it is to be understood that,
multiplication of two ciphertext numbers representing homomorphic encryption, the result corresponding to two respectiveA ciphertext number of a product of multiplying the plaintext number;
a ciphertext number representing an addition of two ciphertext numbers that are homomorphically encrypted, the result corresponding to an added sum of the two corresponding plaintext numbers; an |, which indicates the multiplication of one plaintext number and one ciphertext number in a homomorphic encryption, results in a ciphertext number corresponding to the product of the multiplication of two corresponding plaintext numbers.
E (a (mod n)) is often present in homomorphic cryptographic operations of the present invention, where a is an integer and a (mod n) represents a number that is congruent to a modulo n. In the invention, a number which is congruent with a modulo n is used instead of directly using a, so that when a is an operation result (such as a product) of two or more secret numbers (secret numbers), the secret is cracked by directly decomposing a, for example, a = pq, and because the number of bits of p and q is small (relatively, not very large number), p and q are easy to decompose from a, so that p and q are cracked.
One approach to implementing E (a (mod n)) is as follows (although not all are possible):
change the computation E (a (mod n)) to a computation
Where z is an integer randomly selected during the calculation process (e.g., signature device) (not limited to [1,n-1]]An internally selected integer) or an integer calculated from a randomly selected integer (e.g., a signature device) (z may be positive, negative, or zero), and z is selected by: so that the encrypted plaintext number, i.e. a + zn, in the operation process does not exceed the range of representation of the encryption operation E (-) of the homomorphic encryption algorithm for the encrypted integer, or the probability of exceeding the range of representation of the encryption operation E (-) of the homomorphic encryption algorithm for the encrypted integer is extremely small (the exceeding probability is within a specified range) (the encryption operation E (-) of the homomorphic encryption algorithm represents positive, negative and zero by complement, if the modulus of E (-) for the encrypted integer is m, m is divided into two parts, wherein the lower half part of the table isRepresenting positive integers and zeros, the upper half representing negative integers, similar to the complement in a binary number).
In generating a digital signature for a message M, the present invention has seven kinds s 1 The first four of the calculation modes are basic calculation modes, and the last three are enhanced s when an application service system participates in the generation of the digital signature 1 The calculation modes, how to implement the calculation modes specifically, are related to whether the homomorphic encryption algorithm adopted by E (-) is an addition homomorphic encryption algorithm or a full homomorphic encryption algorithm, and four s are described below 1 How the calculation is carried out in detail gives an explanation.
For s 1 In the first calculation mode, the user terminal can use b, e, r and S U 、k 1 S is calculated by homomorphic encryption as follows 11 =E(b+(k 1 ) -1 rd U (mod n)), or s 11 =E((k 1 ) -1 (b+rd U ) (mod n)), or, s 11 =E((k 1 ) -1 (r(d U +b))(mod n)):
Calculating s 01 =((k 1 ) -1 r)mod n,s 02 =((k 1 ) -1 b)mod n,;
For the first s 11 Equation, calculation
For the second s 11 Equation, calculation
For the third s 11 Equation, calculation
s 10 Direct calculation; s 10 、s 11 Numerical value pairs(s) 10 ,s 11 ) Composition s 1 。
For s 1 The second calculation mode is that the user terminal can be usedWith e, r, S U 、k 1 S is calculated by homomorphic encryption as follows 1 =E((k 1 ) -1 (e+rd U )(mod n)):
s 10 =((k 1 ) -1 e)mod n,s 11 =((k 1 ) -1 r)mod n,
Or, if E (-) is the encryption operation of the fully homomorphic encryption algorithm, then:
s 10 =((k 1 ) -1 e)mod n,s 11 =((k 1 ) -1 r)mod n,
for s 1 Thirdly, the homomorphic encryption algorithm corresponding to E (-) is a fully homomorphic encryption algorithm, and the user terminal can utilize E, r and S U 、k 1 、c 2 Wherein c is 2 =E((k 2 ) -1 ) S is calculated by homomorphic encryption as follows 1 =E((k 1 k 2 ) -1 (e+rd U )(mod n)):
s 10 =((k 1 ) -1 e)mod n,s 11 =((k 1 ) -1 r)mod n,
Alternatively, the first and second electrodes may be,
s 10 =((k 1 ) -1 e)mod n,s 11 =((k 1 ) -1 r)mod n,
for s 1 The user terminal can use b, e, r and S U 、k 1 、c 2 Wherein c is 2 =E(k 2 ) By homomorphic encryption of a keyS is calculated as follows 10 =E(b(k 1 +k 2 )(mod n)),s 11 =E(b(e+rd U )(mod n)):
s 01 =(bk 1 )mod n,s 02 =(be)mod n,s 03 =(br)mod n;
Or, the homomorphic encryption algorithm corresponding to E (-) is a fully homomorphic encryption algorithm,
s 10 、s 11 numerical value pair(s) 10 ,s 11 ) Composition s 1 。
For s 1 And a fifth calculation mode, wherein the encryption algorithm corresponding to the E (-) is a fully homomorphic encryption algorithm, and the user terminal can utilize E, r and S U 、c 0 、k 1 Wherein c is 0 =E((k 0 ) -1 ) S is calculated by homomorphic encryption as follows 1 =E((k 0 k 1 ) -1 (e+rd U )(mod n)):
s 10 =((k 1 ) -1 e)mod n,s 11 =((k 1 ) -1 r)mod n,
Alternatively, the first and second liquid crystal display panels may be,
alternatively, the first and second electrodes may be,
for s 1 The calculation mode is six, the encryption algorithm corresponding to E (-) is a fully homomorphic encryption algorithm, and the user terminalCan utilize e, r, S U 、c 0 、k 1 、c 2 Wherein c is 0 =E((k 0 ) -1 ),c 2 =E((k 2 ) -1 ) S is calculated by homomorphic encryption as follows 1 =E((k 0 k 1 k 2 ) -1 (e+rd U )(mod n)):
s 10 =((k 1 ) -1 e)mod n,s 11 =((k 1 ) -1 r)mod n,
Alternatively, the first and second electrodes may be,
for s 1 In the seventh calculation mode, the user terminal can use b, e, r and S U 、c 0 、k 1 、c 2 Wherein c is 0 =E(k 0 ),c 2 =E(k 2 ) S is calculated by homomorphic encryption as follows 10 =E(bk 0 (k 1 +k 2 )(mod n)),s 11 =E(b(e+rd U )(mod n)):
s 01 =(bk 1 )mod n,s 02 =(be)mod n,s 03 =(br)mod n;
Or, the homomorphic encryption algorithm corresponding to E (-) is a fully homomorphic encryption algorithm,
s 10 、s 11 numerical value pairs(s) 10 ,s 11 ) Composition s 1 。
In the practice of the invention, d is aimed at U Encryption and for ciphertext S U The decryption method is related to the deployment method of the signature support device or system, and is related to the generation and distribution method of the ECDSA signature key pair of the user.
The signature assistance device or system may include several deployments:
(1) The system comprises a central deployment, a service center and a service center, wherein the central deployment is realized by professional password service organizations, for example, the central deployment is realized in a cloud service mode, and digital signature service is provided for different customers, users and applications;
(2) The distributed deployment is realized by professional password service organizations, and digital signature service is provided for clients, users and applications in different places and regions;
(3) And each enterprise, mechanism or application system is provided with a signature auxiliary device or system, and digital signature service is provided for own clients, users and applications.
No matter what deployment method is adopted by the signature assisting device or system, the generation and distribution methods of the five ECDSA signature key pairs can be implemented, and of course, other generation and distribution methods of the ECDSA signature key pairs can also be implemented.
In the specific implementation, if the key generation device or system generates or participates in generating the ECDSA signature private key d of the user U (or ECDSA signing Key pair), the Key generation device or system is typically implemented as a device or system on the server side, but a device on the user side such as a USB Key may also be implemented. The key generation device or system at the server can be embodied as plug-and-play cryptographic hardware (such as a cryptographic card) or a device or system combining software and hardware (such as a cryptographic machine and a cryptographic server).
If the ECDSA signature key pair is generated and distributed (including separate generation and cooperative generation) by the key generation device or system at the service end, the key generation device or system may also adopt a central deployment, distributed deployment or independent deployment manner, where the independent deployment is mainly used for special key services provided for organizations and enterprises, and at this time, the user of the ECDSA signature key pair is usually only the organization and the enterprise's own client and user.
In an implementation, the ECDSA signature key pair is generated by a trusted program in the user terminal, and a corresponding program may be provided by a cryptographic program or a cryptographic module developer or a cryptographic service provider, and is ensured to be executed in a secure user terminal environment, for example, the user terminal is ensured to have no trojan horse or to be executed in a Trusted Execution Environment (TEE).
If the ECDSA signature key pair is generated by a program in another terminal during specific implementation, a password program or a password module developer or a password service provider can provide a corresponding program for generating the ECDSA signature key pair, and the private signature key d is scanned by a barcode (such as a two-dimensional code or a multi-dimensional code) U Is encrypted to U And other parameters, data (such as public key Q) U ) The ID is transmitted to a user terminal, or the user can use a browser in another terminal to visit a special credible website, a script program returned by the credible website generates an ECDSA signature key pair in the browser, and then a code scanning is carried out through a bar code (such as a two-dimensional code and a multidimensional code) to scan a signature private key d U Is encrypted to U And other parameters, data to the user terminal.
In the following, description will be given of the pair d with reference to the embodiments of the signature support device and system and the embodiments of the ECDSA signature key pair generation and distribution U Encryption and pair of ciphertext S U Decryption related embodiments.
No matter what deployment and implementation manner is adopted by the signature assistance device or system, no matter what implementation manner and deployment manner is adopted by the generation and distribution of the ECDSA signature key pair, and the pair d U Encryption and pair of ciphertext S U The key pair of the decrypted homomorphic encryption algorithm can be pre-existing in the signature auxiliary device or system, or can be the key pair d U Temporarily generated (by a key pair generation program or device or system) upon encryption.
If to d U Encryption and pairing of S U Key for a decrypted homomorphic encryption algorithmIf the pair is pre-owned by the signature assistance device or system, then the following are some possible implementation scenarios:
to d is paired U Encryption and pair S U The key pair of the decrypted homomorphic encryption algorithm is pre-owned by the signature assistant device or system, and the signature assistant device or system employs a centrally deployed implementation, then pair d U Encryption is typically the public key of a public key pair (public key pair, i.e. a key pair shared by a plurality of signature assistance devices or systems), decryption d, using a homomorphic encryption algorithm of the signature assistance device or system U Is encrypted to U Private key SK of homomorphic encryption algorithm 1 The ECDSA signature key pair is a private key in a public key pair of the homomorphic encryption algorithm, and the generation and distribution of the ECDSA signature key pair can be realized by any implementation mode or deployment mode;
to d U Encryption and pair S U If the key pair of the decrypted homomorphic encryption algorithm is pre-existing in the signature assistance device or system and the signature assistance device or system adopts a distributed deployment mode, the public key pair d in the public key pair of one homomorphic encryption algorithm of the signature assistance device or system can be used U Encryption (i.e. sharing a key pair by a plurality of signature assistance devices or systems deployed in a distributed manner), decryption d U Is encrypted to U Private key SK of homomorphic encryption algorithm 1 The ECDSA signature key pair is a private key in a public key pair of the homomorphic encryption algorithm, and the generation and distribution of the ECDSA signature key pair can be realized by any implementation mode or deployment mode;
to d U Encryption and pair S U The key pair of the decrypted homomorphic encryption algorithm is pre-existing in the signature assistance device or system, and the independently deployed embodiment adopted by the signature assistance device or system is usually the public key pair d in the key pair of one homomorphic encryption algorithm of the signature assistance device or system which is deployed independently U Encrypted to obtain S U In this case, although the ECDSA signature key pair may be generated and distributed in any embodiment or deployment method, a program or system for generating and distributing the ECDSA signature key pair needs to be configured or customized for useThe public key of the corresponding homomorphic encryption algorithm for the independently deployed signature assisted device or system.
To d U Encryption and pair S U The key pair of the decrypted homomorphic encryption algorithm is pre-existing in the signature assistance device or system, and is specifically described in the following implementation cases:
the signature auxiliary device or system is independently deployed in different organizations and enterprises, which belong to different organizations and enterprises, but the ECDSA signature private key (and corresponding digital certificate) of the user may need to be used in application systems of different organizations and enterprises, for example, the ECDSA signature private key corresponds to a digital certificate trusted by each organization and enterprise, and the certificate and the private key are used in application systems of different organizations, that is, signature auxiliary devices or systems independently deployed in different organizations and enterprises may need to decrypt s generated by the user terminal of the same user in the process of generating the digital signature 1 、T sk1 In this regard, the following is the manner that may be employed (but not the only possible):
s of user U Only binding with signature auxiliary device or system of an organization or enterprise, and using S when a user needs to use S U When a digital signature is generated, no matter which organization or enterprise system a user (terminal) interacts with, the user terminal interacts only with the bound signature assistance device or system, and the digital signature is generated.
If to d U Encryption and pair S U If the key pair of the decrypted homomorphic encryption algorithm is generated temporarily, then the following are some possible implementation scenarios:
to d U Encryption and pair S U The key pair of the decrypted homomorphic encryption algorithm is temporarily generated and is matched to the private key SK 1 The encryption of (a) is by a public key encryption algorithm and the signature assistance device or system is in a centrally deployed implementation, then typically a public key pair SK of a public key pair of the signature assistance device or system is used 1 Encryption (a common key pair, i.e., a key pair shared by a plurality of signature support devices or systems), in this case, the ECDSA signature key pair is generated and distributed in any of the embodiments and the arrangementsCan be prepared;
to d U Encryption and pair S U The key pair of the decrypted homomorphic encryption algorithm is temporarily generated and is matched to the private key SK 1 The encryption of (a) is performed by a public key encryption algorithm, and the signature assistance device or system is performed in a distributed deployment, then the public key pair SK of a public key pair of the signature assistance device or system can be used 1 Encryption (i.e. sharing a key pair by a plurality of signature assistance devices or systems deployed in a distributed manner), or, alternatively, SK using a group public key using a group-oriented encryption algorithm 1 Encryption (that is, a plurality of signature auxiliary devices or systems distributed and deployed belong to a group, and group members may have their own private keys), at this time, the ECDSA signature key pair may be generated and distributed in any implementation manner and deployment manner.
To d U Encryption and pairing of S U The key pair of the decrypted homomorphic encryption algorithm is temporarily generated and is matched to the private key SK 1 The encryption of (1) is performed by using a public key encryption algorithm, and the independently deployed embodiment of the signature assistance device or system is typically performed by using a public key pair SK in a key pair of the independently deployed signature assistance device or system 1 Encryption, in this case, the ECDSA signature key pair may be generated and distributed in any implementation and deployment manner, but a program or a system for generating and distributing the ECDSA signature key pair needs to be configured or customized to use a corresponding public key for a signature assistance device or system deployed independently;
to d is paired U Encryption and pair S U The key pair of the decrypted homomorphic encryption algorithm is temporarily generated and is matched to the private key SK 1 The encryption of (1) adopts a symmetric key encryption algorithm, then the generation and distribution of the ECDSA signing key pair needs to adopt an implementation mode (including an implementation mode of independent or cooperative generation and distribution) of the generation and distribution of a key generation device or a system of a server, and the key generation device or the system needs to correspond to the key generation device or the system which needs to decrypt T sk1 The signature assistance device or system of (2) shares a symmetric key.
If for d U Encryption and pair S U The key pair of the decrypted homomorphic encryption algorithm is generated temporarily, and the following implementation case is specifically described below:
the signature auxiliary device or system is independently deployed in different organizations and enterprises, which belong to different organizations and enterprises, but the ECDSA signature private key (and corresponding digital certificate) of the user may need to be used in application systems of different organizations and enterprises, for example, the ECDSA signature private key corresponds to a digital certificate trusted by each organization and enterprise, and the certificate and the private key are used in application systems of different organizations, that is, signature auxiliary devices or systems independently deployed in different organizations and enterprises may all face the situation of decrypting s generated by a user terminal of the same user in the process of generating a digital signature 1 、T sk1 For this, the following two ways are possible (but not all possible):
(1) Subscriber S U 、T sk1 Only binding with signature auxiliary device or system of an organization or enterprise, and using S when a user needs to use S U 、T sk1 When the digital signature is generated, no matter which organization or enterprise system a user (terminal) interacts with, the user terminal only interacts with the bound signature auxiliary device or system to generate the digital signature;
(2) Encryption d U Temporary generation of the public key of the homomorphic encryption algorithm, and the secret key SK of the homomorphic encryption algorithm generated temporarily 1 The encryption of (2) adopts a group-oriented encryption mode, signature auxiliary devices or systems independently deployed by different organizations and enterprises are all members of a group, and all have a private key of the group member.
If the implementation employs group-oriented encryption, then the lifecycle management (generation, update, revocation) of the group keys (public, private) is provided by the key service system of the specialized cryptographic service.
In the practice of the present invention, although S U Is stored in the user terminal in the form of ciphertext, but in order to prevent the ciphertext from being stolen, the S stored in the user terminal is used U Still further security measures can be taken, such as fingerprint protection, PIN protection, or even re-useSub-encryption, etc.
In the practice of the invention, to prevent S U Before the signature auxiliary device or system is stolen, before the signature auxiliary device or system assists the user terminal to complete the generation of the digital signature, the identity authentication of the user needs to be completed through strict and safe identity authentication, such as identity authentication based on short messages and biological characteristics, or identity authentication of the user needs to be completed through calling a system of the signature auxiliary device or system, such as an application service system, so as to ensure that the user is the public key Q U The owner of (a).
The generation and distribution modes of the ECDSA signature key pair are four and five, and the user terminal does not reveal d 1 d 2 、d 1 +d 2 In the case of (2), verify d 1 d 2 、d 1 +d 2 And [1,n-1]One ECDSA signature private key d inside U Modulo n congruence, i.e. d 1 d 2 =d U (mod n)、d 1 +d 2 =d U (mod n) and has Q U =d U G, i.e. verifying that there is d U =(d 1 d 2 )mod n、d U =(d 1 +d 2 ) mod n and Q U =d U G, there are many ways, and the following are some of the ways that can be employed.
The user terminal is [1,n-1]]Randomly selecting an integer b by S U And homomorphic encryption operation calculation to obtain S b =E((bd 1 d 2 )(mod n))、S b =E((b(d 1 +d 2 ) Mod n)), S b Sending to a key generation device or system; key generation device or system calculates Q b =(D(S b ) mod n) G, where D (-) is the decryption operation of the private key using a homomorphic encryption algorithm (assuming that the key generation apparatus or system has the ability to do so, e.g., sharing cryptographic facilities with or with the signature assistance apparatus or system); key generation apparatus or system b Sending the data to a user terminal; user terminal checking bQ U And Q b And if the two are the same, the verification is passed, otherwise, the verification fails.
Alternatively, the user terminal is in [1,n-1]]Randomly selecting an integer b by S U And the same asCalculating to obtain S through state encryption operation b =E((d 1 d 2 +b)(mod n))、S b =E((d 1 +d 2 + b) (mod n)), S b Sending to a key generation device or system; key generation device or system calculates Q b =(D(S b ) mod n) G, where D (-) is a decryption operation of the private key using a homomorphic encryption algorithm; key generation apparatus or system b Sending the data to a user terminal; user terminal checking Q U + bG and Q b And if the two are the same, the verification is passed, otherwise, the verification fails.
The Security Token issued by the application service system is a temporary authorization credential, which may be a standard Security Token (such as WS-Security Token, SAML assertion, security ticket, json Web Token, JWT, etc.), or a Security Token in a custom format; the security token is signed with an asymmetric key (such as SM2, SM9, RSA, ECDSA), or a symmetric key signature (such as HMAC).
In the practice of the present invention, if for S U Is encrypted again into ciphertext T U Then will T U Stored in the user terminal, this encryption is (usually) not performed in the signature aid or system, but (usually) performed in the user terminal, otherwise the signature aid or system can decrypt S U To obtain d U This obviously does not meet the safety requirements, safety goals, of the solution. The problem now is to T U Decrypted Key SK 2 Who generated, to SK 2 Who did the encryption? Note the simple fact that SK 2 There is no secret between the user terminal and the signature assistance device or system, and therefore, SK 2 And corresponding for encrypting S U If SK 2 If it is a private key, the corresponding encryption key is the corresponding public key, if SK is 2 A symmetric key, the corresponding encryption key is also a symmetric key) may be generated by the user terminal (at the time of initialization of the user signing key), or may be generated by the signing assistance device or system (at the time of initialization of the user signing key) and then transmitted to the user terminal; if it decrypts T sk2 SK (key) of 3 Is a private key, use correspondenceIs a public key pair SK 2 Encryption can be completed in a user terminal or a signature auxiliary device or system; if it decrypts T sk2 SK (K) key 3 Is a symmetric key, then SK is used 3 For SK 2 The encryption may be performed by a signature assistance device or system, and the result of the encryption T may then be transmitted sk2 Back to the user terminal because SK 2 Not a secret for the signature assistance device or system. The remaining problem is that for different deployments of signature assistance devices or systems, the SK of which signature assistance device or system needs to be used 3 Corresponding encryption key pair SK 2 Encryption? One simple principle is: when performing digital signature, the user terminal interacts with which signature support device or system, and the SK of which signature support device or system is used 3 Corresponding encryption key pair SK 2 Encryption, in which SK 3 The corresponding encryption key comprises a symmetric key or a public key, and if the public key comprises a common public key and a group public key, the pair d U When the key pair of the encrypted homomorphic encryption algorithm is temporarily generated, the private key SK of the temporarily generated homomorphic encryption algorithm is used 1 Encryption is performed similarly.
The invention relates to a plurality of keys, which are mixed in the concrete implementation: SK 1 Is used for decrypting d U Ciphertext S after homomorphic encryption U Private key of SK 2 Is used for decrypting S U Ciphertext T after being encrypted again U Is not used to decrypt SK 1 Key T of sk1 The secret key of (a); decryption of T sk1 Belonging to signature assistance devices or systems, SK (not specially named) 2 A key that does not belong to a signature assistance device or system; SK 3 Is for decrypting SK 2 Ciphertext T of sk2 Secret key of SK 3 Is a key belonging to a signature assistance device or system; SK 1 And SK 2 、SK 3 There is no direct or indirect association between them.
On the basis of the ECDSA digital signature generation method based on the ciphertext private key, the corresponding ECDSA digital signature generation system based on the signature private key can be implemented, and comprises a signature auxiliary device or system,A password program or a password module or a password component in the user terminal; the user terminal stores a private signature key d of the user ECDSA U Is encrypted to U (ii) a When a digital signature needs to be performed on the message M by using the ECDSA signature private key of the user, a password program or a password module or a password component in the user terminal and a signature auxiliary device or system cooperatively generate the digital signature for the message M according to the ECDSA digital signature generation method based on the ciphertext private key, wherein the password program or the password module or the password component in the user terminal implements the operation processing executed by the user terminal in the digital signature generation method. Further, the implemented system may further comprise a key generation apparatus or system, a trusted program for ECDSA signing key pair generation.
In the implementation of the present invention, the signature auxiliary device or system may be a software device or system, or a device or system combining software and hardware, where the software device may be an independently running program or a cryptographic module, and the device combining software and hardware may be plug-and-play cryptographic hardware such as a cryptographic card, or a cryptographic machine/cryptographic server.
In the implementation of the present invention, the user terminal is various computing devices used by the user, such as a computer, a mobile phone, a tablet computer, and the like, and the user terminal implements the digital signature generation function in the user terminal of the present invention through a password program, a password module, or a password component running therein, i.e., the program implementing the password function such as digital signature in the user terminal may be a password program running independently, such as a program formed by an app and a wechat applet, or a password module, or a password component implementing the password function such as digital signature, such as a password API, an SDK, a wechat applet plug-in, a browser plug-in, or a control. If the programs implementing the password functions such as digital signature are independently operated password programs, the programs in the same user terminal transmit data to the password programs, and the data transmission can be performed by utilizing the user terminal and a mechanism for transmitting data between the programs in the computing device, which is provided by a program development technology; if the program for implementing the cryptographic functions such as digital signature is a cryptographic module and a cryptographic component, the program for calling the cryptographic module and the cryptographic component directly transmits data to the called cryptographic module and the cryptographic component; if another terminal except the user terminal with the digital signature function needs to use the digital signature function in the user terminal, a program in the other terminal, such as a client program of an application service system, can transmit calling information and data to a password program or a password module or a password component for implementing the digital signature function in the user terminal in a bar code display and user code scanning mode; if the user terminal is a mobile communication terminal (such as a mobile phone), the application service system can send a short message through the mobile communication terminal of the user, start a password program for implementing the ECDSA digital signature function in the mobile communication terminal of the user through information contained in the short message, such as URL Schema, and automatically transmit the security token or the acquired information of the security token to the password program for implementing the ECDSA digital signature function in the mobile communication terminal of the user through URL link or through information input in the short message by the user.
Fig. 1 is a schematic diagram of a basic structure and an application of the system of the present invention, fig. 2 is a schematic diagram of a deployment scenario of a signature assisting apparatus or a system center of the present invention, fig. 3 is a schematic diagram of a distribution deployment scenario of the signature assisting apparatus or the system of the present invention, and fig. 4 is a schematic diagram of an independent deployment scenario of the signature assisting apparatus or the system of the present invention.
Other specific technical implementations not described are well known to those skilled in the relevant art and will be apparent to those skilled in the relevant art.
Claims (10)
1. An ECDSA digital signature generation method based on a ciphertext private key is characterized by comprising the following steps:
the user terminal has Q U =d U G, with secret S U =E(d U ) In which d is U Signing a private key for the ECDSA of a user, G being a base point of an ECDSA elliptic curve point group, Q U Signing private key d for ECDSA of user U The corresponding public key, E (-) is the encryption operation using the homomorphic encryption algorithm;
the user terminal is a computing device of a user; the homomorphic encryption algorithm is an addition homomorphic encryption algorithm or a full homomorphic encryption algorithm; signature assistance devices or systems having homomorphic additionPrivate key SK of decryption operation corresponding to public key adopted by encryption operation E (-) of cipher algorithm 1 Or a private key SK of a decryption operation corresponding to a public key employed in an encryption operation E (-) of a homomorphic encryption algorithm 1 Encrypted as ciphertext T via a key employing a signature assistance device or system sk1 Wherein for SK 1 The key of the signature auxiliary device or system used for encryption comprises a symmetric key or a public key, and the user terminal stores a private key SK for decryption operation corresponding to the public key used for encryption operation E (-) 1 Ciphertext T of sk1 (ii) a The signature auxiliary device or system is a computing device or system for assisting and assisting the user terminal to complete digital signature generation and calculation;
when the ECDSA signature private key d of the user needs to be used U When the digital signature is carried out on the message M, the user terminal and the signature auxiliary device or system generate the digital signature aiming at the message M as follows:
the user terminal calculates a hash value e of the message M by using the message M and the hash function, and sends e to the signature auxiliary device or system, or the signature auxiliary device or system calculates the hash value e of the message M by using the message M and the hash function and sends e to the user terminal;
the user terminal is [1,n-1]Randomly selecting an integer k in the interval 1 Wherein n is the order of the base point G, and n is a prime number;
signature auxiliary devices or systems are in [1,n-1]]Randomly selecting an integer k in the interval 2 ;
User terminal and signature assistance device or system without exposing respective secrets k 1 、k 2 The following calculation is done in the case of (1):
the user terminal is ensuring that the signature assistance device or system does not reselect k 2 In the case of (1), R = k is calculated by interacting with a signature assistance device or system 1 k 2 G;
Signature assistance device or system in ensuring that a user terminal does not reselect k 1 In the case of (1), R is obtained by interactive calculation with the user terminal f =k 1 k 2 G;
Alternatively, the first and second electrodes may be,
the user terminal is ensuring that the signature assistance device or system does not reselect k 2 In the case of (a), R = (k) is calculated by interacting with a signature assistance device or system 1 +k 2 )G;
Signature assistance device or system in ensuring that a user terminal does not reselect k 1 In the case of (2), R is obtained by interactive calculation with the user terminal f =(k 1 +k 2 )G;
If R and/or R f Zero element, the user terminal, signature assistant or system reselects k 1 、k 2 Recalculated R, R f Up to R and R f Is not zero;
user terminal calculates r = x R mod n, where x R Is taken from (x) R ,y R )=R;
Signature assistance device or system calculates r f =x Rf mod n, where x Rf Is taken from (x) Rf ,y Rf )=R f ;
User terminal and signature assistance device or system check r and/or r f If it is 0, if so, the user terminal and the signature assisting device or system reselect k 1 、k 2 Recalculated R, R f Recalculating r, r f Up to r and r f Are both different from 0;
the subscriber terminal and the signature assistant device or system check whether (e + rd) will occur, respectively U ) mod n =0 and/or (e + r) f d U ) mod n =0, i.e. if s =0 would occur, where s is the parameter s in the digital signature (r, s) to be computed;
if yes, the user terminal and the signature auxiliary device or the system reselect k 1 、k 2 Recalculated R, R f Recalculating r, r f Until (e + rd) does not occur U ) mod n =0 and/or (e + r) f d U ) mod n =0, or go to error handling;
if (e + rd) does not occur U ) mod n =0 and/or (e + r) f d U ) When mod n =0, proceedSubsequent calculation processing;
the subscriber terminal calculates s in one of the following ways 1 :
s 1 The first calculation method is as follows:
R、R f the formula used is R = k 1 k 2 G、R f =k 1 k 2 G;
The user terminal is [1,n-1]Randomly selecting an integer b from b, e, r and S U 、k 1 Calculated by a homomorphic encryption algorithm, the following are obtained:
s 10 =((k 1 ) -1 e-b)mod n,s 11 =E(b+(k 1 ) -1 rd U (mod n)),
or, s 10 =((k 1 ) -1 (e-b))mod n,s 11 =E((k 1 ) -1 (b+rd U )(mod n)),
Or, s 10 =((k 1 ) -1 (e-rb))mod n,s 11 =E((k 1 ) -1 (r(d U + b)) (mod n)), where (k) is 1 ) -1 Is k 1 The inverse of the modulo n multiplication of;
s 10 、s 11 numerical value pairs(s) 10 ,s 11 ) Composition s 1 ;
s 1 And a second calculation method:
R、R f the formula used is R = k 1 k 2 G、R f =k 1 k 2 G;
User terminal utilizes e, r, S U 、k 1 The calculation result is obtained through a homomorphic encryption algorithm:
s 1 =E((k 1 ) -1 (e+rd U ) (mod n)), wherein (k) 1 ) -1 Is k 1 The inverse of the modulo n multiplication of;
s 1 and a third calculation mode:
R、R f the formula used is R = k 1 k 2 G、R f =k 1 k 2 G;
E (-) is the encryption algorithm of the full homomorphism correspondingly;
signature assistance device or system computing c 2 =E((k 2 ) -1 ) Wherein (k) 2 ) -1 Is k 2 Inverse of modulo n multiplication of c 2 Sending the data to a user terminal;
user terminal using e, r, S U 、k 1 、c 2 Calculated by a homomorphic encryption algorithm, the following are obtained:
s 1 =E((k 1 k 2 ) -1 (e+rd U ) (mod n)), in which (k) 1 k 2 ) -1 Is k 1 k 2 The inverse of the modulo n multiplication of;
s 1 and the calculation method is as follows:
R、R f the formula adopted is R = (k) 1 +k 2 )G、R f =(k 1 +k 2 )G;
Signature assistance device or system computing c 2 =E(k 2 ) C is mixing 2 Sending the data to a user terminal;
the user terminal is [1,n-1]Randomly selecting an integer b from b, e, r and S U 、k 1 、c 2 The calculation result is obtained through a homomorphic encryption algorithm:
s 10 =E(b(k 1 +k 2 )(mod n)),s 11 =E(b(e+rd U )(mod n));
s 10 、s 11 numerical value pairs(s) 10 ,s 11 ) Composition s 1 ;
Is calculated to obtain s 1 After that, the user terminal will s 1 Sending to a signature assistance device or system;
private key SK of a decryption operation if it corresponds to the public key employed by the encryption operation E (-) of the homomorphic encryption algorithm 1 Encrypted as ciphertext T via a key employing a signature assistance device or system sk1 If the data is stored in the user terminal, the user terminal also stores T sk1 To a signature assistance device or system which decrypts T sk1 Obtaining the private key SK of the decryption operation corresponding to the public key used by the encryption operation E (-) of the homomorphic encryption algorithm 1 ;
For s 1 In the first calculation mode, the signature auxiliary device or system uses the private key SK 1 Decrypting the value pair s 1 S in 11 Obtaining s 11 Is given 12 Calculating s = ((k) 2 ) -1 (s 10 +s 12 ))mod n;
For s 1 In the second calculation mode, the signature auxiliary device or system uses the private key SK 1 Decryption s 1 Obtaining s 1 Is given 12 Calculating s = ((k) 2 ) -1 s 12 )mod n;
For s 1 Third, the signature auxiliary device or system uses the private key SK 1 Decryption s 1 Obtaining s 1 Is given 12 Calculating s = s 12 mod n;
For s 1 In the fourth calculation mode, the signature auxiliary device or system uses the private key SK 1 Decrypting the value pair s 1 S in 10 、s 11 Respectively obtain s 10 Is given 12 ,s 11 Is given 13 Calculating s = ((s) 12 ) -1 s 13 ) mod n, where(s) 12 ) -1 Is s is 12 The inverse of the modulo n multiplication of;
the signature auxiliary device or system returns s to the user terminal; before returning s to the user terminal, the signature assistance device or system verifies whether s is using e, k 1 、k 2 、r f And public key Q U Corresponding private key d U Calculating according to the ECDSA calculation mode, if so, continuing, otherwise, performing error processing;
user terminal verifies whether s is used e, k 1 、k 2 R and public key Q U Corresponding private key d U Calculating according to the ECDSA, if the verification is passed, (r, s) is the digital signature of the message M, otherwise, performing error processing;
in the above formula of the encryption operation E (-) using the homomorphic encryption algorithm, a (mod n), where a is an integer representing an integer congruent to a modulo n;
the signature assistanceBefore assisting and assisting the user terminal to complete the generation of the digital signature, the device or the system identifies and confirms that the user using the user terminal, namely the signer, is the public key Q U Or a system authentication relying on invoking a signature assistance device or system to confirm that the user using the user terminal, i.e. the signer, is the public key Q U The owner of (a);
the user terminal implements the digital signature calculation and generation steps through a password program or a password module or a password component which implements the password function in the user terminal, and implements the ECDSA digital signature function.
2. The method for generating an ECDSA digital signature based on a ciphertext private key as claimed in claim 1, wherein:
the subscriber terminal and the signature assistant device or system check whether (e + rd) will occur, respectively U ) mod n =0 and/or (e + r) f d U ) One method for the case of mod n =0 is as follows:
user terminal checks eG + rQ U If it is zero, then (e + rd) will appear U ) mod n =0, otherwise not;
signature assistance device or system checks eG + r f Q U If it is a zero element, if so, (e + r) will appear f d U ) mod n =0, otherwise nothing.
3. The method for generating an ECDSA digital signature based on a ciphertext private key as claimed in claim 1, wherein:
signature assistance device or system verifies whether s is using e, k 1 、k 2 、r f And public key Q U Corresponding private key d U The method obtained by the calculation according to the ECDSA calculation mode comprises the following steps:
signature assistance device or system check verification (r) f S) whether the message is a digital signature of the message M, if so, the verification is passed, otherwise, the verification fails;
alternatively, the signature assisting apparatus or system checks the verification sR f Whether or not the value of (d) is equal to eG + r f Q U If the two are the same, the verification is passed,otherwise, the verification fails;
user terminal verifies whether s is used e, k 1 、k 2 R and public key Q U Corresponding private key d U The method obtained by the calculation according to the ECDSA calculation mode comprises the following steps:
the user terminal checks whether the verification (r, s) is the digital signature of the message M, if so, the verification is passed, otherwise, the verification fails;
alternatively, the user terminal checks to verify whether the value of sR is equal to eG + rQ U And if the verification result is the same, the verification is passed, and otherwise, the verification fails.
4. The method for generating an ECDSA digital signature based on a ciphertext private key as claimed in claim 1, wherein:
on the basis of the above ECDSA digital signature generation method based on the ciphertext private key U The method for generating the stolen ECDSA based on the ciphertext private key comprises the following steps:
when a user accesses an application service system and needs to use an ECDSA signature private key of the user to carry out digital signature on a message M, the application service system issues a security token for the user; the security token is an authorization credential requesting signature assistance by a signature assistance device or system, co-generating, or/and computing a digital signature;
the application service system transmits the security token or the acquired information of the security token to a password program or a password module or a password component for implementing an ECDSA digital signature function in the user terminal; the acquisition information of the security token is used for acquiring the security token issued by the application service system;
the user terminal submits the security token or the acquired information of the security token to a signature auxiliary device or system;
if the acquisition information of the security token is submitted to the signature auxiliary device or the system, the signature auxiliary device or the system acquires the security token issued by the application service system by using the acquisition information;
the signature assistance device or system verifies the validity of the security token, after which the user terminal and the signature assistance device or system authenticate the cryptogram-based privacy as described aboveECDSA digital signature generation method of key, using S U A digital signature for message M is generated.
5. The method for generating an ECDSA digital signature based on a ciphertext private key as claimed in claim 4, wherein:
the mode that the application service system transmits the security token or the acquired information of the security token to the password program or the password module or the password component implementing the ECDSA digital signature function in the user terminal comprises the following steps:
if a client program used by a user for accessing the application service system and a password program or a password module or a password component for implementing the ECDSA digital signature function are located in the same user terminal, the application service system transmits a security token or the acquisition information of the security token to the password program or the password module or the password component for implementing the ECDSA digital signature function in the user terminal through the client program;
or if the client program used by the user for accessing the application service system and the password program or the password module or the password component for implementing the ECDSA digital signature function are located in different user terminals, the application service system displays the bar code through the client program used by the user, and then transmits the acquired information of the security token or the security token to the password program or the password module or the password component for implementing the ECDSA digital signature function in the user terminal in a code scanning mode of using the user terminal by the user;
or, if the user terminal is a mobile communication terminal, the application service system sends a short message through the mobile communication terminal of the user, starts a password program for implementing the ECDSA digital signature function in the mobile communication terminal of the user through information contained in the short message, and transmits the security token or the acquired information of the security token to the password program for implementing the ECDSA digital signature function in the mobile communication terminal of the user automatically through the start information or in a mode that the user inputs the information in the short message.
6. The method for generating an ECDSA digital signature based on a ciphertext private key as claimed in claim 4, wherein:
for the prevention of S described above U One security enhancement scheme of the stolen ciphertext private key-based ECDSA digital signature generation method is as follows:
the homomorphic encryption algorithm corresponding to the homomorphic encryption operation E (-) is a fully homomorphic encryption algorithm;
while the application service system issues a security token to the user, the application service system is in [1,n-1]]Randomly selecting an integer k 0 Calculating R 0 =k 0 G,c 0 =E((k 0 ) -1 ) Or c 0 =E(k 0 ) Wherein (k) 0 ) -1 Is k 0 Is inverted modulo n, then R is inverted 0 Together with a security token, to a signature assistance device or system, R, via a user terminal 0 Subject to security protection by a security token, c 0 Or c 0 The acquired information is transmitted to the user terminal;
if the user terminal receives c 0 The user terminal obtains c using the obtained information 0 ;
The signature assistance device or system determines R by the security token after verifying the validity of the received security token 0 The effectiveness of (a);
the user terminal or the signature auxiliary device or the system calculates to obtain a hash value e of the message M;
the user terminal is [1,n-1]Randomly selecting an integer k in the interval 1 The signature auxiliary device or system is in [1,n-1]]Randomly selecting an integer k in the interval 2 ;
User terminal and signature assistance device or system without exposing respective secrets k 1 、k 2 The following calculation is done in the case of (1):
the user terminal is ensuring that the signature assistance device or system does not reselect k 2 In the case of (1), R = k is calculated by interacting with a signature assistance device or system 1 k 2 R 0 ;
Signature assistance apparatus or system in ensuring that a user terminal does not reselect k 1 In the case of (1), R is obtained by interactive calculation with the user terminal f =k 1 k 2 R 0 ;
Alternatively, the first and second liquid crystal display panels may be,
the user terminal is ensuring that the signature assistance device or system does not reselect k 2 In the case of (a), R = (k) is calculated by interacting with a signature assistance device or system 1 +k 2 )R 0 ;
Signature assistance apparatus or system in ensuring that a user terminal does not reselect k 1 In the case of (1), R is obtained by interactive calculation with the user terminal f =(k 1 +k 2 )R 0 ;
If R and/or R f Zero element, the user terminal, signature assistant or system reselects k 1 、k 2 Recalculated R, R f Up to R and R f Is not zero;
user terminal calculates r = x R mod n, where x R Is taken from (x) R ,y R )=R;
Signature assistance apparatus or system for calculating r f =x Rf mod n, where x Rf Is taken from (x) Rf ,y Rf )=R f ;
User terminal and signature assistance device or system checking r and/or r f If it is 0, if so, the user terminal and the signature assisting device or system reselect k 1 、k 2 Recalculated R, R f Recalculating r, r f Up to r and r f Are both different from 0;
the user terminal and the signature assistant apparatus or system check whether (e + rd) occurs, respectively U ) mod n =0 and/or (e + r) f d U ) mod n =0, i.e. if s =0 would occur, where s is the parameter s in the digital signature (r, s) to be computed;
if yes, the user terminal and the signature auxiliary device or the system reselect k 1 、k 2 Recalculated R, R f Recalculating r, r f Until (e + rd) does not occur U ) mod n =0 and/or (e + r) f d U ) mod n =0, or go to error handling;
if (e + rd) does not occur U ) mod n =0 and/or (e + r) f d U ) If mod n =0, performing subsequent calculation processing;
the subscriber terminal calculates s in one of the following ways 1 :
s 1 And a fifth calculation mode:
R、R f the formula used is R = k 1 k 2 R 0 、R f =k 1 k 2 R 0 ,c 0 =E((k 0 ) -1 );
User terminal using e, r, S U 、c 0 、k 1 Calculated by homomorphic encryption algorithm
s 1 =E((k 0 k 1 ) -1 (e+rd U ) (mod n)), in which (k) 0 k 1 ) -1 Is k 0 k 1 The inverse of the modulo n multiplication of;
s 1 a sixth calculation mode:
R、R f the formula used is R = k 1 k 2 R 0 、R f =k 1 k 2 R 0 ,c 0 =E((k 0 ) -1 );
Signature assistance device or system computing c 2 =E((k 2 ) -1 ) Wherein (k) 2 ) -1 Is k 2 Inverse of modulo n multiplication of c 2 Sending the data to a user terminal;
user terminal using e, r, S U 、c 0 、k 1 、c 2 Calculated by a homomorphic encryption algorithm, the following are obtained:
s 1 =E((k 0 k 1 k 2 ) -1 (e+rd U ) (mod n)), in which (k) 0 k 1 k 2 ) -1 Is k is 0 k 1 k 2 The inverse of the modulo n multiplication of;
s 1 a seventh calculation mode:
R、R f the formula adopted is R = (k) 1 +k 2 )R 0 、R f =(k 1 +k 2 )R 0 ,c 0 =E(k 0 );
Signature assistance device or system computing c 2 =E(k 2 ) C is to c 2 Sending the data to a user terminal;
the user terminal is [1,n-1]Randomly selecting an integer b from b, e, r and S U 、c 0 、k 1 、c 2 Calculated by a homomorphic encryption algorithm, the following are obtained:
s 10 =E(bk 0 (k 1 +k 2 )(mod n)),s 11 =E(b(e+rd U )(mod n));
s 10 、s 11 numerical value pairs(s) 10 ,s 11 ) Composition s 1 ;
Is calculated to obtain s 1 Thereafter, the user terminal will s 1 Sending to a signature assistance device or system;
private key SK for decryption operation corresponding to public key used for encryption operation E (-) of homomorphic encryption algorithm 1 Encrypted as ciphertext T via a key employing a signature assistance device or system sk1 Then the user terminal will also T sk1 To a signature assistance device or system which decrypts T sk1 Obtaining the private key SK of the decryption operation corresponding to the public key used by the encryption operation E (-) of the homomorphic encryption algorithm 1 ;
For s 1 Fifth calculation mode, signature auxiliary device or system uses private key SK 1 Decryption s 1 Obtaining s 1 Is given 12 Calculating s = ((k) 2 ) -1 s 12 )mod n;
For s 1 Sixth, the signature auxiliary device or system uses the private key SK 1 Decryption s 1 Obtaining s 1 Is given 12 Calculating s = s 12 mod n;
For s 1 Seventh, the signature auxiliary device or system uses the private key SK 1 Decrypting the value pair s 1 S in 10 、s 11 Respectively obtain s 10 Is given 12 ,s 11 Is given 13 Calculating s = ((s) 12 ) -1 s 13 ) mod n, where(s) 12 ) -1 Is s is 12 The inverse of the modulo n multiplication of;
the signature auxiliary device or system returns s to the user terminal; before returning s to the user terminal, the signature assistance device or system verifies whether s is using e, k 0 、k 1 、k 2 、r f And public key Q U Corresponding private key d U Calculating according to the ECDSA calculation mode, if so, continuing, and if the verification fails, switching to error processing;
user terminal verifies whether s is used e, k 0 、k 1 、k 2 R and public key Q U Corresponding private key d U Calculating according to the ECDSA digital signature calculation mode, if the verification is passed, (r, s) is the digital signature of the message M, otherwise, carrying out error processing;
before assisting and assisting the user terminal to complete the generation of the digital signature, the signature assisting device or system authenticates and confirms that the user using the user terminal, namely the signer, is the public key Q U Or a system relying on invoking a signature assistance device or system to authenticate and confirm that the user using the user terminal, i.e. the signer, is the public key Q U The owner of (1).
7. The method for generating an ECDSA digital signature based on a ciphertext private key according to any one of claims 4 to 6, wherein:
prevention of S as described above U The method for generating the ECDSA based on the ciphertext private key for preventing the security token from being stolen on the basis of the method for generating the ECDSA based on the ciphertext private key for preventing the stolen ECDSA is as follows:
when the application service system issues a security token to a user, randomly selecting an integer w as a disturbance parameter in [1,n-1], encrypting w into ciphertext data which can be decrypted only by a signature auxiliary device or system, transmitting the ciphertext data of w together with the security token to the signature auxiliary device or system through a user terminal, and protecting the plaintext or ciphertext data of w by the security token;
after verifying the validity of the received security token, the signature auxiliary device or system decrypts the ciphertext of the disturbance parameter w to obtain the plaintext of w, and meanwhile, the validity of the plaintext or the ciphertext of w is determined through the security token;
then, the user terminal and the signature auxiliary device or system generate a digital signature (r, s) aiming at the message M according to the ECDSA digital signature generation method based on the ciphertext private key;
signature assistance device or system calculates s w = (s + w) mod n or s w = (sw) mod n, resulting in perturbed digital signature (r, s) w );
(r,s w ) Submitted or returned to the application service system without passing through the user terminal;
application service system calculates s =(s) w -w) mod n or s = (w) -1 s w ) mod n, where w -1 The digital signature (r, s) for message M is recovered as the modulo-n inverse of w.
8. The method for generating the ECDSA digital signature based on the ciphertext private key according to any one of claims 4 to 6, wherein:
associating a security token with S U The mode of re-encryption is combined, and the following security enhancement methods are adopted:
S U encrypted to form ciphertext data T U (ii) a For decrypting ciphertext data T U SK (key) of 2 Encrypted to form ciphertext data T sk2 The signature auxiliary device or system being useful for decrypting ciphertext data T sk2 SK (key) of 3 (ii) a Ciphertext data T U And ciphertext data T sk2 Storing in the user terminal;
when a user accesses an application service system and needs to use an ECDSA signature private key of the user to carry out digital signature on a message M, the application service system issues a security token for the user; the application service system transmits the security token or the acquired information of the security token to a password program or a password module or a password component for implementing an ECDSA digital signature function in the user terminal;
the user terminal obtains the security token or the security token acquisition information and T sk2 Submitted to a signature assistance device or system;
if the acquisition information of the security token is submitted to the signature auxiliary device or the system, the signature auxiliary device or the system acquires the security token issued by the application service system by using the acquisition information;
after the signature assistance device or system verifies the validity of the security token, the key SK is used 3 Decrypting ciphertext data T sk2 Obtaining the secret key SK 2 Secret key SK 2 Returning to the user terminal;
user terminal using key SK 2 Decrypting ciphertext data T U To obtain S U Then, the user terminal and the signature auxiliary device or system utilize S according to the ECDSA digital signature generation method based on the ciphertext private key U A digital signature for message M is generated.
9. The method for generating an ECDSA digital signature based on a ciphertext private key according to any one of claims 1 to 6, wherein:
for the above ECDSA digital signature generation method based on the ciphertext private key, the generation and distribution method of the ECDSA signature key pair of the user includes:
the first method is as follows:
ECDSA signature key pair Q generated by a trusted program in a user terminal U 、d U For the private signature key d U Encrypted to obtain ciphertext S U D is mixing d U Discard and then add S U Safe storage; the trusted program is a password program or a password module developer or a program provided by a password service provider;
the second method comprises the following steps:
ECDSA signature Key Pair Q generated by a trusted program in another terminal U 、d U D for the private signature key U Encrypted to obtain ciphertext S U D is mixing d U Discarding, and scanning S by bar code U Transmitting to the user terminal for storage; the other terminal is used for storing and using S U A computing device other than the user terminal of (1);
the third method comprises the following steps:
generation of ECDSA signature key pair Q by a key generation apparatus or system U 、d U For the signature private key d U Encrypted to obtain ciphertext S U D is mixing U Discard and then put S in a secure manner U Transmitting to the user terminal for storage;
the method is as follows:
the key generation device or system is in [1,n-1]]Randomly selecting an integer d 1 To d is paired 1 S is obtained by adopting homomorphic encryption algorithm for encryption U1 =E(d 1 ) Calculating Q U1 =d 1 G, mixing S U1 、Q U1 Sending the data to a user terminal;
the user terminal is [1,n-1]Randomly selecting an integer d 2 Using a homomorphic encryption algorithm, S U1 Is calculated to obtain S U =E(d 1 d 2 ) Calculating Q U =d 2 Q U1 ;
User terminal is not exposed 1 d 2 In the case of (2), verify d 1 d 2 And [1,n-1]One ECDSA signature private key d inside U Modulo n congruence, i.e. d 1 d 2 =d U (mod n) and has Q U =d U G, i.e. verifying that there is d U =(d 1 d 2 ) mod n and Q U =d U G;
The fifth mode is as follows:
the key generation device or system is in [1,n-1]]Randomly selecting an integer d 1 To d is paired 1 S is obtained by adopting homomorphic encryption algorithm to encrypt U1 =E(d 1 ) Calculating Q U1 =d 1 G, mixing S U1 、Q U1 Sending the data to a user terminal;
the user terminal is [1,n-1]Randomly selecting an integer d 2 Calculating Q U =d 2 G+Q U1 (ii) a Examination of Q U If the number of the bits is zero, the key generation device or system is again in [1,n-1]]Randomly selecting an integer d 1 Recalculating S U1 、Q U1 The user terminal is in [1,n-1 again]Randomly selecting an integer d 2 Calculating Q U =d 2 G+Q U1 ,Q U Until it is a non-zero element;
user terminal using homomorphic encryption algorithm, S U1 Calculating to obtain S U =E(d 1 +d 2 );
User terminal is not exposed 1 +d 2 In the case of (2), verify d 1 +d 2 And [1,n-1]One ECDSA signature private key d inside U Modulo n congruence, i.e. d 1 +d 2 =d U (mod n) and has Q U =d U G, i.e. verifying that there is d U =(d 1 +d 2 ) mod n and Q U =d U G;
For the above ECDSA signature private key generation and distribution mode, if d is encrypted U Or d 1 d 2 Or d 1 +d 2 If the homomorphic encryption algorithm public key used is temporarily generated, d is generated U Or d 1 The device, system or program uses a symmetric key or a public key to encrypt a corresponding private key SK of a homomorphic encryption algorithm for decryption operation 1 Encrypt to obtain SK 1 Ciphertext T of sk1 In which a public key pair SK is used 1 The encryption is suitable for all five ECDSA signature key pairs, and adopts symmetric key pair SK 1 Encryption is only applicable to the third, fourth and fifth generation and distribution modes of the ECDSA signature key pair.
10. An ECDSA digital signature generation system based on the ciphertext private key based ECDSA digital signature generation method of any one of claims 1 to 6, wherein:
the system comprises a signature auxiliary device or system, a password program or a password module or a password component in a user terminal; the user terminal stores a user ECDSA signature private key d U Is encrypted to U (ii) a When a digital signature needs to be performed on the message M by using the ECDSA private signature key of the user, a password program or a password module or a password component in the user terminal and a signature auxiliary device or system cooperatively generate the digital signature for the message M according to the ECDSA digital signature generation method based on the ciphertext private key, wherein the password program or the password module or the password component in the user terminal implements the methodThe method for generating the ECDSA digital signature based on the ciphertext private key comprises the operation processing executed by a user terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211265723.5A CN115766019A (en) | 2022-10-17 | 2022-10-17 | Ciphertext private key-based ECDSA digital signature generation method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211265723.5A CN115766019A (en) | 2022-10-17 | 2022-10-17 | Ciphertext private key-based ECDSA digital signature generation method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115766019A true CN115766019A (en) | 2023-03-07 |
Family
ID=85351612
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211265723.5A Pending CN115766019A (en) | 2022-10-17 | 2022-10-17 | Ciphertext private key-based ECDSA digital signature generation method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115766019A (en) |
-
2022
- 2022-10-17 CN CN202211265723.5A patent/CN115766019A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2639997B1 (en) | Method and system for secure access of a first computer to a second computer | |
| KR100969241B1 (en) | Method and system for managing data on a network | |
| EP3297244A1 (en) | Method and apparatus for acquiring an electronic file | |
| US7634085B1 (en) | Identity-based-encryption system with partial attribute matching | |
| Amin et al. | A software agent enabled biometric security algorithm for secure file access in consumer storage devices | |
| WO2004046849A2 (en) | Cryptographic methods and apparatus for secure authentication | |
| JP2012521109A (en) | Identification method and shared key generation method | |
| JP2023500570A (en) | Digital signature generation using cold wallet | |
| Wu et al. | An enhanced mutual authentication and key agreement scheme for mobile user roaming service in global mobility networks | |
| US11290444B2 (en) | Method and system for strong authentication and secure communication | |
| CN107248997B (en) | Authentication method based on intelligent card under multi-server environment | |
| Amintoosi et al. | TAMA: three-factor authentication for multi-server architecture | |
| Das et al. | A decentralized open web cryptographic standard | |
| CN111355702B (en) | Method and system for secure transmission of data sets, medical facility and program product | |
| KR100542652B1 (en) | Key-exchange protocol method for mobile communication system | |
| CN115314207A (en) | Secure and controllable use method and system for SM2 signature making data | |
| Braeken et al. | ESSMAR: Edge supportive secure mobile augmented reality architecture for healthcare | |
| Lu et al. | A chaotic-map-based password-authenticated key exchange protocol for telecare medicine information systems | |
| CN115766019A (en) | Ciphertext private key-based ECDSA digital signature generation method and system | |
| CN115865356A (en) | Safe and controllable use method and system of ECDSA (electronic signature SA) private key | |
| Chang et al. | A secure authentication scheme for telecare medical information systems | |
| Rana et al. | Cryptanalysis and improvement of biometric based content distribution framework for digital rights management systems | |
| CN114978549B (en) | SM2 digital signature generation method and system for signer to control signature making data | |
| CN115150062B (en) | SM9 digital signature generation method and system with signature production data controlled safely | |
| Surya et al. | Single sign on mechanism using attribute based encryption in distributed computer networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |