CN116781281A - SM 2-based secure two-party collaborative signature method - Google Patents
SM 2-based secure two-party collaborative signature method Download PDFInfo
- Publication number
- CN116781281A CN116781281A CN202310901192.2A CN202310901192A CN116781281A CN 116781281 A CN116781281 A CN 116781281A CN 202310901192 A CN202310901192 A CN 202310901192A CN 116781281 A CN116781281 A CN 116781281A
- Authority
- CN
- China
- Prior art keywords
- private key
- server
- signature
- communication party
- party
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 25
- 238000004891 communication Methods 0.000 claims abstract description 52
- 238000004364 calculation method Methods 0.000 claims abstract description 13
- 230000015572 biosynthetic process Effects 0.000 claims abstract description 6
- 238000003786 synthesis reaction Methods 0.000 claims abstract description 6
- 230000011218 segmentation Effects 0.000 claims description 9
- 230000008569 process Effects 0.000 abstract description 7
- 230000009471 action Effects 0.000 description 3
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a secure two-party collaborative signature method based on SM2, which comprises the steps that a terminal is initialized, and the terminal is communicated with a server to obtain a private key component and related certificate files; when the data signature is carried out, the terminal submits an intermediate calculation result to the server according to the communication protocol requirement, and the server calculates and issues an intermediate value of the server to the terminal according to the request parameter and the component information of the server; and the terminal receives the intermediate value of the server and then performs local signature synthesis calculation to complete the generation of a final signature. The invention belongs to the technical field of information security, and particularly provides a secure two-party collaborative signature method based on SM2, according to the process of collaborative signature of two parties, an original private key cannot completely appear in a memory at any moment, a terminal cannot recover the complete private key, a server cannot also appear the complete private key, the problem of private key storage is effectively and safely solved, and potential safety hazards caused by private key leakage are avoided.
Description
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a security two-party collaborative signature method based on SM 2.
Background
In the SM2 algorithm, the user private key is typically generated by a software cryptographic module and the private key is stored on the user's local device.
Whether the private key is stored locally in an encrypted manner or is stored by adopting a hardware security module, the problem of safe storage of the private key cannot be thoroughly solved at the principle level, and the complete private key can be recovered in the memory. Under the background that the terminal and the terminal are easy to be attacked maliciously at present, a set of safe algorithm mechanism is needed to fundamentally solve the problem of safe storage of the private key.
Disclosure of Invention
Aiming at the situation, in order to overcome the defects of the prior art, the invention provides a SM 2-based secure two-party collaborative signature method, which aims at the key problem of how to safely store a private key in terminal data encryption, prevents malicious analysts from obtaining a complete private key in a debugging or dynamic pile inserting mode, and can effectively prevent the security problem caused by the leakage of the private key.
The technical scheme adopted by the invention is as follows: the invention discloses a secure two-party collaborative signature method based on SM2, which comprises the following steps:
s1, a first communication party and a second communication party which participate in collaborative signature are communicated with a server, and private key component information and related certificate files of the first communication party and the second communication party are acquired after communication;
s2, generating a signature by cooperation of the user participating in the cooperative signature and the server;
s3, when the data signature is carried out, the terminal submits an intermediate calculation result to the server according to the communication protocol requirement, and the server calculates according to the request parameter and the component information and issues an intermediate value of the server to the terminal;
s4, the terminal receives the intermediate value of the server, and then performs local signature synthesis calculation to complete the generation of a final signature.
Further, the specific steps of the step S1 include:
step one, initializing system parameters: defining d as a large prime number, fp as a finite field, selecting a, b epsilon Fp as parameters of an elliptic curve E, defining G as a base point on the elliptic curve E, wherein G represents a base point with an upper order of n of the elliptic curve E, n is a finite positive integer, and the values of the parameters are preset according to an SM2 algorithm;
step two, key segmentation: the system administrator submits an original private key file (in a pep format generally) in the system, the system analyzes the private key file to obtain a real private key d, and a segmentation algorithm is adopted to segment the private key.
Further, the specific steps of the second key segmentation are as follows:
step a: randomly generating a private key d1 meeting the algorithm requirement (i.e. randomly generating a random number d1 between [1, n-1];
step b: d2= (d+1) -d1 is calculated while also satisfying the algorithm requirement.
Further, in the step S4, a combined file is generated through signature synthesis calculation, and the generating of the combined file includes the following steps:
the system obtains two private key components through a private key segmentation algorithm; the system generates an SM2 self-signed certificate in a der format according to a private key component, wherein public key information corresponding to a d1 component is pk1, pk1=d1×g is satisfied, public key information corresponding to a d2 component is pk2, pk2=d1×g is satisfied, wherein the x is a point multiplication algorithm on an elliptic curve, and z=h (entl||id A |a|b|g|pk), wherein ID A Is a discernable identity of the user, ENTL is an ID A And H is the SM3 algorithm, the certificate file can be analyzed through an opensl tool, and the certificate mainly contains public key information corresponding to a private key to be disclosed for carrying out cooperative calculation signature on the two parties in the subsequent cooperation.
Further, the collaborative signature process includes the following steps:
step 1: the first communication party and the second communication party acquire own private key component information from the system, and the second communication party acquires d2 and pk1 information on the assumption that the first communication party acquires d1 and pk2 information;
step 2: the first communication party selects a random number k A E Z q, and calculating R A =k A * G and R is to A Transmitting to a second communication party;
step 3: the second communication party receives R A Then verifying whether the data belongs to a point on the elliptic curve, and generating a random number k by passing the point B E Z q, R is calculated B =k B * pk1, and send R B To a first party;
step 4: after the first communication party receives the message, calculating elliptic curve group element R' =r A +R B = (XA, YA), r0 = H (z||m) +x is calculated A modn and s0= (k) A +r0)d A -1 mod n, wherein M is the message that needs to be signed and s0 is sent to the second party;
step 5: after s' is received by the second communication party, t1= (s0+k) B )*d2 -1 mod n and send t1 to the first party;
step 6: after the first communication party receives t, s=t1-r 0 is calculated, and a digital signature (r, s) is output.
By adopting the scheme, the beneficial effects obtained by the invention are as follows: according to the SM 2-based secure two-party collaborative signature method, the problem of secure storage of SM2 signature private keys is thoroughly solved, and malicious analysts are prevented from obtaining complete private keys in a debugging or dynamic pile inserting mode. According to the process of the collaborative signature of the two parties, the original private key cannot completely appear in the memory at any moment, the terminal cannot recover the complete private key, the server cannot appear the complete private key, the problem of private key storage is effectively and safely solved, and potential safety hazards caused by private key leakage are avoided.
Drawings
Fig. 1 is a schematic diagram of the overall structure of a secure two-party collaborative signature method based on SM2 provided by the present solution.
The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate the invention and together with the embodiments of the invention, serve to explain the invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all embodiments of the invention; all other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
As shown in fig. 1, the secure two-party collaborative signature method based on SM2 of the present invention includes the following steps:
s1, a first communication party and a second communication party which participate in collaborative signature are communicated with a server, and private key component information and related certificate files of the first communication party and the second communication party are acquired after communication;
wherein, firstly, the system needs to be initialized with parameters: defining d as a large prime number, fp as a finite field, selecting a, b epsilon Fp as parameters of an elliptic curve E, defining G as a base point on the elliptic curve E, wherein G represents a base point with an upper order of n of the elliptic curve E, n is a finite positive integer, and the values of the parameters are preset according to an SM2 algorithm;
when the secret key is segmented, a system administrator submits an original secret key file (in a pep format generally) in the system, the system analyzes the secret key file to obtain a real secret key d, and a segmentation algorithm is adopted to segment the secret key. The key segmentation comprises the following specific steps:
step a: randomly generating a private key d1 meeting the algorithm requirement (i.e. randomly generating a random number d1 between [1, n-1];
step b: d2= (d+1) -d1 is calculated while also satisfying the algorithm requirement.
S2, generating a signature by cooperation of the user participating in the cooperative signature and the server;
s3, when the data signature is carried out, the terminal submits an intermediate calculation result to the server according to the communication protocol requirement, and the server calculates according to the request parameter and the component information and issues an intermediate value of the server to the terminal;
s4, the terminal receives the intermediate value of the server, and then performs local signature synthesis calculation to complete the generation of a final signature.
Wherein, generate the combined file through signature synthesis calculation, generate the combined file including the following steps:
the system obtains two private key components through a private key segmentation algorithm; the system generates an SM2 self-signed certificate in a der format according to the private key component, wherein public key information corresponding to the d1 component is pk1, pk1=d1×g is satisfied, public key information corresponding to the d2 component is pk2, pk2=d1×g is satisfied, and the public key information is pk 1=d1×gPoint multiplication algorithm on elliptic curve, z=h (ENTL ID A |a|b|g|pk), wherein ID A Is a discernable identity of the user, ENTL is an ID A And H is the SM3 algorithm, the certificate file can be analyzed through an opensl tool, and the certificate mainly contains public key information corresponding to a private key to be disclosed for carrying out cooperative calculation signature on the two parties in the subsequent cooperation.
In this scheme, the process of collaborative signature includes the following steps:
step 1: the first communication party and the second communication party acquire own private key component information from the system, and the second communication party acquires d2 and pk1 information on the assumption that the first communication party acquires d1 and pk2 information;
step 2: the first communication party selects a random number k A E Z q, and calculating R A =k A * G and R is to A Transmitting to a second communication party;
step 3: the second communication party receives R A Then verifying whether the data belongs to a point on the elliptic curve, and generating a random number k by passing the point B E Z q, R is calculated B =k B * pk1, and send R B To a first party;
step 4: after the first communication party receives the message, calculating elliptic curve group element R' =r A +R B = (XA, YA), r0 = H (z||m) +x is calculated A modn and s0= (k) A +r0)d A -1 mod n, wherein M is the message that needs to be signed and s0 is sent to the second party;
step 5: after s' is received by the second communication party, t1= (s0+k) B )*d2 -1 mod n and send t1 to the first party;
step 6: after the first communication party receives t, s=t1-r 0 is calculated, and a digital signature (r, s) is output.
In the whole scheme, the server and the terminal cooperatively sign, generate a corresponding original public key pk according to a sm2 contract curve, hold (d 1, pk, pk 2) by the terminal, and hold (d 2, pk, pk 1) by the cooperative terminal.
According to the process of the collaborative signature of the two parties, the original private key cannot completely appear in the memory at any moment, the terminal cannot recover the complete private key, the server cannot appear the complete private key, the problem of private key storage is effectively and safely solved, and potential safety hazards caused by private key leakage are avoided.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
The invention and its embodiments have been described above with no limitation, and the actual construction is not limited to the embodiments of the invention as shown in the drawings. In summary, if one of ordinary skill in the art is informed by this disclosure, a structural manner and an embodiment similar to the technical solution should not be creatively devised without departing from the gist of the present invention.
Claims (6)
1. The SM 2-based secure two-party collaborative signature method is characterized by comprising the following steps of:
s1, a first communication party and a second communication party which participate in collaborative signature are communicated with a server, and private key component information and related certificate files of the first communication party and the second communication party are acquired after communication;
s2, generating a signature by cooperation of the user participating in the cooperative signature and the server;
s3, when the data signature is carried out, the terminal submits an intermediate calculation result to the server according to the communication protocol requirement, and the server calculates according to the request parameter and the component information and issues an intermediate value of the server to the terminal;
s4, the terminal receives the intermediate value of the server, and then performs local signature synthesis calculation to complete the generation of a final signature.
2. The SM 2-based secure two-party collaborative signature method according to claim 1, wherein the specific steps of step S1 include:
step one, initializing system parameters: defining d as a large prime number, fp as a finite field, selecting a, b epsilon Fp as parameters of an elliptic curve E, defining G as a base point on the elliptic curve E, wherein G represents a base point with an upper order of n of the elliptic curve E, n is a finite positive integer, and the values of the parameters are preset according to an SM2 algorithm;
step two, key segmentation: and submitting an original private key file by a system administrator in the system, analyzing the private key file by the system to obtain a real private key d, and dividing the private key by adopting a division algorithm.
3. The SM 2-based secure two-party collaborative signature method according to claim 2, wherein the specific steps of the step two key splitting are: the system obtains two private key components through a private key segmentation algorithm; the system generates an SM2 self-signed certificate in a der format according to a private key component, wherein public key information corresponding to a d1 component is pk1, pk1=d1×g is satisfied, public key information corresponding to a d2 component is pk2, pk2=d1×g is satisfied, wherein the x is a point multiplication algorithm on an elliptic curve, and z=h (entl||id A |a|b|g|pk), wherein ID A Is a discernable identity of the user, ENTL is an ID A And H is the SM3 algorithm, the certificate file can be analyzed through an opensl tool, and the certificate mainly contains public key information corresponding to a private key to be disclosed for carrying out cooperative calculation signature on the two parties in the subsequent cooperation.
4. The SM 2-based secure two-party collaborative signature method according to claim 3, wherein the specific steps of the step two key splitting are:
step a: randomly generating a private key d1, d 1E [1, n-1] meeting the algorithm requirement;
step b: d2= (d+1) -d1 is calculated while also satisfying the algorithm requirement.
5. The SM 2-based secure two-party collaborative signature method according to claim 4, wherein the collaborative signature flow comprises the steps of:
step 1: the first communication party and the second communication party acquire own private key component information from the system, and the second communication party acquires d2 and pk1 information on the assumption that the first communication party acquires d1 and pk2 information;
step 2: the first communication party selects a random number kA epsilon Z q, calculates RA=kA G and sends RA to the second communication party;
step 3: after receiving RA, the second communication party verifies whether the RA belongs to a point on the elliptic curve, generates a random number kB epsilon Z x q, calculates RB=kB x pk1, and sends RB to the first communication party;
step 4: after receiving the message, the first communication party calculates an elliptic curve group element R' =ra+rb= (XA, YA), calculates r0=h (z||m) +xamod n and s0= (ka+r0) dA-1mod n, wherein M is the message to be signed, and sends s0 to the second communication party;
step 5: after receiving s', the second communication party calculates t1= (s0+kb) ×d2-1mod n, and sends t1 to the first communication party;
step 6: after the first communication party receives t, s=t1-r 0 is calculated, and a digital signature (r, s) is output.
6. The SM 2-based secure two-party collaborative signature method according to claim 5, wherein: the server and the terminal cooperatively sign, generate a corresponding original public key pk according to a sm2 contract curve, hold (d 1, pk, pk 2) by the terminal, and hold (d 2, pk, pk 1) by the cooperative terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310901192.2A CN116781281A (en) | 2023-07-21 | 2023-07-21 | SM 2-based secure two-party collaborative signature method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310901192.2A CN116781281A (en) | 2023-07-21 | 2023-07-21 | SM 2-based secure two-party collaborative signature method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116781281A true CN116781281A (en) | 2023-09-19 |
Family
ID=87987974
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310901192.2A Pending CN116781281A (en) | 2023-07-21 | 2023-07-21 | SM 2-based secure two-party collaborative signature method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116781281A (en) |
-
2023
- 2023-07-21 CN CN202310901192.2A patent/CN116781281A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10211981B2 (en) | System and method for generating a server-assisted strong password from a weak secret | |
| CN110011802B (en) | Efficient method and system for cooperatively generating digital signature by two parties of SM9 | |
| CN110247757B (en) | Block chain processing method, device and system based on cryptographic algorithm | |
| CN107483191B (en) | SM2 algorithm key segmentation signature system and method | |
| CN112822014A (en) | Data processing method and device, electronic equipment and storage medium | |
| CN110120939B (en) | Encryption method and system capable of repudiation authentication based on heterogeneous system | |
| CN110138567B (en) | ECDSA (electronic signature system) based collaborative signature method | |
| CN109450640B (en) | SM 2-based two-party signature method and system | |
| CN112104453B (en) | Anti-quantum computation digital signature system and signature method based on digital certificate | |
| CN113067823B (en) | Mail user identity authentication and key distribution method, system, device and medium | |
| CN110336664B (en) | SM2 cryptographic algorithm-based cross-domain authentication method for information service entity | |
| KR20210063378A (en) | Computer-implemented systems and methods that share common secrets | |
| CN107395627B (en) | Lightweight authentication protocol based on one-way function | |
| CN112152813A (en) | Certificateless content extraction signcryption method supporting privacy protection | |
| CN115208615A (en) | Data encryption transmission method for numerical control system | |
| CN111049649A (en) | Zero-interaction key negotiation security enhancement protocol based on identification password | |
| CN113098681B (en) | Port order enhanced and updatable blinded key management method in cloud storage | |
| Heninger | RSA, DH, and DSA in the Wild | |
| CN110943845A (en) | Method and medium for cooperatively generating SM9 signature by two light-weight parties | |
| CN108809996B (en) | Integrity auditing method for duplicate deletion stored data with different popularity | |
| CN110048852B (en) | Quantum communication service station digital signcryption method and system based on asymmetric key pool | |
| KR20110016387A (en) | Public key-based authentication apparatus and method for authentication | |
| CN115550007A (en) | Signcryption method and system with equivalence test function based on heterogeneous system | |
| CN114978488A (en) | SM2 algorithm-based collaborative signature method and system | |
| CN116318636A (en) | SM 2-based threshold signature method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |