CN116318738B - Signature method, signature system, electronic equipment and storage medium - Google Patents
Signature method, signature system, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN116318738B CN116318738B CN202310559941.8A CN202310559941A CN116318738B CN 116318738 B CN116318738 B CN 116318738B CN 202310559941 A CN202310559941 A CN 202310559941A CN 116318738 B CN116318738 B CN 116318738B
- Authority
- CN
- China
- Prior art keywords
- signature
- signer
- private key
- target object
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 230000006870 function Effects 0.000 claims description 31
- 238000012795 verification Methods 0.000 claims description 20
- 125000004122 cyclic group Chemical group 0.000 claims description 6
- 238000004891 communication Methods 0.000 claims description 5
- 230000001172 regenerating effect Effects 0.000 claims description 4
- 238000004364 calculation method Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 10
- 238000004590 computer program Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 7
- 238000004422 calculation algorithm Methods 0.000 description 6
- 238000012545 processing Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the application provides a signature method, a signature system, electronic equipment and a storage medium. The method comprises the following steps: based on a master random number, a signature private key of a target object is obtained, wherein the master random number is composed of a plurality of slave random numbers; splitting the signature private key to obtain a plurality of signature sub-private keys, wherein the number of the signature sub-private keys corresponds to the number of the random numbers and the number of the signers; and sending the signature private key and the target signature sub-private key to a set signer so that the set signer outputs signature data of the target object, wherein the set signer determines partial signature data corresponding to the set signer according to the signature private key, the target signature sub-private key and the set encryption parameter, and determines partial signature data corresponding to each of the remaining signers based on a plurality of slave random numbers so as to obtain the signature data of the target object. The application can complete the final signature only by combining the partial signature data corresponding to all signers, and has higher security.
Description
Technical Field
The present application relates to the field of information security technologies, and in particular, to a signature method, a signature system, an electronic device, and a storage medium.
Background
The SM9 identification cipher algorithm is an identification cipher algorithm, and takes identity information (such as a serial number, a mobile phone number, a network address and the like) of a user as a public key, so that complicated key management in a traditional PKI/CA certificate system can be greatly simplified. The user equipment in the system does not need to apply for the user certificate in advance or verify the digital certificate, so that the use complexity of the password system is greatly reduced, and the system is very suitable for the secure communication among users in a large number of user groups.
However, in practical application, the private key in the SM9 identification cryptographic algorithm is currently completely mastered by a single signer, and once the signer is invaded, the private key is revealed, so that the security is low.
Disclosure of Invention
The aspects of the application provide a signature method, a signature system, electronic equipment and a storage medium, and the final signature can be completed only by combining partial signature data corresponding to all signers, so that the security is high.
The embodiment of the application provides a signature method, which comprises the following steps:
acquiring a signature private key of a target object based on a master random number, wherein the master random number is composed of a plurality of slave random numbers;
splitting the signature private key to obtain a plurality of signature sub-private keys, wherein the number of the signature sub-private keys corresponds to the number of the random numbers and the number of signers;
and sending the signature private key and the target signature sub-private key to a set signer so that the set signer outputs signature data of the target object, wherein the set signer determines partial signature data corresponding to the set signer according to the signature private key, the target signature sub-private key and set encryption parameters, and determines partial signature data corresponding to each of the rest signers based on the plurality of slave random numbers so as to obtain the signature data of the target object.
Optionally, the obtaining the signature private key of the target object based on the master random number includes:
acquiring identification information of a target object and a signature main private key;
based on a set cryptographic function, determining an initial signature private key of the target object according to the identification information of the target object and the signature main private key;
and combining the initial signature private key with the main random number to obtain the signature private key of the target object.
Optionally, the determining, based on the plurality of slave random numbers, partial signature data corresponding to each of the remaining signers to obtain signature data of the target object includes:
sequentially determining partial signature data corresponding to a current signer based on the plurality of partial signature data determined from the random number and a previous signer of the current signer in a set order among the remaining signers;
and sending part of signature data acquired by the last signer to the set signer as the signature data of the target object.
Optionally, after the sending the signature private key and the target signature sub-private key to a set signer so that the set signer outputs signature data of the target object, the method further includes:
and verifying the signature data of the target object.
Optionally, the inverse element of the master random number is a product of the plurality of slave random numbers.
Optionally, the set signer is randomly determined among a plurality of signers.
The embodiment of the application also provides a signature system, which comprises:
the acquisition module is used for acquiring a signature private key of the target object based on a master random number, wherein the master random number is composed of a plurality of slave random numbers;
the splitting module is used for splitting the signature private key to obtain a plurality of signature sub-private keys, wherein the number of the signature sub-private keys corresponds to the number of the random numbers and the number of signers;
the signature module is used for sending the signature private key and the target signature sub-private key to a set signer so that the set signer outputs signature data of the target object, wherein the set signer determines partial signature data corresponding to the set signer according to the signature private key, the target signature sub-private key and set encryption parameters, and determines partial signature data corresponding to each of the rest signers based on the plurality of slave random numbers so as to obtain the signature data of the target object.
Optionally, the acquiring module is specifically configured to:
acquiring identification information of a target object and a signature main private key;
based on a set cryptographic function, determining an initial signature private key of the target object according to the identification information of the target object and the signature main private key;
and combining the initial signature private key with the main random number to obtain the signature private key of the target object.
Optionally, the system further comprises:
and the verification module is used for verifying the signature data of the target object.
The embodiment of the application also provides electronic equipment, which comprises: a memory, a processor, a communication interface; wherein the memory has executable code stored thereon that, when executed by the processor, causes the processor to perform the signature method described above.
Embodiments of the present application also provide a non-transitory machine-readable storage medium having executable code stored thereon, which when executed by a processor of an electronic device, causes the processor to perform the above-described signing method.
In the embodiment of the application, the signature private key of the target object is obtained based on the main random number, the signature private key is split to obtain a plurality of signature sub-private keys, and then the signature private key and the target signature sub-private key are sent to the set signer, so that the set signer can output the signature data of the target object. The signature private key in the application can be split into a plurality of parts corresponding to the number of the signers in the signing process, and the final signature can be completed only by combining part of signature data corresponding to all the signers, so that the security is high, and the final signature security is not affected even if part of the signers are invaded.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. In the drawings:
FIG. 1 is a flow chart of a signature method provided by an exemplary embodiment of the present application;
FIG. 2 is a flow chart of a signature verification method provided by an exemplary embodiment of the present application;
FIG. 3 is a schematic diagram of a signature system according to an exemplary embodiment of the present application;
FIG. 4 is a schematic diagram of a signature system according to an exemplary embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device according to an exemplary embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be clearly and completely described below with reference to specific embodiments of the present application and corresponding drawings. It will be apparent that the described embodiments are only some, but not all, embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The SM9 identification cipher algorithm is an identification cipher algorithm, and takes identity information (such as a serial number, a mobile phone number, a network address and the like) of a user as a public key, so that complicated key management in a traditional PKI/CA certificate system can be greatly simplified. The user equipment in the system does not need to apply for the user certificate in advance or verify the digital certificate, so that the use complexity of the password system is greatly reduced, and the system is very suitable for the secure communication among users in a large number of user groups. However, in practical application, the private key in the SM9 identification cryptographic algorithm is currently completely mastered by a single signer, and once the signer is invaded, the private key is revealed, so that the security is low. In view of this, the embodiment of the application provides a signature method.
Fig. 1 is a flowchart of a signature method provided in an embodiment of the present application, applied to a key generation center (Key Generation Center, KGC for short), where the key generation center is mainly responsible for a trusted mechanism that selects system parameters, generates a signing master key, and generates a user signing private key, as shown in fig. 1, and the method includes:
step 101, a signature private key of a target object is acquired based on a master random number, wherein the master random number is composed of a plurality of slave random numbers.
In this embodiment, the step of obtaining the signature private key of the target object specifically includes:
acquiring identification information of a target object and a signature main private key;
based on the set cryptographic function, determining an initial signature private key of the target object according to the identification information of the target object and the signature main private key;
and combining the initial signature private key with the main random number to obtain the signature private key of the target object.
And 102, splitting the signature private key to obtain a plurality of signature sub-private keys, wherein the number of the signature sub-private keys corresponds to the number of the random numbers and the number of the signers.
Step 103, the signature private key and the target signature sub-private key are sent to a set signer, so that the set signer outputs signature data of the target object, wherein the set signer determines partial signature data corresponding to the set signer according to the signature private key, the target signature sub-private key and the set encryption parameter, and determines partial signature data corresponding to each of the remaining signers based on a plurality of slave random numbers, so as to obtain the signature data of the target object. The target signature sub-private key is one of a plurality of signature sub-private keys.
In practical application, SM9 is divided into the following stages:
1. a parameter generation stage, which generates system parameters used by subsequent applications by KGC, specifically including:
n, the disclosure constant is a fixed prime number;
G 1 、G 2 an addition cyclic group with a prime number N;
P 1 、P 2 respectively group G 1 、G 2 Is a disclosure constant;
G T a multiplication cyclic group with a prime number N;
e, fromG 1 ×G 2 To G T Is a bilinear pair of (2);
H 1 :{0,1} * →Z N a cryptographic function derived from the cryptographic hash function.
2. The key generation stage, which is performed by KGC, comprises the following specific procedures:
KGC generates a random number ks ε Z N As a signature master private key, and calculate G 2 Element P in (a) pubs =[ks]P 2 As a signature master public key;
KGC selects and discloses a signature private key generation function identifier his identified with one byte;
KGC in finite field F N Calculation t 1 =H 1 (ID A I hit, N) +ks, wherein ID A That is, the identification information of the target object in the embodiment of step 101 is based on the set cryptographic function H as can be seen from the above equation 1 According to the identification information ID of the target object A The signature master private key ks, and other system parameters his and N can determine t 1 If t 1 -0, regenerating the signing master private key, calculating and disclosing the signing master public key, and updating the signing private key of the existing user (i.e. regenerating the signing private key of the existing user with the regenerated signing master private key and sending it to them); otherwise, calculate t 2 =ks·t 1 -1 . At this time, the initial signature private key d can be obtained B ,d B =t 2 P 1 。
Then randomly selecting a main random number b, b epsilon Z N Will initially sign private key d B Combined with the main random number b, the signature private key d of the target object (such as a user) can be obtained B * . Calculating a signature private key d B * ,d B * =[b]t 2 P 1 。
Splitting the signature private key, and assuming that the signature private key is split into n parts, then the signature private key is split from the random number b i ∈Z N I=1, 2,3 … n and is satisfied by. Simple reasonThe solution is that the inverse element of the master random number b is a plurality of slave random numbers b i Is a product of (a) and (b).
After splitting the signature private key, multiple signature sub-private keys can be obtained, and the signature private key and the target signature sub-private key are sent to the set signer for subsequent signature stages, namely (d) B * ,b i ) To the signer of the settings.
3. A signing stage, which is executed by a set signer, specifically comprising:
a set signer is randomly determined from a plurality of signers and is taken as a main signer u 1 。
Setting signer u 1 Based on the signature private key d B * Target signature sub private key b 1 And setting encryption parameter/to determine partial signature data S corresponding to itself 1 And determining the partial signature data corresponding to each of the remaining signers based on the plurality of slave random numbers to obtain signature data of the target object. Specifically:
sequentially determining partial signature data corresponding to the current signer based on a plurality of partial signature data determined from the random number and a previous signer of the current signer in a set order among the remaining signers;
and sending part of signature data acquired by the last signer to signature data of the set signer as a target object.
In particular implementation, master signer u 1 The following steps are performed:
s1, calculating group G T Element g=e (P 1 , P pub-s );
S2, generating a random number r epsilon [1, N-1];
s3, calculating group G T Element w=g in (a) r Converting the data type of w into a bit string;
s4, calculating an integer h=H 2 (M||w, N), wherein H 2 The message is a cipher function derived from a cipher hash function, M is a message to be signed;
s5, calculating an integer l= (r-h) mod N, and if l=0, returning to S2;
s6, calculating group G 1 Element S of (3) 1 = [l]b 1 d B * ;
S7, element S 1 Send to the next signer u 2 。
The subsequent signer sequentially calculates the corresponding part signature data based on the obtained part signature data, and the specific formula is as follows:after each signer calculates the self-corresponding partial signature data, the result is sent to the next signer until the last signer u n Corresponding S n Sent to master signer u 1 To make the master signer u 1 Outputting signature data (h, S) of the target object n )。
For ease of understanding, the above procedure is illustrated below:
assuming that there are 5 signers in total, one is randomly selected from the 5 signers as the master signer u 1 The master signer u 1 Calculate the corresponding partial signature data S 1 After that, S 1 Send to the next signer u 2 The next signer u 2 The corresponding partial signature data can be calculated according to the formulaAnd so on until the partial signature data corresponding to the 5 th signer is calculated +.>And the obtained S 5 Sent to master signer u 1 Can make the master signer u 1 Output final signature data (h, S 5 ). The plurality of slave random numbers b used in the process i The relation with the master random number b is guaranteed to be satisfied>And (3) obtaining the product.
Based on the above, in the signature method provided by the embodiment of the application, the signature private key of the target object is obtained based on the main random number, the signature private key is split to obtain a plurality of signature sub-private keys, and then the signature private key and the target signature sub-private key are sent to the set signer, so that the set signer can output the signature data of the target object. The signature private key in the application can be split into a plurality of parts corresponding to the number of the signers in the signing process, and the final signature can be completed only by combining part of signature data corresponding to all the signers, so that the security is high, and the final signature security is not affected even if part of the signers are invaded.
Fig. 2 is a flowchart of a signature verification method according to an embodiment of the present application, as shown in fig. 2, where the method includes:
step 201, a signature private key of a target object is acquired based on a master random number, wherein the master random number is composed of a plurality of slave random numbers.
Step 202, splitting the signature private key to obtain a plurality of signature sub-private keys, wherein the number of the signature sub-private keys corresponds to the number of the slave random numbers and the number of the signers.
And 203, transmitting the signature private key and the target signature sub-private key to a set signer so that the set signer outputs the signature data of the target object, wherein the set signer determines partial signature data corresponding to the set signer according to the signature private key, the target signature sub-private key and the set encryption parameter, and determines partial signature data corresponding to each of the remaining signers based on a plurality of slave random numbers so as to obtain the signature data of the target object.
Step 204, verifying the signature data of the target object.
The signature part of steps 201 to 203 can be referred to the content of the above embodiment, and will not be described here.
While for step 204, in practice, in order to verify the message M and its digital signature (h, S n ) The user B as a verifier should implement the following operation steps:
b1, checking whether h epsilon [1, N-1] is met, and if not, checking that the h epsilon [1, N-1] is not met;
b2, S is to n Is converted into points on the elliptic curve, and S is checked n ∈G 1 Whether the verification is established is judged, if the verification is not established, the verification is not passed;
b3, computing group G T Element g=e (P 1 , P pub-s );
B4, computing group G T The element t=gh;
b5, calculating integer h 1 =H 1 (ID A ||hid, N);
B6, computing group G 2 The element p= [ h ] 1 ]P 2 +P pub-s ;
B7, computing group G T Element u=e (S n , P);
B8, computing group G T W ' =u ' "t, converting the data type of w ' into a bit string;
b9, calculating integer h 2 = H 2 (M '| w', N), check h 2 Whether or not h is established, if so, passing the verification; otherwise, the verification is not passed.
Fig. 3 is a schematic structural diagram of a signature system according to an embodiment of the present application, as shown in fig. 3, where the system includes:
the obtaining module 301 is configured to obtain a signature private key of the target object based on a master random number, where the master random number is composed of a plurality of slave random numbers.
The splitting module 302 is configured to split the signature private key to obtain a plurality of signature sub-private keys, where the number of signature sub-private keys corresponds to the number of the slave random numbers and the number of signers.
The signature module 303 is configured to send the signature private key and the target signature sub-private key to a set signer, so that the set signer outputs signature data of the target object, where the set signer determines partial signature data corresponding to itself according to the signature private key, the target signature sub-private key and the set encryption parameter, and determines partial signature data corresponding to each of the remaining signers based on a plurality of slave random numbers, so as to obtain signature data of the target object.
Optionally, the obtaining module 301 is specifically configured to: acquiring identification information of a target object and a signature main private key; based on the set cryptographic function, determining an initial signature private key of the target object according to the identification information of the target object and the signature main private key; and combining the initial signature private key with the main random number to obtain the signature private key of the target object.
Optionally, as shown in fig. 4, the system further includes: the verification module 401 is configured to verify signature data of the target object.
The system shown in fig. 3 may perform the steps in the foregoing embodiments, and the detailed execution and technical effects are referred to the descriptions in the foregoing embodiments, which are not repeated herein.
The embodiment of the application also provides an electronic device, as shown in fig. 5, which may include: a processor 31, a memory 32, a communication interface 33. Wherein the memory 32 has stored thereon executable code which, when executed by the processor 31, causes the processor 31 to implement the signature method as in the previous embodiments.
In an alternative embodiment, the processor obtains a signature private key of the target object based on the master random number, including:
acquiring identification information of a target object and a signature main private key;
based on a set cryptographic function, determining an initial signature private key of the target object according to the identification information of the target object and the signature main private key;
and combining the initial signature private key with the main random number to obtain the signature private key of the target object.
In an alternative embodiment, the processor determines, based on the plurality of slave random numbers, partial signature data corresponding to each of the remaining signers to obtain signature data of the target object, including:
sequentially determining partial signature data corresponding to a current signer based on the plurality of partial signature data determined from the random number and a previous signer of the current signer in a set order among the remaining signers;
and sending part of signature data acquired by the last signer to the set signer as the signature data of the target object.
In an alternative embodiment, after the processor sends the signature private key and the target signature subprivate key to a set signer to cause the set signer to output signature data of the target object, the method further comprises:
and verifying the signature data of the target object.
Additionally, embodiments of the present application provide a non-transitory machine-readable storage medium having stored thereon executable code that, when executed by a processor of an electronic device, causes the processor to at least implement a signature method as provided in the previous embodiments.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises an element.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and variations of the present application will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. which come within the spirit and principles of the application are to be included in the scope of the claims of the present application.
Claims (10)
1. A method of signing comprising:
acquiring a signature private key of a target object based on a master random number, wherein the master random number is composed of a plurality of slave random numbers, and acquiring the signature private key of the target object based on the master random number comprises:
generating system parameters specifically includes: n, the disclosure constant is a fixed prime number; g 1 、G 2 An addition cyclic group with a prime number N; p (P) 1 、P 2 Respectively group G 1 、G 2 Is a disclosure constant; g T A multiplication cyclic group with a prime number N; e, from G 1 ×G 2 To G T Is a bilinear pair of (2); h 1 :{0,1} * →Z N A cryptographic function derived from the cryptographic hash function;
generating a random number ks as a signature main private key and calculating G 2 Element P in (a) pub-s =[ks]P 2 As a signature master public key, generating a function identifier hid; in finite field F N Calculation t 1 =H 1 (ID A I hit, N) +ks, wherein ID A Namely, the identification information of the target object;
based on setting a cryptographic function H 1 According to the identification information ID of the target object A Signature master private key ks, function identifier his and public constant N determine t 1 If t 1 If the user is not in the range of 0, regenerating a signature main private key, calculating and disclosing the signature main public key, and updating the signature private key of the existing user; otherwise, calculate t 2 =ks⋅t 1 -1 To obtain an initial signature private key d B ,d B = t 2 P 1 ;
Generating a main random number b and generating an initial signature private key d B Combining with the main random number b to obtain a signature private key d of the target object B * ,d B * =[b]t 2 P 1 ;
Splitting the master random number to obtain a plurality of slave random numbers, wherein the number of the slave random numbers corresponds to the number of signers;
transmitting the signature private key and the target slave random numbers to a set signer so that the set signer outputs signature data of the target object, wherein the set signer determines partial signature data corresponding to the set signer according to the signature private key, the target slave random numbers and set encryption parameters, determines partial signature data corresponding to each of the remaining signers based on the plurality of slave random numbers so as to obtain the signature data of the target object, and the method comprises the following steps: sequentially determining partial signature data corresponding to a current signer based on the plurality of partial signature data determined from the random number and a previous signer of the current signer in a set order among the remaining signers; transmitting the partial signature data acquired by the last signer to the setting signatureA signer is used as signature data of the target object, wherein a signer u is set 1 The following steps are performed:
s1, calculating group G T Element g=e (P 1 , P pub-s );
S2, generating a random number r epsilon [1, N-1];
s3, calculating group G T Element w=g in (a) r ;
S4, calculating an integer h=H 2 (M||w, N), wherein H 2 The message is a cipher function derived from a cipher hash function, M is a message to be signed;
s5, calculating an integer l= (r-h) mod N, and if l=0, returning to S2;
s6, calculating group G 1 Element S of (3) 1 = [l]b 1 d B * Wherein b 1 A target slave random number;
s7, element S 1 Send to the next signer u 2 ;
The subsequent signer sequentially calculates the corresponding part signature data based on the obtained part signature data, and the specific formula is as follows:after each signer calculates the self-corresponding partial signature data, the result is sent to the next signer until the last signer u n Corresponding S n Sent to the set signer u 1 Causing the set signer u to 1 Outputting signature data (h, S) of the target object n )。
2. The method of claim 1, wherein the obtaining the signature private key of the target object based on the master nonce comprises:
acquiring identification information of a target object and a signature main private key;
based on a set cryptographic function, determining an initial signature private key of the target object according to the identification information of the target object and the signature main private key;
and combining the initial signature private key with the main random number to obtain the signature private key of the target object.
3. The method of claim 1, wherein after the sending the signature private key and target from the random number to a set signer to cause the set signer to output signature data of the target object, the method further comprises:
verifying the signature data of the target object, which specifically comprises the following steps:
checking whether h epsilon [1, N-1] is true or not, and if not, checking that the h epsilon [1, N-1] is not passed;
will S n Is converted into points on the elliptic curve, and S is checked n ∈G 1 Whether the verification is established is judged, if the verification is not established, the verification is not passed;
computing group G T Element g=e (P 1 , P pub-s );
Computing group G T The element t=gh;
calculating an integer h 1 =H 1 (ID A ||hid, N);
Computing group G 2 The element p= [ h ] 1 ]P 2 +P pub-s ;
Computing group G T Element u=e (S n , P);
Computing group G T W ' =u ' "t, converting the data type of w ' into a bit string;
calculating an integer h 2 = H 2 (M '| w', N), check h 2 Whether or not h is established, if so, passing the verification; otherwise, the verification is not passed, M is the message to be verified.
4. A method according to any one of claims 1-3, wherein the inverse of the master random number is the product of the plurality of slave random numbers.
5. A method according to any one of claims 1-3, wherein the set signer is randomly determined among a plurality of signers.
6. A signature system, comprising:
the acquisition module is used for acquiring the signature private key of the target object based on a master random number, wherein the master random number is composed of a plurality of slave random numbers, and the acquisition of the signature private key of the target object based on the master random number comprises the following steps:
generating system parameters specifically includes: n, the disclosure constant is a fixed prime number; g 1 、G 2 An addition cyclic group with a prime number N; p (P) 1 、P 2 Respectively group G 1 、G 2 Is a disclosure constant; g T A multiplication cyclic group with a prime number N; e, from G 1 ×G 2 To G T Is a bilinear pair of (2); h 1 :{0,1} * →Z N A cryptographic function derived from the cryptographic hash function;
generating a random number ks as a signature main private key and calculating G 2 Element P in (a) pub-s =[ks]P 2 As a signature master public key, generating a function identifier hid; in finite field F N Calculation t 1 =H 1 (ID A I hit, N) +ks, wherein ID A Namely, the identification information of the target object;
based on setting a cryptographic function H 1 According to the identification information ID of the target object A Signature master private key ks, function identifier his and public constant N determine t 1 If t 1 If the user is not in the range of 0, regenerating a signature main private key, calculating and disclosing the signature main public key, and updating the signature private key of the existing user; otherwise, calculate t 2 =ks⋅t 1 -1 To obtain an initial signature private key d B ,d B = t 2 P 1 ;
Generating a main random number b and generating an initial signature private key d B Combining with the main random number b to obtain a signature private key d of the target object B * ,d B * =[b]t 2 P 1 ;
The splitting module is used for splitting the main random number to obtain a plurality of signature sub-private keys, wherein the number of the signature sub-private keys corresponds to the number of the slave random numbers and the number of signers;
a signature module, configured to send the signature private key and the target slave random number to a set signer, so that the set signer outputs signature data of the target object, where the set signer determines partial signature data corresponding to the set signer according to the signature private key, the target slave random number and a set encryption parameter, determines partial signature data corresponding to each of the remaining signers based on the plurality of slave random numbers, and obtains signature data of the target object, and determines partial signature data corresponding to each of the remaining signers based on the plurality of slave random numbers, so as to obtain signature data of the target object, where the signature module includes: sequentially determining partial signature data corresponding to a current signer based on the plurality of partial signature data determined from the random number and a previous signer of the current signer in a set order among the remaining signers; transmitting the partial signature data acquired by the last signer to the set signer as the signature data of the target object, wherein the set signer u 1 The following steps are performed:
s1, calculating group G T Element g=e (P 1 , P pub-s );
S2, generating a random number r epsilon [1, N-1];
s3, calculating group G T Element w=g in (a) r ;
S4, calculating an integer h=H 2 (M||w, N), wherein H 2 The message is a cipher function derived from a cipher hash function, M is a message to be signed;
s5, calculating an integer l= (r-h) mod N, and if l=0, returning to S2;
s6, calculating group G 1 Element S of (3) 1 = [l]b 1 d B * Wherein b 1 A target slave random number;
s7, element S 1 Send to the next signer u 2 ;
The subsequent signer sequentially calculates the corresponding part signature data based on the obtained part signature data, and the specific formula is as follows:after each signer calculates the self-corresponding partial signature data, the result is sent to the next signer until the last signer u n Corresponding S n Sent to the set signer u 1 Causing the set signer u to 1 Outputting signature data (h, S) of the target object n )。
7. The system of claim 6, wherein the acquisition module is specifically configured to:
acquiring identification information of a target object and a signature main private key;
based on a set cryptographic function, determining an initial signature private key of the target object according to the identification information of the target object and the signature main private key;
and combining the initial signature private key with the main random number to obtain the signature private key of the target object.
8. The system of claim 6, wherein the system further comprises:
the verification module is used for verifying the signature data of the target object, and specifically comprises the following steps:
checking whether h epsilon [1, N-1] is true or not, and if not, checking that the h epsilon [1, N-1] is not passed;
will S n Is converted into points on the elliptic curve, and S is checked n ∈G 1 Whether the verification is established is judged, if the verification is not established, the verification is not passed;
computing group G T Element g=e (P 1 , P pub-s );
Computing group G T The element t=gh;
calculating an integer h 1 =H 1 (ID A ||hid, N);
Computing group G 2 The element p= [ h ] 1 ]P 2 +P pub-s ;
Computing group G T Element u=e (S n , P);
Computing group G T W ' =u ' "t, converting the data type of w ' into a bit string;
calculating an integer h 2 = H 2 (M '| w', N), check h 2 Whether or not h is established, if so, passing the verification; otherwise, the verification is not passed, M is the message to be verified.
9. An electronic device, comprising: a memory, a processor, a communication interface; wherein the memory has stored thereon executable code which, when executed by the processor, causes the processor to perform the signing method of any one of claims 1 to 5.
10. A non-transitory machine-readable storage medium having stored thereon executable code which, when executed by a processor of an electronic device, causes the processor to perform the signing method of any of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310559941.8A CN116318738B (en) | 2023-05-18 | 2023-05-18 | Signature method, signature system, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310559941.8A CN116318738B (en) | 2023-05-18 | 2023-05-18 | Signature method, signature system, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116318738A CN116318738A (en) | 2023-06-23 |
| CN116318738B true CN116318738B (en) | 2023-09-05 |
Family
ID=86781909
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310559941.8A Active CN116318738B (en) | 2023-05-18 | 2023-05-18 | Signature method, signature system, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116318738B (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| AU2001244712B2 (en) * | 2001-04-03 | 2005-03-24 | Mitsubishi Denki Kabushiki Kaisha | Encrypting device |
| CN104954135A (en) * | 2015-05-27 | 2015-09-30 | 深圳市德卡科技股份有限公司 | Anti-copy anti-counterfeiting electronic tag authentication method |
| CN108173639A (en) * | 2018-01-22 | 2018-06-15 | 中国科学院数据与通信保护研究教育中心 | A kind of two side's cooperation endorsement methods based on SM9 signature algorithms |
| WO2018119670A1 (en) * | 2016-12-27 | 2018-07-05 | 深圳大学 | Method and device for certificateless partially blind signature |
| CN109194478A (en) * | 2018-11-19 | 2019-01-11 | 武汉大学 | A kind of method that joint generates SM9 digital signature in many ways under Asymmetric |
| CN109377360A (en) * | 2018-08-31 | 2019-02-22 | 西安电子科技大学 | Block chain transaction in assets transfer account method based on Weighted Threshold signature algorithm |
| CN110011802A (en) * | 2019-02-27 | 2019-07-12 | 武汉大学 | A kind of two side of efficient SM9 cooperates with the method and system of generation digital signature |
| CN110912708A (en) * | 2019-11-26 | 2020-03-24 | 武汉大学 | Ring signature generation method based on SM9 digital signature algorithm |
| CN112511566A (en) * | 2021-02-02 | 2021-03-16 | 北京信安世纪科技股份有限公司 | SM9 algorithm certificateless mechanism signature key generation method, equipment and storage medium |
| CN113556233A (en) * | 2021-07-08 | 2021-10-26 | 福建师范大学 | SM9 digital signature method supporting batch verification |
| CN115001711A (en) * | 2022-06-10 | 2022-09-02 | 成都卫士通信息产业股份有限公司 | Information signature method and device, electronic equipment and computer readable storage medium |
-
2023
- 2023-05-18 CN CN202310559941.8A patent/CN116318738B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| AU2001244712B2 (en) * | 2001-04-03 | 2005-03-24 | Mitsubishi Denki Kabushiki Kaisha | Encrypting device |
| CN104954135A (en) * | 2015-05-27 | 2015-09-30 | 深圳市德卡科技股份有限公司 | Anti-copy anti-counterfeiting electronic tag authentication method |
| WO2018119670A1 (en) * | 2016-12-27 | 2018-07-05 | 深圳大学 | Method and device for certificateless partially blind signature |
| CN108173639A (en) * | 2018-01-22 | 2018-06-15 | 中国科学院数据与通信保护研究教育中心 | A kind of two side's cooperation endorsement methods based on SM9 signature algorithms |
| CN109377360A (en) * | 2018-08-31 | 2019-02-22 | 西安电子科技大学 | Block chain transaction in assets transfer account method based on Weighted Threshold signature algorithm |
| CN109194478A (en) * | 2018-11-19 | 2019-01-11 | 武汉大学 | A kind of method that joint generates SM9 digital signature in many ways under Asymmetric |
| CN110011802A (en) * | 2019-02-27 | 2019-07-12 | 武汉大学 | A kind of two side of efficient SM9 cooperates with the method and system of generation digital signature |
| CN110912708A (en) * | 2019-11-26 | 2020-03-24 | 武汉大学 | Ring signature generation method based on SM9 digital signature algorithm |
| CN112511566A (en) * | 2021-02-02 | 2021-03-16 | 北京信安世纪科技股份有限公司 | SM9 algorithm certificateless mechanism signature key generation method, equipment and storage medium |
| CN113556233A (en) * | 2021-07-08 | 2021-10-26 | 福建师范大学 | SM9 digital signature method supporting batch verification |
| CN115001711A (en) * | 2022-06-10 | 2022-09-02 | 成都卫士通信息产业股份有限公司 | Information signature method and device, electronic equipment and computer readable storage medium |
Non-Patent Citations (1)
| Title |
|---|
| "SM9私钥分割生成及协同密码计算研究";熊枫;《中国优秀硕士学位论文全文数据库》(第第08期期);第16-38页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116318738A (en) | 2023-06-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110912706B (en) | Identity-based dynamic data integrity auditing method | |
| Li et al. | Privacy preserving cloud data auditing with efficient key update | |
| CN110391900B (en) | Private key processing method based on SM2 algorithm, terminal and key center | |
| JP7105308B2 (en) | Digital signature method, device and system | |
| CN109818730B (en) | Blind signature acquisition method and device and server | |
| JP2014524218A (en) | Certificate validation | |
| CN111147245A (en) | Algorithm for encrypting by using national password in block chain | |
| CN110505061B (en) | Digital signature algorithm and system | |
| CN111262704A (en) | SM9 digital signature generation method and device, computer equipment and storage medium | |
| Bellare et al. | Deterring certificate subversion: efficient double-authentication-preventing signatures | |
| CN112887081A (en) | SM 2-based signature verification method, device and system | |
| CN114448641A (en) | Privacy encryption method, electronic equipment, storage medium and chip | |
| CN114117547B (en) | SM9 digital signature acceleration generation method and digital signature acceleration verification method based on pre-calculation table | |
| CN113259097B (en) | CPK-based key generation method and device capable of multi-state configuration | |
| CN108664814B (en) | Group data integrity verification method based on agent | |
| CN110266478B (en) | Information processing method and electronic equipment | |
| CN112434269A (en) | Zero knowledge proof method, verification method, computing device and storage medium of file | |
| CN116318738B (en) | Signature method, signature system, electronic equipment and storage medium | |
| CN112541197B (en) | Result verification method and device | |
| CN114697001B (en) | Information encryption transmission method, equipment and medium based on blockchain | |
| CN112906059B (en) | Proxy signature and verification method, device, system and storage medium | |
| CN115001673A (en) | Key processing method, device and system based on unified multi-domain identifier | |
| JPH11174957A (en) | Authentication protocol | |
| CN116318636A (en) | SM 2-based threshold signature method | |
| CN113708927A (en) | Universal designated verifier signature certification system based on SM2 digital signature |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |