CN116094729B - Method and system for offline authorization and online signature generation based on SM9 signature - Google Patents

Method and system for offline authorization and online signature generation based on SM9 signature Download PDF

Info

Publication number
CN116094729B
CN116094729B CN202310063990.2A CN202310063990A CN116094729B CN 116094729 B CN116094729 B CN 116094729B CN 202310063990 A CN202310063990 A CN 202310063990A CN 116094729 B CN116094729 B CN 116094729B
Authority
CN
China
Prior art keywords
signature
offline
online
key
authorizer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310063990.2A
Other languages
Chinese (zh)
Other versions
CN116094729A (en
Inventor
安浩杨
何德彪
包子健
彭聪
冯琦
罗敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan University WHU
Original Assignee
Wuhan University WHU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University WHU filed Critical Wuhan University WHU
Priority to CN202310063990.2A priority Critical patent/CN116094729B/en
Publication of CN116094729A publication Critical patent/CN116094729A/en
Application granted granted Critical
Publication of CN116094729B publication Critical patent/CN116094729B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an off-line authorization and on-line signature generation method and system based on SM9 signature, wherein the method comprises a key generation center KGC given parameterSelecting random numbersAs a master private key, and calculate a master public key P pub=[α]P2; the key generation center KGC generates a partial private key of the offline authorizer as d ID=[α·(H1(ID)+α)‑1]P1 and sends d ID to the user; setting an offline authorizer key; setting an online signer key; offline authorization is performed on the message m i; online signing and verification signing of message m i. The literature has pointed out an online offline authorization signature system based on SM2 and a certificate-free signature system based on SM9, but an offline authorization and online signature scheme based on SM9 digital signature has not been proposed yet. The method divides the signature into two stages of on-line and off-line, and can be suitable for application scenes with limited resources. The invention enriches the application of SM9 digital signature.

Description

Method and system for offline authorization and online signature generation based on SM9 signature
Technical Field
The invention belongs to the technical field of information security, relates to an offline authorization and online signature generation method and system, and in particular relates to an SM9 signature-based offline authorization and online signature generation method and system.
Background
Digital signatures are an important component of the field of public key cryptography. Digital signatures can be used to replace traditional manual signatures and seals. The signature can realize various security targets such as content confirmation, approval, validation and responsibility, and anti-repudiation, anti-counterfeiting, anti-tampering and the like. The online offline authorization signature is a special digital signature technology, most of the signature is calculated in an offline stage before the signature message arrives, and the calculation results are stored, so that when the message to be signed is received, the online signature of the message can be generated in a short time by utilizing the data stored in the offline stage, and the online authorization signature is generally applied to the scene of the Internet of things with limited resources.
The SM9 algorithm is an identification password algorithm based on elliptic curve bilinear pairs, issued by the national password administration (Standard Table number: GM/T0044-2016 SM9 identification password algorithm) at 28 of 2016, and incorporated into the International standards at 11 of 2018. It mainly comprises three parts: digital signature algorithm, public key encryption algorithm, key exchange protocol. The current SM9 identification password algorithm cannot be flexibly adapted to an application field needing offline authorization and online signature, and in some application scenes needing to adapt to the national password algorithm, the password scheme is lacked as a support.
Disclosure of Invention
In order to solve the technical problems, the invention provides an off-line authorization and on-line signature generation method and system based on SM9 signature.
The technical scheme adopted by the method is as follows: an off-line authorization and on-line signature generation method based on SM9 signature comprises the following steps:
Step 1: key generation center KGC given parameters Wherein, given a safety parameter lambda, a specific curve generating parameter t is selected, and an elliptic curve base domain/>, is constructed by a base domain characteristic equation p (t) =36t 4+36t3+24t2 +6t+1And determining curve equation parameters as a and b, embedding times as k=12, and constructing/>P-th order cyclic subgroup/>And its generator/>Construction/>P-th order cyclic subgroup/>And its generation elementBilinear pair e: /(I)Selecting a cryptographic hash function H 1(·),H2(·),H3 (): a set of integers consisting of 1, 2..q-1, q being a large prime number;
Step 2: selecting random numbers As a master private key, and calculate a master public key P pub=[α]P2;
Step 3: the key generation center KGC generates a partial private key of the offline authorizer as d ID=[α·(H1(ID)+α)-1]P1 and sends d ID to the user;
Step 4: setting an offline authorizer key;
Step 5: setting an online signer key;
Step 6: offline authorization signing is carried out on the message m i;
step 7: online signing the message m i;
Step8: and verifying the signature.
The system of the invention adopts the technical proposal that: an SM9 signature-based offline authorization and online signature generation system, comprising the following modules:
module 1 for key generation center KGC given parameters Wherein, given a safety parameter lambda, a specific curve generating parameter t is selected, and an elliptic curve base domain/>, is constructed by a base domain characteristic equation p (t) =36t 4+36t3+24t2 +6t+1And determining curve equation parameters as a and b, embedding times as k=12, and constructing/>P-th order cyclic subgroup/>By its generator/>Construction/>P-th order cyclic subgroup/>By its generatorBilinear pair e: /(I)Selecting a cryptographic hash function H 1(·),H2(·),H3 (): a set of integers consisting of 1, 2..q-1, q being a large prime number;
A module 2 for selecting random numbers As a master private key, and calculate a master public key P pub=[α]P2;
The module 3 is used for generating a partial private key d ID=[α·(H1(ID)+α)-1]P1 of the offline authorizer by the key generation center KGC and sending d ID to the user;
a module 4 for offline authorizer key setting;
a module 5 for online signer key setting;
a module 6, configured to perform offline authorization signing on the message m i;
a module 7 for online signing the message m i;
module 8 for verifying the signature.
Compared with the prior art, the invention has the following advantages and beneficial effects:
1. The literature has pointed out an online offline authorization signature system based on SM2 and a certificate-free signature system based on SM9, but an offline authorization and online signature scheme based on SM9 digital signature has not been proposed yet.
2. The scheme divides the signature into two stages of online and offline, and can be suitable for application scenes with limited resources.
3. Enriches the application of SM9 digital signatures.
Drawings
FIG. 1 is a flow chart of a method according to an embodiment of the present invention;
FIG. 2 is a flow chart of an offline authorizer key generation phase in accordance with an embodiment of the present invention;
FIG. 3 is a flow chart of an online signer key generation and offline authorization signing authorization phase of an embodiment of the present invention;
fig. 4 is a flow chart of an online signature and verification phase of an embodiment of the present invention.
Detailed Description
In order to facilitate the understanding and practice of the invention, those of ordinary skill in the art will now make further details with reference to the drawings and examples, it being understood that the examples described herein are for the purpose of illustration and explanation only and are not intended to limit the invention thereto.
In order to ensure the universality, the parameter selection of the embodiment is consistent with the standard parameter of the SM9 digital signature algorithm. Specific symbols are described as follows:
q: a large prime number.
An integer set consisting of 1, 2.
The addition loop group with order p.
The multiplication loop group with the order p.
P 1,P2: respectively as groupsAnd/>Is a generator of (1).
G u: the u-th power of element G in multiplicative group G T.
[K] P: the k times point of point P on the elliptic curve, k being a positive integer.
E: bilinear pair mapping from G 1×G2 to G T.
H 1(·),H2(·),H3 (.): the cryptographic functions derived from the cryptographic hash function are all{0,1} * Represents a binary string of length.
F (.): cryptographic function derived from cryptographic hash function
KGC: key generation center
Alpha: a system master private key held by KGC secrets.
P pub: the system main public key disclosed by KGC has a calculation formula of P pub=[α]P2.
ID: a discernable identification of the user.
D ID: a partial private key of the offline authorizer.
X: secret value of the offline authorizer.
Usk: private key of the offline authorizer.
Y i,zi: private key of the online signer.
X, Y i,Zi: the public key of the user.
M i: a message to be signed.
H, V: offline authorization signature value.
T i,ri: online signature value.
Mod q: and (5) performing modular q operation. For example, 31mod 5≡1.
X||y: x and y, where x and y may be a bit string or a byte string.
Referring to fig. 1, the method for offline authorization and online signature generation based on SM9 signature provided by the invention comprises the following steps:
Step 1: key generation center KGC given parameters Wherein a security parameter lambda is given; 256-bit BN curve is adopted to realize bilinear pairing operation, specifically, a specific curve generation parameter t is selected, and an elliptic curve base domain/> is constructed through a base domain characteristic equation p (t) =36t 4+36t3+24t2 +6t+1And determining curve equation parameters as a and b, embedding times as k=12, and constructing/>P-th order cyclic subgroup/>And its generation elementConstruction/>P-th order cyclic subgroup/>And its generator/>Bilinear pair e: selecting a cryptographic hash function H 1(·),H2(·),H3 (): /(I) A set of integers consisting of 1, 2..q-1, q being a large prime number;
Step 2: selecting random numbers As a master private key, and calculate a master public key P pub=[α]P2;
Step 3: the key generation center KGC generates a partial private key of the offline authorizer as d ID=[α·(H1(ID)+α)-1]P1 and sends d ID to the user;
Step 4: setting an offline authorizer key;
Please refer to fig. 2, in this embodiment, the offline authorizer randomly selects As secret values, q= [ H 1(ID)]P2+Ppub, x= [ X ] Q, and s=h 3 (X); the private key usk= [ (x+s) -1]dID, the public key X of the offline authorizer is set.
Step 5: setting an online signer key;
please refer to fig. 3, in this embodiment, the online signer i randomly selects Calculating Y i=[yi]P1,Zi=[zi]P1; the private key of the online signer is set to (Y i,zi) and the public key (Y i,Zi).
Step 6: offline authorization signing is carried out on the message m i;
Please refer to fig. 3, in the present embodiment, the offline authorizer authorizes the plurality of online signers to generate a plurality of offline authorization signatures, and calculates an element g=e in G T (P 1,Ppub); randomly select Calculation/>H i=H2(X||Yi||Zi||Wi), calculating l i=wi-hi mod q and V i=[li ] usk; generating an offline authorization signature value (h i,Vi); wherein mod q is a modulo q operation and usk is the private key of the offline authorizer.
Step 7: online signing the message m i;
please refer to fig. 4, in this embodiment, the online signer randomly selects Calculate T i=[ti]P1 and r i=zi-F(mi,Ti)(ti+yi) mod q; generating an online signature value (T i,ri);
Step8: verifying the signature;
Please refer to fig. 4, the specific implementation of step 8 in this embodiment includes the following sub-steps:
Step 8.1: the verifier computes from the given message m i, the offline authorizer's public key X, the online signer's public key (Y i,Zi), the identity ID, the offline authorization signature value (h i,Vi) and the online signature value (T i,ri):
Zi′=[ri]P1+[F(mi,Ti)](Ti+Yi);
Q=[H1(ID)]P2+Ppub
s=H3(X);
ui=e(Vi,X+[s]Q);
g=e(P1,Ppub);
W′i=ui·gi
step 8.2: judging whether h i=H2(X||Yi||Zi′||Wi') is true or not, if so, the signature is legal; otherwise, the signature is invalid;
Correctness:
Zi′=[ri]P1+[F(mi,Ti)](Ti+Yi)
=[zi-F(mi,Ti)(ti+yi)]P1+[F(m,Ti)]([ti]P1+[yi]P1)
=[zi]P1-[F(mi,Ti)(ti+yi)]P1+[F(m,Ti)]([ti]P1+[yi]P1)
=[zi]P1-[F(mi,Ti)(ti+yi)]P1+[F(mi,Ti)(ti+yi)]P1
=[zi]P1
u=e(V,X+[s]Q)
=e([l]uski,[x]Q+[s]Q)
=e([l·(x+s)-1]dID,[x]Q+[s]Q)
=e([l·α·(x+s)-1·(H1(ID)+α)-1]P1,[(x+s)·(H1(ID)+α)]P2)
=e(P1,Ppub)l
=gl
W′=u·gh
=gl·gh
=gw-h·gh
=gw
h=H2(X||Yi||Zi||W′)
=H2(X||[yi]P1||[zi]P1||gw)。
The invention is based on the signature structure of SM9 algorithm, is divided into two stages of offline authorization and online signature, and is suitable for low-end computing equipment with weaker computing capacity.
It should be understood that the foregoing description of the preferred embodiments is not intended to limit the scope of the invention, but rather to limit the scope of the claims, and that those skilled in the art can make substitutions or modifications without departing from the scope of the invention as set forth in the appended claims.

Claims (2)

1. An offline authorization and online signature generation method based on SM9 signature is characterized by comprising the following steps:
Step 1: key generation center KGC given parameters Wherein, given a safety parameter lambda, a specific curve generating parameter t is selected, and an elliptic curve base domain/>, is constructed by a base domain characteristic equation p (t) =36t 4+36t3+24t2 +6t+1And determining curve equation parameters as a and b, embedding times as k=12, and constructing/>P-th order cyclic subgroup/>And its generator/>Construction/>P-th order cyclic subgroup/>And its generation elementBilinear pair/>Selecting a cryptographic hash function H 1(·),H2(·),H3 (): a set of integers consisting of 1, 2..q-1, q being a large prime number;
Step 2: selecting random numbers As a master private key, and calculate a master public key P pub=[α]P2;
Step 3: the key generation center KGC generates a partial private key of the offline authorizer as d ID=[α·(H1(ID)+α)-1]P1 and sends d ID to the user;
Step 4: setting an offline authorizer key;
wherein, the offline authorizer randomly selects As secret values, q= [ H 1(ID)]P2+Ppub, x= [ X ] Q, and s=h 3 (X); setting a private key usk= [ (x+s) -1]dID and a public key X of the offline authorizer;
Step 5: setting an online signer key;
Wherein, the online signer i randomly selects Calculating Y i=[yi]P1,Zi=[zi]P1; setting the private key of the online signer to be (Y i,zi) and the public key (Y i,Zi);
Step 6: offline authorization signing is carried out on the message m i;
Wherein the offline authorizer authorizes the plurality of online signers to generate a plurality of offline authorization signatures, and calculates an element g=e in G T (P 1,Ppub); randomly select Calculation/>H i=H2(X||Yi||Zi||Wi), calculating l i=wi-hi mod q and V i=[li ] usk; generating an offline authorization signature value (h i,Ti); wherein mod q is modulo q operation, usk is the private key of the offline authorizer;
step 7: online signing the message m i;
Wherein the online signer randomly selects Calculate T i=[ti]P1 and r i=zi-F(mi,Ti)(ti+yi) mod q; generating an online signature value (T i,ri); wherein F (.): cryptographic function derived from cryptographic hash function/>
Step8: verifying the signature;
the specific implementation comprises the following substeps:
Step 8.1: the verifier computes from the given message m i, the offline authorizer's public key X, the online signer's public key (Y i,Zi), the identity ID, the offline authorization signature value (h i,Vi) and the online signature value (T i,ri):
Zi′=[ri]P1+[F(mi,Ti)](Ti+Yi);
Q=[H1(ID)]P2+Ppub
s=H3(X);
ui=e(Vi,X+[s]Q);
g=e(P1,Ppub);
step 8.2: judging whether h i=H2(X||Yi||Zi′||Wi') is true or not, if so, the signature is legal; otherwise, the signature is invalid;
Correctness:
Zi′=[ri]P1+[F(mi,Ti)](Ti+Yi)
=[zi-F(mi,Ti)(ti+yi)]P1+[F(m,Ti)]([ti]P1+[yi]P1)
=[zi]P1-[F(mi,Ti)(ti+yi)]P1+[F(m,Ti)]([ti]P1+[yi]P1)
=[zi]P1-[F(mi,Ti)(ti+yi)]P1+[F(mi,Ti)(ti+yi)]P1
=[zi]P1
u=e(V,X+[s]Q)
=e([l]uski,[x]Q+[s]Q)
=e([l·(x+s)-1]dID,[x]Q+[s]Q)
=e([l·α·(x+s)-1·(H1(ID)+α)-1]P1,[(x+s)·(H1(ID)+α)]P2)
=e(P1,Ppub)l
=gl
W′=u·gh
=gl·gh
=gw-h·gh
=gw
h=H2(X||Yi′||Z′i||W′)
=H2(X||[yi]P1||[zi]P1||gw)。
2. an SM9 signature-based offline authorization and online signature generation system employing the method of claim 1; the device is characterized by comprising the following modules:
module 1 for key generation center KGC given parameters Wherein, given a safety parameter lambda, a specific curve generating parameter t is selected, and an elliptic curve base domain/>, is constructed by a base domain characteristic equation p (t) =36t 4+36t3+24t2 +6t+1And determining curve equation parameters as a and b, embedding times as k=12, and constructing/>P-th order cyclic subgroup/>And its generator/>Construction/>P-th order cyclic subgroup/>And its generation elementBilinear pair/>Selecting a cryptographic hash function H 1(·),H2(·),H3 (): a set of integers consisting of 1, 2..q-1, q being a large prime number;
A module 2 for selecting random numbers As a master private key, and calculate a master public key P pub=[α]P2;
The module 3 is used for generating a partial private key d ID=[α·(H1(ID)+α)-1]P1 of the offline authorizer by the key generation center KGC and sending d ID to the user;
a module 4 for offline authorizer key setting;
a module 5 for online signer key setting;
a module 6, configured to perform offline authorization signing on the message m i;
a module 7 for online signing the message m i;
module 8 for verifying the signature.
CN202310063990.2A 2023-01-12 2023-01-12 Method and system for offline authorization and online signature generation based on SM9 signature Active CN116094729B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310063990.2A CN116094729B (en) 2023-01-12 2023-01-12 Method and system for offline authorization and online signature generation based on SM9 signature

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310063990.2A CN116094729B (en) 2023-01-12 2023-01-12 Method and system for offline authorization and online signature generation based on SM9 signature

Publications (2)

Publication Number Publication Date
CN116094729A CN116094729A (en) 2023-05-09
CN116094729B true CN116094729B (en) 2024-04-19

Family

ID=86204133

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310063990.2A Active CN116094729B (en) 2023-01-12 2023-01-12 Method and system for offline authorization and online signature generation based on SM9 signature

Country Status (1)

Country Link
CN (1) CN116094729B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018119670A1 (en) * 2016-12-27 2018-07-05 深圳大学 Method and device for certificateless partially blind signature
CN108809658A (en) * 2018-07-20 2018-11-13 武汉大学 A kind of digital signature method and system of the identity base based on SM2
CN115580408A (en) * 2022-09-23 2023-01-06 上海阵方科技有限公司 SM 9-based certificateless signature generation method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018119670A1 (en) * 2016-12-27 2018-07-05 深圳大学 Method and device for certificateless partially blind signature
CN108809658A (en) * 2018-07-20 2018-11-13 武汉大学 A kind of digital signature method and system of the identity base based on SM2
CN115580408A (en) * 2022-09-23 2023-01-06 上海阵方科技有限公司 SM 9-based certificateless signature generation method and system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
An efficient attribute-based encryption scheme based on SM9 encryption algorithm for dispatching and control cloud;Honghan Ji, Hongjie Zhang, Lisong Shao, Debiao HeORCID Icon &Min Luo;《Connection Science 》;20210107;第33卷(第4期);全文 *
基于商密SM9算法的物联网安全平台设计与应用;杨平;范苏洪;朱艳;;通信技术;20200310(03);全文 *

Also Published As

Publication number Publication date
CN116094729A (en) 2023-05-09

Similar Documents

Publication Publication Date Title
CN110011802B (en) Efficient method and system for cooperatively generating digital signature by two parties of SM9
CN108667626B (en) Secure two-party collaboration SM2 signature method
CN107634836B (en) SM2 digital signature generation method and system
CN104539423B (en) A kind of implementation method without CertPubKey cipher system of no Bilinear map computing
US7036015B2 (en) Verification protocol
CN107659395B (en) Identity-based distributed authentication method and system in multi-server environment
CN111010272B (en) Identification private key generation and digital signature method, system and device
CN106899413B (en) Digital signature verification method and system
CN107911217B (en) Method and device for cooperatively generating signature based on ECDSA algorithm and data processing system
CN101697513A (en) Digital signature method, device and system as well as digital signature verification method
CN112152813B (en) Certificateless content extraction signcryption method supporting privacy protection
CN115174056B (en) Chameleon signature generation method and chameleon signature generation device based on SM9 signature
CN112118111A (en) SM2 digital signature method suitable for threshold calculation
CN114117547A (en) SM9 digital signature accelerated generation method and digital signature accelerated verification method based on pre-calculation table
CN113162773A (en) Heterogeneous blind signcryption method capable of proving safety
CN109064170B (en) Group signature method without trusted center
CN110943845A (en) Method and medium for cooperatively generating SM9 signature by two light-weight parties
CN113055161B (en) Mobile terminal authentication method and system based on SM2 and SM9 digital signature algorithms
CN101116281A (en) Challenge-response signatures and secure diffie-hellman protocols
WO2003063410A1 (en) Cryptosystem
CN116094729B (en) Method and system for offline authorization and online signature generation based on SM9 signature
Wu et al. ID-based remote authentication with smart cards on open distributed system from elliptic curve cryptography
CN115580408A (en) SM 9-based certificateless signature generation method and system
CN111800269A (en) Anti-leakage certificate-based broadcast key packaging method
CN115174053B (en) Signature generation method and device for repudiation ring authentication based on SM9 algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant