CN116506131A - Signature verification method and device for message, electronic equipment and storage medium - Google Patents

Signature verification method and device for message, electronic equipment and storage medium Download PDF

Info

Publication number
CN116506131A
CN116506131A CN202310552553.7A CN202310552553A CN116506131A CN 116506131 A CN116506131 A CN 116506131A CN 202310552553 A CN202310552553 A CN 202310552553A CN 116506131 A CN116506131 A CN 116506131A
Authority
CN
China
Prior art keywords
point
verification
parameter
signature
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310552553.7A
Other languages
Chinese (zh)
Inventor
杨孟青
刘元木
张爽
王�义
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jingdong Technology Holding Co Ltd
Original Assignee
Jingdong Technology Holding Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jingdong Technology Holding Co Ltd filed Critical Jingdong Technology Holding Co Ltd
Priority to CN202310552553.7A priority Critical patent/CN116506131A/en
Publication of CN116506131A publication Critical patent/CN116506131A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The disclosure provides a signature verification method, a device, an electronic device and a storage medium for a message, wherein the signature verification method for the message comprises the following steps: generating a private key, and generating a public key and a pseudo-random point based on the private key; respectively taking the public key and the pseudo-random point as points to be verified, and carrying out point verification on each point to be verified to obtain a point verification result and a signature verification parameter of the point to be verified; when the point verification result indicates that the point verification is successful, signing the message to be transmitted based on the private key and the signature verification parameter to obtain a digital signature of the message to be transmitted; and sending the ciphertext and the digital signature of the message to be transmitted to the second equipment for signature verification. In the signature verification stage of the message, the signature verification parameter can be directly obtained from the digital signature to perform point verification on the public key without calculating the signature verification parameter again, so that repeated calculation of the signature verification parameter is avoided, the signature verification efficiency is improved, and the signature verification cost is reduced.

Description

Signature verification method and device for message, electronic equipment and storage medium
Technical Field
The disclosure relates to the technical field of data processing, and in particular relates to a method and a device for verifying a signature of a message, electronic equipment and a storage medium.
Background
The block chain technology is a peer-to-peer network based on decentralization, combines the cryptography principle with a consensus mechanism to ensure the data continuity and persistence of each distributed node, and realizes the instant verification, traceability, difficult tampering and incapability of shielding of information, thereby creating a set of privacy, efficient and safe shared value system.
In the blockchain consensus algorithm, in order to ensure the trust of transactions and the confirmation of the receiving and transmitting messages between the consensus nodes, the signature of the messages needs to be verified so as to ensure the safety of the messages. The existing signature verification method has the defects of lower verification efficiency and higher cost.
Disclosure of Invention
The disclosure provides a signature verification method and device for a message, electronic equipment and a storage medium.
An embodiment of a first aspect of the present disclosure proposes a signature verification method of a message, executed by a first device, including: generating a private key, and generating a public key and a pseudo-random point based on the private key;
respectively taking the public key and the pseudo-random point as points to be verified, and carrying out point verification on each point to be verified to obtain a point verification result and a signature verification parameter of the point to be verified;
when the point verification result indicates that the point verification is successful, signing the message to be transmitted based on the private key and the signature verification parameter to obtain a digital signature of the message to be transmitted;
And sending the ciphertext of the message to be transmitted and the digital signature to second equipment for signature verification.
In the embodiment of the disclosure, a private key is generated, a public key and a pseudo-random point are generated based on the private key, the public key and the pseudo-random point are respectively used as points to be verified, point verification is carried out on each point to be verified, a point verification result and a signature verification parameter of the point to be verified are obtained, when the point verification result indicates that the point verification is successful, the message to be transmitted is signed based on the private key and the signature verification parameter, a digital signature of the message to be transmitted is obtained, and ciphertext and the digital signature of the message to be transmitted are sent to a second device for signature verification.
In the embodiment of the disclosure, the signature verification parameters are calculated in the process of verifying the public key and the pseudo random point, so that the signature verification parameters are generated in the signature generation stage of the message through the point verification of the public key and the pseudo random number, and the signature verification parameters are required to be calculated again in the signature verification stage of the message, so that the signature verification parameters are added into the digital signature, and the signature verification parameters can be directly obtained from the digital signature in the signature verification stage of the message to verify the public key without calculating the signature verification parameters again, thereby avoiding repeated calculation of the signature verification parameters, improving the signature verification efficiency and reducing the signature verification cost.
An embodiment of a second aspect of the present disclosure proposes a signature verification method of a message, performed by a second device, including:
receiving ciphertext of a message to be transmitted and a digital signature of the message to be transmitted, which are sent by first equipment;
decrypting the ciphertext to obtain a plaintext of the message to be transmitted;
performing point verification on the public key based on the signature verification parameters carried by the digital signature to generate a point verification result;
and when the point verification result indicates that the point verification is successful, carrying out signature verification on the digital signature based on the public key and the plaintext, and generating a signature verification result.
In the embodiment of the disclosure, a ciphertext of a message to be transmitted and a digital signature of a service message to be transmitted, which are sent by a first device, are received, the ciphertext is decrypted to obtain a plaintext of the message to be transmitted, a public key is subjected to point verification based on a verification parameter carried by the digital signature to generate a point verification result, and when the point verification result indicates that the point verification is successful, the digital signature is subjected to signature verification based on the public key and the plaintext to generate a signature verification result. In the embodiment of the disclosure, in the signature verification stage of the message, the signature verification parameter can be directly obtained from the digital signature of the message when the public key is subjected to point verification, so that the signature verification parameter does not need to be calculated, the time for signature verification is saved, the efficiency of signature verification is improved, and the cost is saved.
An embodiment of a third aspect of the present disclosure provides a signature verification apparatus for a message, including: the generation module is used for generating a private key and generating a public key and a pseudo-random point based on the private key;
the point verification module is used for respectively taking the public key and the pseudo-random point as points to be verified, and carrying out point verification on each point to be verified to obtain a point verification result and a signature verification parameter of the point to be verified;
the signature module is used for signing the message to be transmitted based on the private key and the signature verification parameter when the point verification result indicates that the point verification is successful, and obtaining a digital signature of the message to be transmitted;
and the sending module is used for sending the ciphertext of the message to be transmitted and the digital signature to the second equipment for signature verification.
An embodiment of a fourth aspect of the present disclosure provides a signature verification apparatus for a message, including: the receiving module is used for receiving the ciphertext of the message to be transmitted and the digital signature of the message to be transmitted, which are sent by the first equipment;
the decryption module is used for decrypting the ciphertext to obtain a plaintext of the message to be transmitted;
the point verification module is used for carrying out point verification on the public key based on the signature verification parameters carried by the digital signature to generate a point verification result;
And the signature verification module is used for carrying out signature verification on the digital signature based on the public key and the plaintext when the point verification result indicates that the point verification is successful, and generating a signature verification result.
An embodiment of a fifth aspect of the present disclosure proposes an electronic device, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform a signature verification method of a message as described above in the first or second aspect.
An embodiment of a sixth aspect of the present disclosure proposes a computer readable storage medium storing computer instructions for causing the computer to perform a signature verification method of a message as in the embodiment of the first or second aspect described above.
An embodiment of a seventh aspect of the present disclosure proposes a computer program product comprising a computer program which, when executed by a processor, implements a signature verification method of a message of an embodiment of the first or second aspect of the present disclosure.
Additional aspects and advantages of the disclosure will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the disclosure.
Drawings
The foregoing and/or additional aspects and advantages of the present disclosure will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings, in which:
FIG. 1 is a flow chart of a method for signature verification of a message according to an embodiment of the present disclosure;
FIG. 2 is a schematic diagram of the signature principle of a message;
FIG. 3 is a flow chart of a method for signature verification of a message according to another embodiment of the present disclosure;
FIG. 4 is a flow chart of a method for signature verification of a message according to another embodiment of the present disclosure;
FIG. 5 is a flow chart of a method for signature verification of a message according to another embodiment of the present disclosure;
FIG. 6 is a flow chart of a method of signature verification of a message according to another embodiment of the present disclosure;
fig. 7 is a schematic structural diagram of a signature verification device for a message according to an embodiment of the present disclosure;
fig. 8 is a schematic structural diagram of a signature verification device for a message according to another embodiment of the present disclosure;
fig. 9 is a block diagram of an electronic device provided in an embodiment of the present disclosure.
Detailed Description
Embodiments of the present disclosure are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are exemplary and intended for the purpose of explaining the present disclosure and are not to be construed as limiting the present disclosure.
The following describes a signature verification method, a signature verification device, an electronic device and a storage medium of a message according to an embodiment of the present disclosure with reference to the accompanying drawings.
Fig. 1 is a flowchart of a signature verification method for a message according to an embodiment of the present disclosure. As shown in fig. 1, the method comprises the steps of:
s101, generating a private key, and generating a public key and a pseudo-random point based on the private key.
It should be noted that, the signature verification method of the message in the embodiment of the present disclosure is performed by the first device, where the first device may be a terminal device, a server, or the like, and is not limited herein.
In some embodiments, a 256-bit random number may be generated and expanded into a 512-bit random number as a private key by a hash function SHA512 (Secure Hash Standard ) function: h is a 0 h 1 …h 510 h 511
Further, as shown in fig. 2, the private key may be: h is a 0 h 1 …h 510 h 511 Dividing into a left part and a right part, wherein the left half part is LH: h is a 0 …h 255 And the right half is RH: h is a 256 …h 511 Wherein, LH: h is a 0 …h 255 For generating a public key, RH: h is a 0 …h 255 For generating pseudo-random points.
After obtaining LH: h is a 0 …h 255 After that, the LH: h is a 0 …h 255 And performing bit operation to obtain a private key scalar a. Specifically, LH: h is a 0 …h 255 H of (3) 0 、h 1 And h 2 Placing 0, h 254 Placing 1, h 255 Setting 0, the private key scalar a is obtained.
In some embodiments, a non-zero point on the elliptic Curve Curve25519 may be randomly selected as the base point B, and then the formula is passed: a=a×b, and a public key a is calculated. It should be noted that, as known from the formula for calculating the public key, the public key is a point.
In some embodiments, as shown in fig. 2, a hash operation may be performed on the message M to be transmitted, to obtain a message pre-hash Mph, and then, through the formula: r=hash (||h), for RH: h is a 0 …h 255 Carrying out Hash operation on the message pre-Hash Mph to obtain a pseudo-random number r, wherein Hash () represents the Hash operation, and after the pseudo-random number r is obtained, the formula can be adopted: r=r×b, and a pseudo-random point R is calculated.
S102, respectively taking the public key and the pseudo-random point as points to be verified, and carrying out point verification on each point to be verified to obtain a point verification result and a signature verification parameter of the point to be verified.
After the public key and the pseudo-random point are obtained, the public key and the pseudo-random point can be used as points to be verified respectively, and point verification is carried out on each point to be verified so as to determine whether the public key and the pseudo-random point are legal or not.
In an embodiment of the present disclosure, before point verification is performed on a point to be verified, the method includes: and acquiring a first coordinate parameter and a second coordinate parameter of the point to be verified, and constructing the target class structure point to be verified according to the first coordinate parameter and the second coordinate parameter.
Optionally, the first coordinate parameter is an abscissa parameter, the second coordinate parameter is an ordinate parameter, or the first coordinate parameter is an ordinate parameter, and the second coordinate parameter is an abscissa parameter.
After the first coordinate parameter and the second coordinate parameter of the point to be verified are obtained, the point structure of the point to be verified can be converted into a corresponding target class structure point according to the structure of the target class structure point and the set point structure conversion rule, and then the point verification is carried out on the target class structure point according to the set point verification rule to generate a point verification result.
Due to the structural specificity of the target class structure points, when the target class structure points are subjected to point verification according to the set point verification, corresponding signature verification parameters are obtained. The specific procedure is illustrated in the examples below.
And S103, when the point verification result indicates that the point verification is successful, signing the message to be transmitted based on the private key and the signature verification parameter to obtain a digital signature of the message to be transmitted. The message to be transmitted may be a service message to be transmitted, which is not limited herein.
In some embodiments, when the point to be verified is verified, whether the point to be verified is on the elliptic Curve Curve25519 may be verified, if so, it indicates that the point to be verified is legal, and correspondingly, the point verification is successful, if not, it indicates that the point to be verified is illegal, and correspondingly, the point verification fails.
And S104, sending the ciphertext and the digital signature of the message to be transmitted to the second equipment for signature verification.
The symmetric encryption algorithm can be adopted to generate a secret key, the secret key is used for encrypting the message to be transmitted, the ciphertext of the message to be transmitted is obtained, and the ciphertext and the digital signature to be transmitted are sent to the second device for signature verification.
Alternatively, the symmetric encryption algorithm includes a data encryption standard (DES, data Encryption Standard) algorithm, an international data encryption (International Data Encryption Algorithm, IDEA) algorithm, an advanced encryption standard (Advanced Encryption Standard, AES) algorithm, and the like.
In the embodiment of the disclosure, a private key is generated, a public key and a pseudo-random point are generated based on the private key, the public key and the pseudo-random point are respectively used as points to be verified, point verification is carried out on each point to be verified, a point verification result and a signature verification parameter of the point to be verified are obtained, when the point verification result indicates that the point verification is successful, the message to be transmitted is signed based on the private key and the signature verification parameter, a digital signature of the message to be transmitted is obtained, and ciphertext and the digital signature of the message to be transmitted are sent to a second device for signature verification.
In the embodiment of the disclosure, the signature verification parameters are calculated in the process of verifying the public key and the pseudo random point, so that the signature verification parameters are generated in the signature generation stage of the message through the point verification of the public key and the pseudo random number, and the signature verification parameters are required to be calculated again in the signature verification stage of the message, so that the signature verification parameters are added into the digital signature, and the signature verification parameters can be directly obtained from the digital signature in the signature verification stage of the message to verify the public key without calculating the signature verification parameters again, thereby avoiding repeated calculation of the signature verification parameters, improving the signature verification efficiency and reducing the signature verification cost.
Fig. 3 is a flow chart of a signature verification method for a message according to an embodiment of the present disclosure, and further with reference to fig. 3, a process for constructing a target class structure point is explained based on the above embodiment, including the following steps:
s301, acquiring a first coordinate parameter and a second coordinate parameter of a point to be verified.
S302, generating a first point construction parameter, a second point construction parameter, a third point construction parameter and a fourth point construction parameter of a point to be verified based on the first coordinate parameter, the second coordinate parameter and the preset point construction parameter.
In the embodiment of the disclosure, the first point construction parameter, the second point construction parameter, the third point construction parameter and the fourth point construction parameter are used for verifying whether the point to be verified is on the elliptic Curve Curve25519, so that the first point construction parameter, the second point construction parameter, the third point construction parameter and the fourth point construction parameter of the point to be verified can be generated according to the first coordinate parameter, the second coordinate parameter, the preset point construction parameter and the elliptic Curve Curve 25519.
Exemplary, assume that elliptic Curve25519 is-x 2 +y 2 =1+dx 2 y 2 The parameters of the d elliptic Curve Curve25519 are that the first coordinate parameter of the point to be verified is X, the second coordinate parameter is Y, and the preset construction parameter is Z, and then the first point construction parameter X=xZ, the second point construction parameter Y=yz, the third point construction parameter U=xy, and the fourth point construction parameter V=2dxy.
S303, combining the first point construction parameter, the second point construction parameter, the third point construction parameter and the fourth point construction parameter to generate a target class structure point.
Optionally, the point structure of the target class structure point is (X, Y, Z, U, V).
For example, if the point to be verified is (X, Y), the verification point may be constructed as a target class structure point (X, Y, Z, U, V) according to the example in step S302, where x=xz, y=yz, u=xy, v=2dxy.
In the embodiment of the disclosure, a first point construction parameter, a second point construction parameter, a third point construction parameter and a fourth point construction parameter of a point to be verified are generated based on a first coordinate parameter, a second coordinate parameter and a preset point construction parameter, and the first point construction parameter, the second point construction parameter, the third point construction parameter and the fourth point construction parameter are combined to generate a target class structure point. In the embodiment of the disclosure, since the point structure of the target class structure point has specificity, the point to be verified is constructed into the target class structure point, so that the speed of point verification can be improved.
Fig. 4 is a flow chart of a signature verification method for a message according to an embodiment of the present disclosure, and further with reference to fig. 4, a process of point verification is explained based on the above embodiment, and includes the following steps:
S401, performing first combination operation on the first point construction parameters and the second point construction parameters to obtain first verification parameters.
It should be noted that, the embodiment of the present disclosure is to verify whether the point to be verified (x, y) is in the elliptic Curve Curve25519: -x 2 +y 2 =1+dx 2 y 2 The above examples are explained.
Assuming that the target structure point is (X, Y, Z, U, V), where x=xz, y=yz, u=xy, v=2dxy, when z=1, the first verification parameter can be calculated by the following formula:
B=(Y-X)(Y+X)+(Y-X)(Y+X)
wherein B is a first verification parameter.
S402, performing a second combination operation on the second point construction parameter and the third point construction parameter to obtain a second verification parameter.
The second verification parameter may be calculated by the following formula:
D=UV+2
s403, verifying whether the first verification parameter is equal to the second verification parameter to obtain a point verification result.
After the first verification parameter B and the second verification parameter D are obtained, whether the first verification parameter B is equal to the second verification parameter D or not may be verified, if yes, the point to be verified (x, y) is in an elliptic Curve Curve25519: -x 2 +y 2 =1+dx 2 y 2 Correspondingly, the point verification is successful, if not, the point to be verified (x, y) is not in the elliptic Curve Curve25519: -x 2 +y 2 =1+dx 2 y 2 Accordingly, the spot verification fails.
In the embodiment of the disclosure, a first combination operation is performed on a first point construction parameter and a second point construction parameter to obtain a first verification parameter, a second combination operation is performed on the second point construction parameter and a third point construction parameter to obtain a second verification parameter, and whether the first verification parameter is equal to the second verification parameter is verified to obtain a point verification result. In the implementation of the method, the point verification is carried out on the point to be verified through the verification parameters, so that compared with a traditional point verification mode, the operation efficiency is improved, the overhead time of operation is saved, and the point verification efficiency is improved.
Fig. 5 is a flowchart of a signature verification method for a message according to an embodiment of the disclosure, as shown in fig. 5, the method includes the following steps:
s501, generating a private key, and generating a public key and a pseudo-random point based on the private key.
S502, respectively taking the public key and the pseudo-random point as points to be verified, and carrying out point verification on each point to be verified to obtain a point verification result and a signature verification parameter of the point to be verified.
The label checking parameters comprise a first point construction parameter, a second point construction parameter, a third point construction parameter and a fourth point construction parameter.
The specific description of steps S501 to S502 may be referred to the description of the related embodiments, and will not be repeated here.
S503, when the point verification result indicates that the point verification is successful, generating signature information based on the private key.
In some embodiments, the signature information may be calculated by the following formula:
S=(r+Hash(R||||h)mod)amodl+r
where s is signature information, R is pseudo random number, R is pseudo random point, A is public key, mph is message pre-Hash, a is private key scalar, l is a prime number, hash () represents Hash budget.
S504, signing the message to be transmitted based on the signature information, the first point construction parameter, the second point construction parameter, the third point construction parameter and the fourth point construction parameter to obtain a digital signature.
After the signature information S is obtained, the first point construction parameter X, the second point construction parameter Y, the third point construction parameter U, and the fourth point construction parameter V may be added to the signature information S to obtain the target signature information S 1 The digital signature of the transmitted message may be (, S) 1 )。
And S505, the ciphertext and the digital signature of the message to be transmitted are sent to the second device for signature verification.
The specific description of step S505 may be referred to the description of the above related embodiments, and will not be repeated here.
In the embodiment of the disclosure, a private key is generated, a public key and a pseudo-random point are generated based on the private key, the public key and the pseudo-random point are respectively used as points to be verified, point verification is carried out on each point to be verified, a point verification result and a signature verification parameter of the point to be verified are obtained, when the point verification result indicates that the point verification is successful, signature information is generated based on the private key, and signature information, a first point construction parameter, a second point construction parameter, a third point construction parameter and a fourth point construction parameter are used for signing a message to be transmitted, a digital signature is obtained, and ciphertext and the digital signature of the message to be transmitted are sent to second equipment for signature verification. In the embodiment of the disclosure, the signature verification parameters are added to the signature information, so that repeated calculation of the signature verification parameters in the signature verification stage of the message can be avoided, the signature verification time of the message can be saved, and the verification efficiency is improved.
To make the present disclosure more clearly understood by those skilled in the art, the signing process is further explained below in conjunction with fig. 2, as shown in fig. 2, by extending the private key sk of 32bytes (i.e., 256 bits) to 64bytes through a hash operation, and then dividing the private key sk of 64bytes into two 32-bytes portions: left half LH and right half RH.
Bit operation is carried out on the left half part LH to obtain a private key scalar a, and the formula is adopted: a=a×b is calculated to obtain a public key a, then point verification is performed on the public key a, and intermediate parameters (i.e. signature verification parameters) generated in the point verification process are extracted: a.x, A.y, A.u = A.x · A.y, A.v =2d· A.u. Wherein A.x is a first point construction parameter of the public key a, A.y is a second point construction parameter of the public key a, A.u is a third point construction parameter of the public key a, and A.v is a fourth point construction parameter of the public key.
The right half RH is hashed to obtain a pseudo random number r, and then the pseudo random number r is calculated by the formula: R=r×B, calculating to obtain a pseudo-random point B, performing point verification on the pseudo-random point R, and extracting intermediate parameters (namely signature verification parameters) generated in the point verification process: r.x, R.y, R.u = R.x · R.y, R.v =2d· R.u. Wherein R.x is a first point construction parameter of the pseudo-random point R, R.y is a second point construction parameter of the pseudo-random point R, R.u is a third point construction parameter of the pseudo-random point R, R.v is a fourth point construction parameter of the pseudo-random point R.
Carrying out hash operation on the message M to obtain a message pre-hash Mph, carrying out hash operation on the public key A, the message pre-hash Mph and the pseudo-random point R, carrying out modular operation to obtain k, multiplying k by a, carrying out modular operation to obtain ka, adding ka to the pseudo-random number R to obtain signature information S, and obtaining target signature information S in the extracted signature information S added with the intermediate parameters 1 Finally according to the target signature information S 1 And the pseudo-random point R to obtain the digital signature of the message M (S))。
Fig. 6 is a flowchart of a signature verification method for a message according to an embodiment of the present disclosure. As shown in fig. 6, the method comprises the steps of:
s601, receiving ciphertext of a message to be transmitted and a digital signature of the message to be transmitted, which are sent by a first device.
It should be noted that, the signature verification method of the message implemented by the present disclosure is executed by the second device, where the second device may be a terminal device, a server, or the like, and no limitation is made herein.
S602, decrypting the ciphertext to obtain a plaintext of the message to be transmitted.
The key can be generated by adopting a symmetric encryption algorithm, and the ciphertext of the message to be transmitted is decrypted through the key to obtain the plaintext of the message to be transmitted.
Alternatively, the symmetric encryption algorithm includes DES algorithm, IDEA algorithm, AES algorithm, and the like.
It should be noted that, the second device is consistent with the algorithm for generating the key by the second device, that is, the key in the embodiment of the disclosure is consistent with the encryption key of the message to be transmitted, and the symmetric encryption algorithm of the first device and the second device may be agreed in advance.
S603, performing point verification on the public key based on the signature verification parameters carried by the digital signature, and generating a point verification result.
The label checking parameters comprise a first point construction parameter, a second point construction parameter, a third point construction parameter and a fourth point construction parameter.
Optionally, performing a third combination operation on the first point construction parameter and the second point construction parameter to obtain a third verification parameter, and performing a fourth combination operation on the second point construction parameter and the third point construction parameter to obtain a fourth verification parameter, and verifying whether the third verification parameter and the fourth verification parameter are equal to each other or not to obtain a point verification result.
In embodiments of the present disclosure, the digital signature (R, S 1 ) Signature information S of (a) 1 Extracting a first point construction parameter X, a second point construction parameter Y, a third point construction parameter U and a fourth point construction parameter V, obtaining a third verification parameter E according to the first point construction parameter X and the second point construction parameter Y, obtaining a fourth verification parameter C according to the third point construction parameter U and the fourth point construction parameter V, and finally verifying whether the third verification parameter E is equal to the fourth verification parameter C or not to obtain a point verification result.
It should be noted that, in the embodiment of the present disclosure, it is verified whether the public key is in elliptic Curve Curve25519: -x 2 +y 2 =1+dx 2 y 2 The above is performed as an exampleAnd (5) explaining.
By way of example, the third verification parameter may be calculated using the following formula:
E=(Y-X)(Y+X)
wherein E is a third verification parameter, X is a first point construction parameter, and Y is a second point construction parameter.
The fourth verification parameter may be calculated using the following formula:
C=UV
wherein C is a fourth verification parameter, U is a third point construction parameter, and V is a fourth point construction parameter.
Further, it is verified whether the third verification parameter E is equal to the fourth verification parameter C, if so, it is indicated that the public key is on the ellipse Curve25519, that is, the public key is legal, accordingly, the point verification is successful, and if not, it is indicated that the public key is not on the ellipse Curve25519, that is, the public key is illegal, that is, the point verification is failed.
And S604, when the point verification result indicates that the point verification is successful, carrying out signature verification on the digital signature based on the public key and the plaintext, and generating a signature verification result.
In the embodiment of the disclosure, the digital signature may be verified by the following formula:
S 1 ×B=R+Hash(R||A||Mph)×A
wherein S is 1 Signature information in the digital signature, R is a pseudo-random point, B is a base point of an ellipse Curve25519, A is a public key, mph is message pre-Hash, and Hash () is Hash operation. The message pre-hash Mph can be obtained by performing a hash operation on the plaintext M.
In the embodiment of the disclosure, a ciphertext of a message to be transmitted and a digital signature of a service message to be transmitted, which are sent by a first device, are received, the ciphertext is decrypted to obtain a plaintext of the message to be transmitted, a target point corresponding to a public key is subjected to point verification based on a signature verification parameter carried by the digital signature, a point verification result is generated, and when the point verification result indicates that the point verification is successful, the digital signature is subjected to signature verification based on the public key and the plaintext, and a signature verification result is generated. In the embodiment of the disclosure, in the signature verification stage of the message, the signature verification parameter can be directly obtained from the digital signature of the message when the public key is subjected to point verification, so that the signature verification parameter does not need to be calculated, the time for signature verification is saved, the efficiency of signature verification is improved, and the cost is saved.
In order to implement the signature verification method of the message according to the embodiment of the first aspect, the disclosure proposes a signature verification device of a message, and fig. 7 is a schematic structural diagram of the signature verification device of the message according to an embodiment of the disclosure. As shown in fig. 7, the signature verification apparatus 700 of a message includes:
a generating module 710, configured to generate a private key, and generate a public key and a pseudo-random point based on the private key;
The point verification module 720 is configured to respectively use the public key and the pseudo-random point as points to be verified, and perform point verification on each point to be verified to obtain a point verification result and a signature verification parameter of the point to be verified;
the signature module 730 is configured to sign a message to be transmitted based on the private key and the signature verification parameter when the point verification result indicates that the point verification is successful, so as to obtain a digital signature of the message to be transmitted;
and the sending module 740 is used for sending the ciphertext and the digital signature of the message to be transmitted to the second device for signature verification.
In one embodiment of the present disclosure, the point verification module 720 is further configured to: before point verification is carried out on a point to be verified, a first coordinate parameter and a second coordinate parameter of the point to be verified are obtained, and a target class structure point of the point to be verified is constructed according to the first coordinate parameter and the second coordinate parameter.
In one embodiment of the present disclosure, the point verification module 720 is further configured to: generating a first point construction parameter, a second point construction parameter, a third point construction parameter and a fourth point construction parameter of the point to be verified based on the first coordinate parameter, the second coordinate parameter and the preset point construction parameter; and combining the first point construction parameter, the second point construction parameter, the third point construction parameter and the fourth point construction parameter to generate the target class structure point.
In one embodiment of the present disclosure, the point verification module 720 is further configured to: performing first combination operation on the first point construction parameters and the second point construction parameters to obtain first verification parameters; performing a second combination operation on the second point construction parameter and the third point construction parameter to obtain a second verification parameter; and verifying whether the first verification parameter is equal to the second verification parameter to obtain a point verification result.
In one embodiment of the present disclosure, the signature verification parameters include a first point build parameter, a second point build parameter, a third point build parameter, and a fourth point build parameter, the signature module 730 is further configured to: generating signature information based on the private key; and signing the message to be transmitted based on the signature information, the first point construction parameter, the second point construction parameter, the third point construction parameter and the fourth point construction parameter to obtain a digital signature. .
It should be noted that the explanation of the embodiment of the signature verification method for the message in the first aspect is also applicable to the signature verification device for the message in the embodiment of the disclosure, and specific processes are not repeated here.
In the embodiment of the disclosure, a private key is generated, a public key and a pseudo-random point are generated based on the private key, the public key and the pseudo-random point are respectively used as points to be verified, point verification is carried out on each point to be verified, a point verification result and a signature verification parameter of the point to be verified are obtained, when the point verification result indicates that the point verification is successful, the message to be transmitted is signed based on the private key and the signature verification parameter, a digital signature of the message to be transmitted is obtained, and ciphertext and the digital signature of the message to be transmitted are sent to a second device for signature verification.
In the embodiment of the disclosure, the signature verification parameters are calculated in the process of verifying the public key and the pseudo random point, so that the signature verification parameters are generated in the signature generation stage of the message through the point verification of the public key and the pseudo random number, and the signature verification parameters are required to be calculated again in the signature verification stage of the message, so that the signature verification parameters are added into the digital signature, and the signature verification parameters can be directly obtained from the digital signature in the signature verification stage of the message to verify the public key without calculating the signature verification parameters again, thereby avoiding repeated calculation of the signature verification parameters, improving the signature verification efficiency and reducing the signature verification cost.
In order to implement the signature verification method of the message according to the second embodiment of the present disclosure, the present disclosure proposes a signature verification device of a message, and fig. 8 is a schematic structural diagram of the signature verification device of the message according to an embodiment of the present disclosure. As shown in fig. 8, the signature verification apparatus 800 of a message includes:
a receiving module 810, configured to receive a ciphertext of a message to be transmitted and a digital signature of the message to be transmitted, which are sent by a first device;
a decryption module 820, configured to decrypt the ciphertext to obtain plaintext of the message to be transmitted;
The point verification module 830 is configured to perform point verification on the public key based on the signature verification parameter carried by the digital signature, and generate a point verification result;
the signature verification module 840 is configured to, when the point verification result indicates that the point verification is successful, perform signature verification on the digital signature based on the public key and the plaintext, and generate a signature verification result.
In one embodiment of the present disclosure, the signature verification parameters include a first point build parameter, a second point build parameter, a third point build parameter, and a fourth point build parameter, and the signature verification module 840 is further configured to: performing third combination operation on the first point construction parameters and the second point construction parameters to obtain third verification parameters; performing fourth combination operation on the second point construction parameter and the third point construction parameter to obtain a fourth verification parameter; and verifying whether the third verification parameter is equal to the fourth verification parameter to obtain a point verification result.
It should be noted that the explanation of the embodiment of the signature verification method for a message in the second aspect is also applicable to the signature verification device for a message in the embodiment of the disclosure, and specific processes are not repeated here.
In the embodiment of the disclosure, a ciphertext of a message to be transmitted and a digital signature of a service message to be transmitted, which are sent by a first device, are received, the ciphertext is decrypted to obtain a plaintext of the message to be transmitted, a target point corresponding to a public key is subjected to point verification based on a signature verification parameter carried by the digital signature, a point verification result is generated, and when the point verification result indicates that the point verification is successful, the digital signature is subjected to signature verification based on the public key and the plaintext, and a signature verification result is generated. In the embodiment of the disclosure, in the signature verification stage of the message, the signature verification parameter can be directly obtained from the digital signature of the message when the public key is subjected to point verification, so that the signature verification parameter does not need to be calculated, the time for signature verification is saved, the efficiency of signature verification is improved, and the cost is saved.
As shown in fig. 9, is a block diagram of an electronic device of a signature verification method of a message according to an embodiment of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile apparatuses, such as smart voice interaction devices, personal digital assistants, cellular telephones, smart phones, wearable devices, and other similar computing apparatuses. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 9, the electronic device includes: one or more processors 901, memory 902, and interfaces for connecting the components, including high-speed interfaces and low-speed interfaces. The various components are interconnected using different buses and may be mounted on a common motherboard or in other manners as desired. The processor 901 may process instructions executing within an electronic device, including instructions stored in or on memory to display graphical information of a GUI on an external input/output device, such as a display device coupled to an interface. In other embodiments, multiple processors and/or multiple buses may be used, if desired, along with multiple memories and multiple memories. Also, multiple electronic devices may be connected, each providing a portion of the necessary operations (e.g., as a server array, a set of blade servers, or a multiprocessor system). In fig. 9, a processor 901 is taken as an example.
Memory 902 is a non-transitory computer-readable storage medium provided by the present disclosure. Wherein the memory stores instructions executable by the at least one processor to cause the at least one processor to perform a signature verification method of a message provided by the present disclosure. The non-transitory computer readable storage medium of the present disclosure stores computer instructions for causing a computer to perform a signature verification method of a message provided by the present disclosure.
The memory 902 is used as a non-transitory computer readable storage medium for storing non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules corresponding to the signature verification method of messages in embodiments of the present disclosure. The processor 901 performs various functional applications of the server and data processing, i.e., implements the signature verification method of the message in the above-described method embodiment, by running non-transitory software programs, instructions, and modules stored in the memory 902.
The memory 902 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, at least one application program required for a function; the storage data area may store data created according to the use of the electronic device of the signature verification method of the message, and the like. In addition, the memory 902 may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid-state storage device. In some embodiments, memory 902 optionally includes memory remotely located relative to processor 901, which may be connected to the electronic device of the signature verification method of the message via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The electronic device of the signature verification method of the message may further include: an input device 903 and an output device 904. The processor 901, memory 902, input devices 903, and output devices 904 may be connected by a bus or other means, for example in fig. 9.
The input device 903 may receive input numeric or character information as well as key signal inputs related to user settings and function control of the electronic device that generated the signature verification method of the message, such as a touch screen, a keypad, a mouse, a track pad, a touch pad, a pointer stick, one or more mouse buttons, a track ball, a joystick, etc. input devices. The output means 904 may include a display device, auxiliary lighting means (e.g., LEDs), tactile feedback means (e.g., vibration motors), and the like. The display device may include, but is not limited to, a Liquid Crystal Display (LCD), a Light Emitting Diode (LED) display, and a plasma display. In some implementations, the display device may be a touch screen.
To achieve the above-described embodiments, the present disclosure also proposes a non-transitory computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements a signature verification method of a message as proposed by the foregoing embodiments of the present disclosure.
Various implementations of the systems and techniques described here can be realized in digital electronic circuitry, integrated circuitry, application specific ASIC (application specific integrated circuit), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
These computing programs (also referred to as programs, software applications, or code) include machine instructions for a programmable processor, and may be implemented in a high-level procedural and/or object-oriented programming language, and/or in assembly/machine language. As used herein, the terms "machine-readable medium" and "computer-readable medium" refer to any computer program product, apparatus, and/or device (e.g., magnetic discs, optical disks, memory, programmable Logic Devices (PLDs)) used to provide machine instructions and/or data to a programmable processor, including a machine-readable medium that receives machine instructions as a machine-readable signal. The term "machine-readable signal" refers to any signal used to provide machine instructions and/or data to a programmable processor.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and pointing device (e.g., a mouse or trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), and the internet.
The computer system may include a client and a server. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical hosts and VPS service ("Virtual Private Server" or simply "VPS") are overcome.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps recited in the present disclosure may be performed in parallel, sequentially, or in a different order, provided that the desired results of the disclosed aspects are achieved, and are not limited herein.
In the description of this specification, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In the description of the present disclosure, the meaning of "a plurality" is at least two, such as two, three, etc., unless explicitly specified otherwise.
Although embodiments of the present disclosure have been shown and described above, it will be understood that the above embodiments are illustrative and not to be construed as limiting the present disclosure, and that variations, modifications, alternatives, and variations may be made to the above embodiments by one of ordinary skill in the art within the scope of the present disclosure.

Claims (12)

1. A method of signature verification of a message, performed by a first device, comprising:
generating a private key, and generating a public key and a pseudo-random point based on the private key;
respectively taking the public key and the pseudo-random point as points to be verified, and carrying out point verification on each point to be verified to obtain a point verification result and a signature verification parameter of the point to be verified;
when the point verification result indicates that the point verification is successful, signing the message to be transmitted based on the private key and the signature verification parameter to obtain a digital signature of the message to be transmitted;
and sending the ciphertext of the message to be transmitted and the digital signature to second equipment for signature verification.
2. The method according to claim 1, characterized in that before the point to be verified is point verified, it comprises:
acquiring a first coordinate parameter and a second coordinate parameter of the point to be verified;
And constructing the target class structure point of the point to be verified according to the first coordinate parameter and the second coordinate parameter.
3. The method according to claim 2, wherein the process of constructing the target class structure point comprises:
generating a first point construction parameter, a second point construction parameter, a third point construction parameter and a fourth point construction parameter of the point to be verified based on the first coordinate parameter, the second coordinate parameter and a preset point construction parameter;
and combining the first point construction parameter, the second point construction parameter, the third point construction parameter and the fourth point construction parameter to generate the target class structure point.
4. A method according to claim 3, wherein the process of point verification comprises:
performing first combination operation on the first point construction parameter and the second point construction parameter to obtain a first verification parameter;
performing a second combination operation on the second point construction parameter and the third point construction parameter to obtain a second verification parameter;
and verifying whether the first verification parameter is equal to the second verification parameter to obtain the point verification result.
5. The method according to any one of claims 1-4, wherein the signature verification parameters include a first point construction parameter, a second point construction parameter, a third point construction parameter, and a fourth point construction parameter, signing a message to be transmitted based on the private key and the signature verification parameters, obtaining a digital signature of the message to be transmitted, comprising:
Generating signature information based on the private key;
and signing the message to be transmitted based on the signature information, the first point construction parameter, the second point construction parameter, the third point construction parameter and the fourth point construction parameter to obtain the digital signature.
6. A signature verification method performed by a second device, comprising:
receiving ciphertext of a message to be transmitted and a digital signature of the message to be transmitted, which are sent by first equipment;
decrypting the ciphertext to obtain a plaintext of the message to be transmitted;
performing point verification on the public key based on the signature verification parameters carried by the digital signature to generate a point verification result;
and when the point verification result indicates that the point verification is successful, carrying out signature verification on the digital signature based on the public key and the plaintext, and generating a signature verification result.
7. The method of claim 6, wherein the signature verification parameters include a first point construction parameter, a second point construction parameter, a third point construction parameter, and a fourth point construction parameter, wherein the performing point verification on the public key based on the signature verification parameters carried by the digital signature, generating a point verification result, comprises:
Performing third combination operation on the first point construction parameter and the second point construction parameter to obtain a third verification parameter;
performing fourth combination operation on the second point construction parameter and the third point construction parameter to obtain a fourth verification parameter;
and verifying whether the third verification parameter is equal to the fourth verification parameter to obtain the point verification result.
8. A signature verification device for a message, comprising:
the generation module is used for generating a private key and generating a public key and a pseudo-random point based on the private key;
the point verification module is used for respectively taking the public key and the pseudo-random point as points to be verified, and carrying out point verification on each point to be verified to obtain a point verification result and a signature verification parameter of the point to be verified;
the signature module is used for signing the message to be transmitted based on the private key and the signature verification parameter when the point verification result indicates that the point verification is successful, and obtaining a digital signature of the message to be transmitted;
and the sending module is used for sending the ciphertext of the message to be transmitted and the digital signature to the second equipment for signature verification.
9. A signature verification device for a message, comprising:
The receiving module is used for receiving the ciphertext of the message to be transmitted and the digital signature of the message to be transmitted, which are sent by the first equipment;
the decryption module is used for decrypting the ciphertext to obtain a plaintext of the message to be transmitted;
the point verification module is used for carrying out point verification on the public key based on the signature verification parameters carried by the digital signature to generate a point verification result;
and the signature verification module is used for carrying out signature verification on the digital signature based on the public key and the plaintext when the point verification result indicates that the point verification is successful, and generating a signature verification result.
10. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-5 or claims 6-7.
11. A computer readable storage medium storing computer instructions for causing the computer to perform the method of any one of claims 1-5 or claims 6-7.
12. A computer program product comprising a computer program which, when executed by a processor, implements the method of any of claims 1-5 or claims 6-7.
CN202310552553.7A 2023-05-16 2023-05-16 Signature verification method and device for message, electronic equipment and storage medium Pending CN116506131A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310552553.7A CN116506131A (en) 2023-05-16 2023-05-16 Signature verification method and device for message, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310552553.7A CN116506131A (en) 2023-05-16 2023-05-16 Signature verification method and device for message, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN116506131A true CN116506131A (en) 2023-07-28

Family

ID=87330239

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310552553.7A Pending CN116506131A (en) 2023-05-16 2023-05-16 Signature verification method and device for message, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116506131A (en)

Similar Documents

Publication Publication Date Title
EP3916604B1 (en) Method and apparatus for processing privacy data of block chain, device, storage medium and computer program product
EP3826222A2 (en) Method and apparatus for obtaining privacy set intersection, device and storage medium
US10187361B2 (en) Method for secure communication using asymmetric and symmetric encryption over insecure communications
CN106416121B (en) Common mode RSA key pair for signature generation and encryption/decryption
WO2021012574A1 (en) Multisignature method, signature center, medium and electronic device
EP3934295A2 (en) Key protection processing method, apparatus, device and storage medium
CN111464297B (en) Transaction processing method, device, electronic equipment and medium based on block chain
CN109450640B (en) SM 2-based two-party signature method and system
CN112784284B (en) Encryption processing system, encryption processing method, and recording medium
CN113612597A (en) Data calculation method, device and system and electronic equipment
CN110048994A (en) A kind of communication means and device
CN114389860B (en) Voice communication method, client, server, electronic device and storage medium
CN113259901B (en) Message protection method and device for Internet of vehicles
CN112261015B (en) Information sharing method, platform, system and electronic equipment based on block chain
CN111400743B (en) Transaction processing method, device, electronic equipment and medium based on blockchain network
CN117195306A (en) Malicious participation behavior detection method based on multiparty energy data privacy calculation
CN109120576A (en) Data sharing method and device, computer equipment and storage medium
CN116506131A (en) Signature verification method and device for message, electronic equipment and storage medium
US20220385954A1 (en) Embedding information in elliptic curve base point
CN112131596B (en) Encryption and decryption method, equipment and storage medium
US9215073B2 (en) Key insulation method and device
EP3800825A1 (en) Method and device for configuring alias credential
CN112995205B (en) Query method, device, equipment and storage medium based on block chain
CN116108496B (en) Method, device, equipment and storage medium for inquiring trace
CN108901023B (en) Method and system for sharing WiFi among Internet of things devices

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination