CN116155490A - A Signature Key Generation Method Based on SM9 Cryptographic Algorithm - Google Patents

A Signature Key Generation Method Based on SM9 Cryptographic Algorithm Download PDF

Info

Publication number
CN116155490A
CN116155490A CN202211714704.6A CN202211714704A CN116155490A CN 116155490 A CN116155490 A CN 116155490A CN 202211714704 A CN202211714704 A CN 202211714704A CN 116155490 A CN116155490 A CN 116155490A
Authority
CN
China
Prior art keywords
signature
calculating
random number
operation unit
key generation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211714704.6A
Other languages
Chinese (zh)
Other versions
CN116155490B (en
Inventor
高科
李立
杨磊
焦英华
李运飞
司会彬
郭星岐
祁威浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhaoxun Hengda Technology Co ltd
Original Assignee
Zhaoxun Hengda Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhaoxun Hengda Technology Co ltd filed Critical Zhaoxun Hengda Technology Co ltd
Priority to CN202211714704.6A priority Critical patent/CN116155490B/en
Publication of CN116155490A publication Critical patent/CN116155490A/en
Application granted granted Critical
Publication of CN116155490B publication Critical patent/CN116155490B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3033Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/08Randomization, e.g. dummy operations or using noise

Landscapes

  • Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种基于SM9密码算法的签名密钥生成方法。该签名密钥生成方法包括以下步骤:M1:通过KGC产生随机数ks∈[1,N‑1]作为签名主私钥,其中,N为SM9椭圆曲线的阶;M2:计算G2中的元素Ppub=[ks]P2作为签名主公钥,其中,群G2表示阶为素数N的加法循环群,P2为群G2的生成元。本发明所提供的签名密钥生成方法用随机化后的ks'代替签名主私钥ks进行运算;用随机化后的ds'代替签名私钥ds进行运算。利用这种双随机保护机制,进一步提高了安全性。

Figure 202211714704

The invention discloses a signature key generation method based on the SM9 cryptographic algorithm. The signature key generation method includes the following steps: M1: generate a random number ks∈[1, N‑1] through KGC as the signature master private key, where N is the order of the SM9 elliptic curve; M2: calculate the elements in G2 Ppub=[ks]P2 is used as the signature master public key, where the group G 2 represents an additive cyclic group whose order is a prime number N, and P2 is the generator of the group G 2 . The signature key generation method provided by the present invention uses the randomized ks' to replace the signature master private key ks for calculation; uses the randomized ds' to replace the signature private key ds for calculation. Using this double random protection mechanism further improves the security.

Figure 202211714704

Description

一种基于SM9密码算法的签名密钥生成方法A Signature Key Generation Method Based on SM9 Cryptographic Algorithm

技术领域technical field

本发明涉及一种基于SM9密码算法的签名密钥生成方法,属于信息安全技术领域。The invention relates to a method for generating a signature key based on an SM9 cryptographic algorithm, and belongs to the technical field of information security.

背景技术Background technique

目前,基于公钥密码学的数字签名和加解密技术已经广泛应用在电子商务、身份认证等应用中,为网上交易、通信提供一套成熟、安全的技术和规范。私钥的安全性是保证这些应用安全的基础条件之一。At present, digital signature and encryption and decryption technologies based on public key cryptography have been widely used in e-commerce, identity authentication and other applications, providing a set of mature and secure technologies and specifications for online transactions and communications. The security of the private key is one of the basic conditions to ensure the security of these applications.

SM9标识密码算法是我国独立设计的一种基于标识密码体系的商用密码算法,它是在有限域中利用椭圆曲线上的双线性对构造的基于标识的密码算法。在SM9密码算法中,用户私钥由密钥生成中心根据主密钥和用户标识计算得出,用户的公钥由用户标识唯一确定并由用户设备管理者保证标识的真实性。SM9密码算法包括签名/验签算法,加/解密算法,封装/解封装算法和密钥交换算法。相对于传统的采用公钥基础设施技术(PKI)的密码体系,SM9密码算法的最大优势是无需数据证书、总体拥有成本较低以及易于管理和使用。The SM9 identity encryption algorithm is a commercial encryption algorithm based on the identity encryption system independently designed in my country. It is an identity-based encryption algorithm constructed using bilinear pairings on elliptic curves in a finite field. In the SM9 cryptographic algorithm, the user's private key is calculated by the key generation center based on the master key and the user ID, and the user's public key is uniquely determined by the user ID and the authenticity of the ID is guaranteed by the user equipment manager. SM9 cryptographic algorithms include signature/signature verification algorithms, encryption/decryption algorithms, encapsulation/decapsulation algorithms and key exchange algorithms. Compared with the traditional encryption system using public key infrastructure (PKI), the biggest advantage of the SM9 encryption algorithm is that it does not require data certificates, has low total cost of ownership, and is easy to manage and use.

根据中国国家标准GB/T 38635.2-2020《信息安全技术SM9密码算法第2部分:算法》第3.8节,SM9密码算法的用户私钥由密钥生成中心(KGC)根据主私钥和用户标识来生成,而主私钥一般由KGC通过随机数发生器来生成。主私钥和用户私钥直接关系到SM9密码算法的安全性,因此需要研究出一种在签名密钥生成算法过程中保护用户私钥的方法,防止主私钥和用户私钥的信息泄露。According to the Chinese National Standard GB/T 38635.2-2020 "Information Security Technology SM9 Cryptographic Algorithm Part 2: Algorithm" Section 3.8, the user private key of the SM9 cryptographic algorithm is generated by the Key Generation Center (KGC) according to the master private key and user ID Generated, and the master private key is generally generated by KGC through a random number generator. The master private key and the user private key are directly related to the security of the SM9 cryptographic algorithm, so it is necessary to develop a method to protect the user private key during the signature key generation algorithm to prevent information leakage of the master private key and the user private key.

发明内容Contents of the invention

本发明所要解决的技术问题在于提供一种基于SM9密码算法的签名密钥生成方法。The technical problem to be solved by the present invention is to provide a signature key generation method based on the SM9 cryptographic algorithm.

为实现上述技术目的,本发明采用以下的技术方案:For realizing above-mentioned technical purpose, the present invention adopts following technical scheme:

一种基于SM9密码算法的签名密钥生成方法,包括以下步骤:A method for generating a signature key based on the SM9 cryptographic algorithm, comprising the following steps:

M1:通过KGC产生随机数ks∈[1,N-1]作为签名主私钥,其中,N为SM9椭圆曲线的阶;M1: Generate a random number ks∈[1, N-1] through KGC as the signature master private key, where N is the order of the SM9 elliptic curve;

M2:计算G2中的元素Ppub=[ks]P2作为签名主公钥,其中,群G2表示阶为素数N的加法循环群,P2为群G2的生成元。M2: Calculate the element Ppub=[ks]P2 in G 2 as the signature master public key, where the group G 2 represents the additive cyclic group whose order is a prime number N, and P2 is the generator of the group G 2 .

其中较优地,所述签名密钥生成方法还包括以下步骤:Wherein preferably, the signature key generation method also includes the following steps:

M3:获取用户标识ID和一个字节的签名私钥生成函数识别符hi d拼接为Z=ID||hi d;M3: Obtain the user ID and one byte signature private key generation function identifier hi d spliced into Z=ID||hi d;

M4:在有限域FN内计算t 1=H1(Z,N)+ks,其中,H 1为密码函数;M4: Calculate t1=H1(Z, N)+ks in the finite field FN, wherein, H1 is a cryptographic function;

M5:计算t2=ks*t 1^-1modN;M5: Calculate t2=ks*t 1^-1modN;

M6:计算签名私钥ds=[t 2]P 1,其中,P 1为群G1的生成元,群G1表示阶为素数N的加法循环群。M6: Calculate the signature private key ds=[t 2]P 1, where P 1 is the generator of the group G 1 , and the group G 1 represents the additive cyclic group whose order is a prime number N.

其中较优地,所述步骤M2中,包括如下子步骤:Wherein preferably, the step M2 includes the following sub-steps:

S 1:通过安全的随机数发生器获取随机数R1;S 1: Obtain random number R1 through a secure random number generator;

S2:由模逆运算单元计算R1'=R 1^-1modN;S2: Calculate R1'=R 1^-1modN by the modular inverse operation unit;

S3:利用扩域点乘运算单元计算Q=[R1']P2;S3: Calculate Q=[R1']P2 by using the extended domain point multiplication operation unit;

S4:由模乘运算单元计算ks'=ks*R1modN;S4: Calculate ks'=ks*R1modN by the modular multiplication unit;

S5:利用扩域点乘运算单元计算Ppub'=[ks']Q;S5: Calculate Ppub'=[ks']Q by using the extended domain point multiplication unit;

其中较优地,所述随机数R1位于[1,N-1]之间,并且R1小于N。Preferably, the random number R1 is between [1, N-1], and R1 is smaller than N.

其中较优地,利用扩域点乘运算单元计算Q为随机数。Wherein preferably, Q is calculated as a random number by using an extended field point multiplication operation unit.

其中较优地,通过安全的随机数发生器获取随机数R2。Preferably, the random number R2 is obtained through a secure random number generator.

其中较优地,所述步骤M2中,还包括如下子步骤:Wherein preferably, in the step M2, the following sub-steps are also included:

S7:由模乘运算单元计算t 1'=t 1*R2modN;S7: Calculate t 1'=t 1*R2modN by the modular multiplication operation unit;

S8:由模逆运算单元计算t 1''=t 1'^-1modN;S8: Calculate t 1''=t 1'^-1modN by the modular inverse operation unit;

S9:由模乘运算单元计算t 2'=ks*t 1''modN;S9: Calculate t 2'=ks*t 1''modN by the modular multiplication unit;

S 10:利用基域点乘运算单元计算D=[R2]P 1;S 10: Calculate D=[R2]P 1 by using the base field point multiplication unit;

S 11:利用基域点乘运算单元计算ds'=[t 2']D。S 11: Calculate ds'=[t 2']D by using the base field point multiplication operation unit.

其中较优地,所述随机数R2位于[1,N-1]之间,并且R2小于N。Preferably, the random number R2 is between [1, N-1], and R2 is smaller than N.

与现有技术相比较,本发明所提供的签名密钥生成方法用随机化后的ks'代替签名主私钥ks进行运算。这样就可以减少签名主私钥ks的使用,达到降低签名主私钥ks泄露风险的目的;用随机化后的t 2'代替中间变量t2、用随机化后的ds'代替签名私钥ds进行运算,这样可以减少中间变量t2的使用,防止由于P1为公开参数,t2泄露进而导致签名私钥ds泄露。利用这种双随机保护机制,进一步提高了安全性。Compared with the prior art, the signature key generation method provided by the present invention uses the randomized ks' instead of the signature master private key ks for calculation. In this way, the use of the signature master private key ks can be reduced, and the risk of leakage of the signature master private key ks can be reduced; the intermediate variable t2 is replaced by the randomized t2', and the signature private key ds is replaced by the randomized ds'. In this way, the use of the intermediate variable t2 can be reduced, and the private signature key ds can be prevented from being leaked because P1 is a public parameter and t2 is leaked. Using this double random protection mechanism further improves the security.

附图说明Description of drawings

图1为本发明实施例中,签名主公钥的生成流程图;Fig. 1 is in the embodiment of the present invention, the generation flowchart of signature master public key;

图2为本发明实施例中,签名私钥的生成流程图。Fig. 2 is a flow chart of generating a signature private key in an embodiment of the present invention.

具体实施方式Detailed ways

下面结合附图和具体实施例对本发明的技术内容进行详细具体的说明。The technical content of the present invention will be described in detail below in conjunction with the accompanying drawings and specific embodiments.

为了使本领域的技术人员更好地了解本发明,下面先对本发明的相关背景进行进一步说明。在中国国家标准GB/T 38635.2-2020《信息安全技术SM9密码算法第2部分:算法》第6.1节中描述了SM9签名密钥生成算法,包括系统签名主密钥和用户签名密钥,生成的流程整理如下:In order to enable those skilled in the art to better understand the present invention, the relevant background of the present invention will be further described below. The SM9 signature key generation algorithm is described in Section 6.1 of the Chinese national standard GB/T 38635.2-2020 "Information Security Technology SM9 Cryptographic Algorithm Part 2: Algorithm", including the system signature master key and user signature key. The generated The process is organized as follows:

A1:通过KGC产生随机数ks∈[1,N-1]作为签名主私钥;A1: Generate a random number ks∈[1, N-1] through KGC as the signature master private key;

A2:计算G2中的元素Ppu=[ks]P2作为签名主公钥;A2: Calculate the element Ppu=[ks]P2 in G2 as the signature master public key;

A3:获取用户标识ID和一个字节的签名私钥生成函数识别符hi d拼接为Z=ID||hid;A3: Obtain the user ID and a one-byte signature private key generation function identifier hid and concatenate it into Z=ID||hid;

A4:在有限域FN内计算t 1=H1(Z,N)+ks,H1为密码函数;A4: Calculate t1=H1(Z, N)+ks in the finite field FN, and H1 is a cryptographic function;

A5:计算t2=ks*t 1^-1modN;A5: Calculate t2=ks*t 1^-1modN;

A6:计算签名私钥ds=[t2]P1。A6: Calculate the signature private key ds=[t2]P1.

本发明实施例公开了一种基于SM9密码算法的签名密钥生成方法。参见图1所示的签名主公钥的生成流程图和图2所示的签名私钥的生成流程图,该签名密钥生成方法将签名主私钥ks参与的扩域点乘计算进行替换,即将SM9签名密钥生成算法的步骤A2中运算Ppub=[ks]P2进行替换。The embodiment of the invention discloses a signature key generation method based on the SM9 encryption algorithm. Referring to the flow chart of generating the signature master public key shown in Figure 1 and the generation flow chart of the signature private key shown in Figure 2, the signature key generation method replaces the domain extension point product calculation in which the signature master private key ks participates, That is to replace the operation Ppub=[ks]P2 in step A2 of the SM9 signature key generation algorithm.

因此,本发明实施例提供的签名密钥生成方法,至少包括以下步骤。Therefore, the signature key generation method provided by the embodiment of the present invention at least includes the following steps.

M1:通过KGC产生随机数ks∈[1,N-1]作为签名主私钥;M1: Generate a random number ks∈[1, N-1] through KGC as the signature master private key;

M2:计算G2中的元素Ppub'=[ks']Q作为签名主公钥;M2: Calculate the element Ppub'=[ks']Q in G2 as the signature master public key;

如图1所示,M2步骤具体包括以下子步骤:As shown in Figure 1, the M2 step specifically includes the following sub-steps:

S 1:通过安全的随机数发生器获取随机数R1;S 1: Obtain random number R1 through a secure random number generator;

具体地,该随机数R1需位于[1,N-1]之间,如果产生的随机数R1大于或等于N,则重新产生一个随机数R1,直到R1小于N。其中,N为SM9椭圆曲线的阶,具体地,N表示循环群G1,G2,GT的阶,N是大于2191的素数,群G1,G2表示阶为素数N的加法循环群,群GT表示阶为素数N的乘法循环群。Specifically, the random number R1 needs to be between [1, N-1]. If the generated random number R1 is greater than or equal to N, a new random number R1 is generated until R1 is smaller than N. Among them, N is the order of the SM9 elliptic curve, specifically, N represents the order of the cyclic group G 1 , G 2 , G T , N is a prime number greater than 2 191 , and the group G 1 , G 2 represents the addition cycle whose order is a prime number N The group, the group G T represents the multiplicative cyclic group whose order is a prime number N.

S2:由模逆运算单元计算R1'=R 1^-1modN;S2: Calculate R1'=R 1^-1modN by the modular inverse operation unit;

其中,mod表示求模运算,通过该式可知R1*R1'=1。Wherein, mod represents a modulo operation, and it can be seen from this formula that R1*R1'=1.

S3:利用扩域点乘运算单元计算Q=[R1']P2;S3: Calculate Q=[R1']P2 by using the extended domain point multiplication operation unit;

其中,P2为群G2的生成元,[R 1']P2表示P2的R1'倍。因为R1为随机数,所以由步骤S2可知R1'也为随机数。因此,Q也为随机数,得到的随机数Q用于替换原扩域点乘运算Ppub=[ks]P2中的P2。Among them, P2 is the generator of group G2, and [R 1']P2 represents the R1' times of P2. Since R1 is a random number, it can be known from step S2 that R1' is also a random number. Therefore, Q is also a random number, and the obtained random number Q is used to replace P2 in the original extended domain point multiplication operation Ppub=[ks]P2.

S4:由模乘运算单元计算ks'=ks*R1modN;S4: Calculate ks'=ks*R1modN by the modular multiplication unit;

其中,该式即表示ks'=ks*R 1,得到的ks'代替原扩域点乘运算Ppub=[ks]P2中的ks。Wherein, this formula means ks'=ks*R 1, and the obtained ks' replaces ks in the original dot multiplication operation Ppub=[ks]P2.

S5:利用扩域点乘运算单元计算Ppub'=[ks']Q;S5: Calculate Ppub'=[ks']Q by using the extended domain point multiplication unit;

由此可见,本发明通过上述子流程,使得签名主私钥ks没有参与SM9标准流程中的扩域点乘运算,而是用随机化后的名主私钥ks'来参与运算。这样可以减少签名主私钥ks在运算中使用的次数,由此降低签名主私钥ks的泄露风险。It can be seen that, through the above-mentioned sub-flow, the present invention makes the signature master private key ks not participate in the domain expansion point multiplication operation in the SM9 standard flow, but uses the randomized name master private key ks' to participate in the operation. This can reduce the number of times the signature master private key ks is used in operations, thereby reducing the risk of leakage of the signature master private key ks.

如图2所示,将签名私钥ds参与的基域点乘运算进行替换,即将SM9签名密钥生成算法的步骤A5中运算t 2=ks*t 1^-1modN和步骤A6中运算ds=[t 2]P 1进行替换。As shown in Figure 2, the base field point multiplication operation involving the signature private key ds is replaced, that is, the operation t 2 = ks*t 1^-1modN in step A5 of the SM9 signature key generation algorithm and the operation ds = [t 2] P 1 for replacement.

因此,本发明实施例提供的签名密钥生成方法还包括以下步骤:Therefore, the signature key generation method provided by the embodiment of the present invention further includes the following steps:

M3:获取用户标识ID和一个字节的签名私钥生成函数识别符hi d拼接为Z=ID||hi d;M3: Obtain the user ID and one byte signature private key generation function identifier hi d spliced into Z=ID||hi d;

M4:在有限域FN内计算t 1=H1(Z,N)+ks,H1为密码函数;M4: Calculate t1=H1(Z, N)+ks in the finite field FN, H1 is a cryptographic function;

M5:计算t2'=ks*t 1''mod N;M5: Calculate t2'=ks*t 1''mod N;

M6:计算签名私钥ds'=[t 2']D;M6: Calculate signature private key ds'=[t 2']D;

如图2所示,M5~M6具体包括以下子步骤:As shown in Figure 2, M5-M6 specifically includes the following sub-steps:

S6:通过安全的随机数发生器获取随机数R2;S6: Obtain random number R2 through a secure random number generator;

同S1,该随机数R2需位于[1,N-1]之间,此处不再赘述。Same as S1, the random number R2 needs to be located between [1, N-1], which will not be repeated here.

S7:由模乘运算单元计算t 1'=t 1*R2 mod N;S7: Calculate t 1'=t 1*R2 mod N by the modular multiplication operation unit;

S8:由模逆运算单元计算t 1''=t 1'^-1mod N;S8: Calculate t 1''=t 1'^-1mod N by the modular inverse operation unit;

S9:由模乘运算单元计算t 2'=ks*t 1''mod N;S9: Calculate t 2'=ks*t 1'' mod N by the modular multiplication unit;

通过S7~S9,得到的t2'被R2随机化,将替换原基域点乘运算ds=[t 2]P 1中的t2。Through S7-S9, the obtained t2' is randomized by R2, and will replace t2 in the original base field point multiplication operation ds=[t 2]P 1 .

S 10:利用基域点乘运算单元计算D=[R2]P 1;S 10: Calculate D=[R2]P 1 by using the base field point multiplication unit;

其中,P 1为群G1的生成元,[R2]P 1表示P1的R2倍。因为R2为随机数,所以D也为随机数,得到的D将替换原基域点乘运算ds=[t2]P 1中的P1。Among them, P 1 is the generator of group G1, and [R2]P 1 means R2 times of P1. Because R2 is a random number, D is also a random number, and the obtained D will replace P1 in the original field point multiplication operation ds=[t2]P 1 .

S 11:利用基域点乘运算单元计算ds'=[t2']D。S 11: Calculate ds'=[t2']D by using the base field point multiplication operation unit.

通过上述子流程可知,中间变量t2没有参与SM9标准中的模逆运算和基域点乘运算,本发明中用随机化后的t2'来参与运算。这样可以减少中间变量t 2在运算中使用的次数,由此降低中间变量t 2的泄露风险,进而降低了签名私钥ds生成过程中的泄露风险,增强了密钥生成过程的安全性。It can be seen from the above sub-flow that the intermediate variable t2 does not participate in the modular inverse operation and the base field point multiplication operation in the SM9 standard, and the randomized t2' is used in the present invention to participate in the operation. This can reduce the number of times the intermediate variable t 2 is used in operations, thereby reducing the risk of leakage of the intermediate variable t 2 , thereby reducing the risk of leakage during the generation of the signature private key ds, and enhancing the security of the key generation process.

为了说明本发明实施例提供的签名密钥生成方法的可行性,进一步论证如下。In order to illustrate the feasibility of the signature key generation method provided by the embodiment of the present invention, further demonstration is as follows.

1)替换SM9签名密钥生成算法的私钥防护方法步骤M2中的ks',得到Ppub'=[ks*R1]Q;1) Replace ks' in step M2 of the private key protection method of the SM9 signature key generation algorithm to obtain Ppub'=[ks*R1]Q;

2)替换上一步的Q,得到Ppub'=[ks*R1]*[R1']P22) Replace Q in the previous step to get Ppub'=[ks*R1]*[R1']P2

3)即Ppub'=[ks*R1*R1']P2=[ks]P2,结果与SM9标准流程中Ppub=[ks]P2描述一致;3) That is, Ppub'=[ks*R1*R1']P2=[ks]P2, the result is consistent with the description of Ppub=[ks]P2 in the SM9 standard process;

4)替换SM9签名密钥生成算法的私钥防护方法步骤M6中的D,得到ds'=[t2'*R2]P1;4) Replace D in step M6 of the private key protection method of the SM9 signature key generation algorithm to obtain ds'=[t2'*R2]P1;

5)替换上一步的t 2',得到ds'=[ks*t 1''*R2]P 1;5) Replace t 2' in the previous step to get ds'=[ks*t 1''*R2]P 1;

6)替换上一步的t 1'',得到ds'=[ks*t 1'^-1*R2]P 1;6) Replace t 1'' in the previous step to get ds'=[ks*t 1'^-1*R2]P 1;

7)替换上一步的t 1',得到ds'=[ks*(t 1*R2)^-1*R2]P 1;7) Replace t 1' in the previous step to get ds'=[ks*(t 1*R2)^-1*R2]P 1;

8)由上一步得ds'=[ks*t 1^-1*R2^-1*R2]P 1=[ks*t 1^-1]P 1,因为t2=ks*t1^-1mod N,所以所得结果与原流程第6步ds=[t2]P 1描述一致。8) Get ds'=[ks*t 1^-1*R2^-1*R2]P 1=[ks*t 1^-1]P 1 from the previous step, because t2=ks*t1^-1mod N , so the obtained result is consistent with the description of ds=[t2]P 1 in step 6 of the original process.

由此可以说明,将GB/T 38635.2-2020《信息安全技术SM9密码算法第2部分:算法》第6.1节中的签名主公钥和签名私钥的生成步骤用本发明实施例提供的签名密钥生成方法替换后不会影响最终的签名私钥运算结果,即本发明提供的私钥防护方法的替换方法在原理上是可行的。From this, it can be explained that the generation steps of the signature master public key and the signature private key in Section 6.1 of GB/T 38635.2-2020 "Information Security Technology SM9 Cryptographic Algorithm Part 2: Algorithm" use the signature encryption key provided by the embodiment of the present invention The replacement of the key generation method will not affect the final calculation result of the signature private key, that is, the replacement method of the private key protection method provided by the present invention is feasible in principle.

综上所述,本发明实施例提供的签名密钥生成方法,包括对签名主私钥的防护和签名私钥两方面的防护。To sum up, the signature key generation method provided by the embodiment of the present invention includes protection of the signature master private key and protection of the signature private key.

签名主私钥的防护,是先通过安全的随机数发生器获取一个位于[1,N-1]之间的随机数R1,然后利用模逆运算单元计算R1'=R 1^-1mod N,再由扩域点乘运算单元计算Q=[R1']P2,然后通过模乘运算单元计算ks'=ks*R1 mod N,最后计算扩域点乘运算单元计算Ppub'=[ks']Q,通过上述步骤即可将SM9标准流程中的运算Ppub=[ks]P2替换为Ppub'=[ks']Q,以用随机化后的ks'代替签名主私钥ks进行运算。这样就可以减少签名主私钥ks的使用,达到降低签名主私钥ks泄露风险的目的。The protection of the signature master private key is to obtain a random number R1 between [1, N-1] through a secure random number generator, and then use the modular inverse operation unit to calculate R1'=R 1^-1mod N, Then calculate Q=[R1']P2 by the extended domain point multiplication operation unit, then calculate ks'=ks*R1 mod N through the modular multiplication operation unit, and finally calculate Ppub'=[ks']Q by the extended domain point multiplication operation unit , through the above steps, the operation Ppub=[ks]P2 in the SM9 standard process can be replaced by Ppub'=[ks']Q, so that the randomized ks' can be used instead of the signature master private key ks for operation. In this way, the use of the signature master private key ks can be reduced, and the risk of leakage of the signature master private key ks can be reduced.

签名私钥的防护,是先通过安全的随机数发生器获取随机数R2,然后利用模乘运算单元计算t 1'=t 1*R2 mod N,模逆运算单元计算t 1''=t 1'^-1mod N,以及模乘运算单元计算t2'=ks*t 1''mod N,再利用基域点乘运算单元计算D=[R2]P 1,最后利用基域点乘运算单元计算ds'=[t 2']D,通过上述步骤即可将SM9标准流程中的运算t2=ks*t 1^-1mod N和ds=[t 2]P 1替换为t2'=ks*t 1''mod N和ds'=[t 2']D,用随机化后的t2'代替中间变量t 2、用随机化后的ds'代替签名私钥ds进行运算,这样可以减少中间变量t2的使用,防止由于P1为公开参数,t2泄露进而导致签名私钥ds泄露。因此,本发明利用这种双随机保护机制,进一步提高了安全性。The protection of the signature private key is to first obtain the random number R2 through a secure random number generator, and then use the modular multiplication unit to calculate t 1'=t 1*R2 mod N, and the modular inversion unit to calculate t 1''=t 1 '^-1mod N, and the modular multiplication operation unit calculates t2'=ks*t 1''mod N, then uses the base domain point multiplication operation unit to calculate D=[R2]P 1, and finally uses the base domain point multiplication operation unit to calculate ds'=[t 2']D, through the above steps, the operation t2=ks*t 1^-1mod N and ds=[t 2]P 1 in the SM9 standard process can be replaced by t2'=ks*t 1 ''mod N and ds'=[t 2']D, use the randomized t2' to replace the intermediate variable t2, and use the randomized ds' to replace the signature private key ds for calculation, which can reduce the cost of the intermediate variable t2 Use to prevent the private signature key ds from leaking because P1 is a public parameter and t2 is leaked. Therefore, the present invention further improves security by utilizing this double random protection mechanism.

上面对本发明所提供的基于SM9密码算法的签名密钥生成方法进行了详细的说明。对本领域的一般技术人员而言,在不背离本发明实质内容的前提下对它所做的任何显而易见的改动,都将构成对本发明专利权的侵犯,将承担相应的法律责任。The method for generating a signature key based on the SM9 cryptographic algorithm provided by the present invention has been described in detail above. For those skilled in the art, any obvious changes made to it without departing from the essence of the present invention will constitute an infringement of the patent right of the present invention and will bear corresponding legal responsibilities.

Claims (8)

1. The signature key generation method based on the SM9 cryptographic algorithm is characterized by comprising the following steps of:
m1: generating a random number ks epsilon [1, N-1] as a signature main private key through KGC, wherein N is the order of an SM9 elliptic curve;
m2: calculation G 2 The element ppub= [ ks ]]P2 is used as a signature master public key, wherein, the group G 2 The addition cycle group representing the order as prime number N, P2 as group G 2 Is a generator of (1).
2. The signing key generation method based on SM9 cryptographic algorithm as recited in claim 1, further comprising the steps of:
m3: acquiring a user identification ID and a signature private key generation function identifier hid of one byte, and splicing the user identification ID and the signature private key generation function identifier hid into Z=ID||hid;
m4: calculating t1=h1 (Z, N) +ks in the finite field FN, wherein H1 is a cryptographic function;
m5: calculating t2=kst1-1 mod n;
m6: calculate signature private key ds= [ t2]]P1, wherein P1 is group G 1 Generating element, group G 1 Representing the additive cyclic group with order prime number N.
3. The signing key generating method based on SM9 cryptographic algorithm as recited in claim 1, wherein said step M2 comprises the sub-steps of:
s1: acquiring a random number R1 through a safe random number generator;
s2: calculating R1' =R1-1 mod N by a modulo inverse operation unit;
s3: calculating Q= [ R1' ] P2 by using a spread domain point multiplication operation unit;
s4: calculating ks' =ks R1mod n by a modular multiplication operation unit;
s5: and (3) calculating Ppub '= [ ks' Q by using a spread domain point multiplication operation unit.
4. The signing key generation method based on SM9 cryptographic algorithm as claimed in claim 3, wherein:
the random number R1 is located between [1, N-1], and R1 is less than N.
5. The signing key generation method based on SM9 cryptographic algorithm as claimed in claim 3, wherein:
and calculating Q as a random number by using a spread domain point multiplication operation unit.
6. The signing key generating method based on SM9 cryptographic algorithm as recited in claim 3, wherein said step M2 comprises the sub-steps of:
s6: the random number R2 is obtained by a secure random number generator.
7. The signing key generating method based on SM9 cryptographic algorithm as recited in claim 6, wherein said step M2 further comprises the sub-steps of:
s7: calculating t 1' =t1×r2mod n by a modular multiplication operation unit;
s8: calculating t 1 '= t 1' -1mod N by a modulo inverse operation unit;
s9: calculating t2 '=kst1' ″ mod n by a modular multiplication unit;
s10: calculating D= [ R2] P1 by using a base domain point multiplication operation unit;
s11: and calculating ds '= [ t 2' ] D by using a basic domain point multiplication operation unit.
8. The SM9 cryptographic algorithm-based signature key generation method as recited in claim 7, wherein:
the random number R2 is located between [1, N-1], and R2 is less than N.
CN202211714704.6A 2022-12-29 2022-12-29 Signature key generation method based on SM9 cryptographic algorithm Active CN116155490B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211714704.6A CN116155490B (en) 2022-12-29 2022-12-29 Signature key generation method based on SM9 cryptographic algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211714704.6A CN116155490B (en) 2022-12-29 2022-12-29 Signature key generation method based on SM9 cryptographic algorithm

Publications (2)

Publication Number Publication Date
CN116155490A true CN116155490A (en) 2023-05-23
CN116155490B CN116155490B (en) 2025-02-21

Family

ID=86372814

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211714704.6A Active CN116155490B (en) 2022-12-29 2022-12-29 Signature key generation method based on SM9 cryptographic algorithm

Country Status (1)

Country Link
CN (1) CN116155490B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107579819A (en) * 2017-09-13 2018-01-12 何德彪 A kind of SM9 digital signature generation method and system
CN110247759A (en) * 2019-06-03 2019-09-17 武汉理工大学 A kind of SM9 private key generates and application method and system
CN110505061A (en) * 2019-09-06 2019-11-26 北京天诚安信科技股份有限公司 A kind of Digital Signature Algorithm and system
CN111740828A (en) * 2020-07-29 2020-10-02 北京信安世纪科技股份有限公司 Key generation method, device and equipment and encryption method
CN112511566A (en) * 2021-02-02 2021-03-16 北京信安世纪科技股份有限公司 SM9 algorithm certificateless mechanism signature key generation method, equipment and storage medium
CN115314208A (en) * 2022-07-04 2022-11-08 武汉理工大学 Safe and controllable SM9 digital signature generation method and system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107579819A (en) * 2017-09-13 2018-01-12 何德彪 A kind of SM9 digital signature generation method and system
CN110247759A (en) * 2019-06-03 2019-09-17 武汉理工大学 A kind of SM9 private key generates and application method and system
CN110505061A (en) * 2019-09-06 2019-11-26 北京天诚安信科技股份有限公司 A kind of Digital Signature Algorithm and system
CN111740828A (en) * 2020-07-29 2020-10-02 北京信安世纪科技股份有限公司 Key generation method, device and equipment and encryption method
CN112511566A (en) * 2021-02-02 2021-03-16 北京信安世纪科技股份有限公司 SM9 algorithm certificateless mechanism signature key generation method, equipment and storage medium
CN115314208A (en) * 2022-07-04 2022-11-08 武汉理工大学 Safe and controllable SM9 digital signature generation method and system

Also Published As

Publication number Publication date
CN116155490B (en) 2025-02-21

Similar Documents

Publication Publication Date Title
CN113098838B (en) Trusted distributed identity authentication method, system, storage medium and application
CN108989053B (en) Method for realizing certificateless public key cryptosystem based on elliptic curve
CN108667626B (en) Secure two-party collaboration SM2 signature method
CN108989050B (en) A certificateless digital signature method
CN108418686B (en) A multi-distributed SM9 decryption method and medium and key generation method and medium
CN108551392B (en) A blind signature generation method and system based on SM9 digital signature
CN107395368B (en) Digital signature method, decapsulation method and decryption method in media-free environment
CN108173639A (en) A Two-Party Cooperative Signature Method Based on SM9 Signature Algorithm
US20210152370A1 (en) Digital signature method, device, and system
CN113660087B (en) SM9 identification cipher algorithm hardware realization system based on finite field
CN103746811B (en) Anonymous signcryption method from identity public key system to certificate public key system
CN119011137B (en) Secure communication protocol method and system based on microchip fingerprint technology
CN104753680A (en) Privacy protection and authentication method in vehicle-mounted self-organizing network
CN110896351B (en) Identity-based digital signature method based on global hash
CN115242388B (en) A group key negotiation method based on dynamic attribute permissions
CN112152813A (en) Certificateless content extraction signcryption method supporting privacy protection
CN117879833A (en) Digital signature generation method based on improved elliptic curve
CN117611162A (en) Transaction authentication method and device based on elliptic curve cryptography algorithm
CN115174037B (en) A method and device for constructing a chameleon hash function based on SM9 signature
JP2956709B2 (en) Public key generation method and apparatus
CN114499887B (en) Signing key generation and related methods, systems, computer devices and storage media
CN115442042A (en) A Certificateless Public Key Encryption Method Based on SM2 Algorithm and SM9 Algorithm
CN108055134B (en) Collaborative calculation method and system for elliptic curve point multiplication and pairing operation
CN110445621B (en) Application method and system of trusted identification
CN108847933A (en) Mark based on SM9 cryptographic algorithm signs and issues method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant