CN117595984A - Verifiable random function construction method, device, equipment and medium based on SM2 - Google Patents

Verifiable random function construction method, device, equipment and medium based on SM2 Download PDF

Info

Publication number
CN117595984A
CN117595984A CN202311270944.6A CN202311270944A CN117595984A CN 117595984 A CN117595984 A CN 117595984A CN 202311270944 A CN202311270944 A CN 202311270944A CN 117595984 A CN117595984 A CN 117595984A
Authority
CN
China
Prior art keywords
value
partial
hash
proving
proof
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311270944.6A
Other languages
Chinese (zh)
Inventor
杨嘉诚
张永欣
徐响
包子健
雷虹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yunhai Chain Holdings Co ltd
Original Assignee
Yunhai Chain Holdings Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yunhai Chain Holdings Co ltd filed Critical Yunhai Chain Holdings Co ltd
Priority to CN202311270944.6A priority Critical patent/CN117595984A/en
Publication of CN117595984A publication Critical patent/CN117595984A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Algebra (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Power Engineering (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a verifiable random function construction method, a device, equipment and a storage medium based on SM2, which relate to the technical field of computers and comprise the following steps: constructing a system parameter set comprising a finite field, the number of elements in the finite field, elliptic curve parameters, alpha groups, any generating element in the alpha groups, the order of the generating element, a first hash function, a second hash function and a third hash function; calculating a public key by using the private key and the generator; calculating the current message by using a first hash function to obtain a hash value; calculating based on the intermediate value, the generator and the hash value by using a second hash function to obtain a first partial proof value; determining a second partial proof value using the private key, the intermediate value, the first partial proof value, and the order of the generator; determining a third partial proof value using the private key and the hash value; and calculating a third partial proof value by using a third hash function to obtain the verifiable random number. The invention can meet the national security requirement on autonomous and controllable verifiable random functions.

Description

Verifiable random function construction method, device, equipment and medium based on SM2
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method, an apparatus, a device, and a storage medium for constructing a verifiable random function based on SM 2.
Background
There is currently international draft of the standard VRF (Verifiable Random Function ) proposed by IETF authorities, in which the verifiable random function is an encryption function, a pseudo-random number is generated based on data input and a proof is attached, and can be verified by anyone, the data input of the VRF usually includes a pair of public key and private key, also called verification key and secret key, and a seed, the public key and the private key are generated, the seed is selected, then these values are input together into the VRF, and the private key and the seed are used to generate the random number, that is, the VRF generates a random number and a proof, in which the most critical is to generate the proof, because the user can verify the function through the proof, and the private key can ensure that the random number cannot be predicted, and the VRF is widely used in the fields of digital signature, key encapsulation, blockchain co-identification, etc., the VRF can be used to select blockchain node random selection, which is an important tool for the random selection of blockchain nodes in the non-interactive mode, however, and a random number cannot satisfy the requirements of the autonomous security function based on the VRF.
Disclosure of Invention
In view of the above, the present invention aims to provide a verifiable random function construction method, device, equipment and storage medium based on SM2, which can ensure the correctness of the hash result, ensure the verifiability of the hash result, and meet the security requirement of the country on autonomous and controllable verifiable random function. The specific scheme is as follows:
in a first aspect, the invention discloses a verifiable random function construction method based on SM2, which comprises the following steps:
constructing a system parameter set; the system parameter set comprises a finite field, the number of elements in the finite field, elliptic curve parameters, alpha groups, any generating element in the alpha groups, the order of the generating element, a first hash function, a second hash function and a third hash function;
calculating a corresponding public key by using the randomly selected user private key and the generating element in the system parameter set;
carrying out hash calculation on the current message by utilizing the first hash function to obtain a corresponding hash value;
carrying out hash calculation by utilizing the second hash function based on the randomly selected intermediate value, the generator and the hash value to obtain a corresponding first partial proof value;
Determining a corresponding second partial proof value using the private key, the intermediate value, the first partial proof value, and the order of the generator;
determining a corresponding third partial proof value using the private key and the hash value;
and carrying out hash calculation on the third partial proving value by using a third hash function to obtain a corresponding verifiable random number, and constructing a corresponding proving value set based on the first partial proving value, the second partial proving value and the third partial proving value.
Optionally, the calculating the corresponding public key by using the randomly selected user private key and the generating element in the system parameter set includes:
and carrying out point multiplication on the randomly selected user private key and the generating element in the system parameter set to obtain a corresponding public key.
Optionally, the performing hash calculation by using the second hash function and based on the randomly selected intermediate value, the generator and the hash value to obtain a corresponding first partial proof value includes:
performing point multiplication on the randomly selected intermediate value and the generator to obtain a corresponding first point multiplication result, and performing point multiplication on the intermediate value and the hash value to obtain a corresponding second point multiplication result;
And carrying out hash calculation on the first point multiplication result and the second point multiplication result by using the second hash function to obtain a corresponding first partial proof value.
Optionally, said determining a corresponding second partial proof value using the private key, the intermediate value, the first partial proof value, and the order of the generator includes:
calculating the private key, the intermediate value, the first partial proof value and the order of the generator by using a first preset formula to obtain a corresponding second partial proof value; the preset formula is s= ((1+d) -1 ·(k-r·d))mod q:
Wherein s represents the second partial proof value, d represents the private key, k represents the intermediate value, r represents the first partial proof value, and q represents the order of the generator.
Optionally, said determining a corresponding third partial proof value using said private key and said hash value comprises:
and carrying out point multiplication on the private key and the hash value to obtain a corresponding third partial proof value.
Optionally, the method for constructing the verifiable random function based on SM2 further comprises:
judging whether the process of carrying out hash calculation on the third partial proving value in the proving value set by utilizing the third hash function to obtain the verifiable random number is established or not;
If so, carrying out hash calculation on the message by utilizing the first hash function again to obtain a corresponding target hash value for verification;
calculating the first partial proving value, the second partial proving value, the generator and the public key in the proving value set by using a second preset formula to obtain a corresponding first verification value; wherein the second preset formula is U 1 =s·g+ (r+s) ·p, and U 1 Representing the first verification value, r representing the first partial proof value of the set of proof values, s representing the second partial proof value of the set of proof values, G representing the generator, P representingThe public key;
calculating the first partial proving value, the second partial proving value, the third partial proving value and the target hash value in the proving value set by using a third preset formula to obtain a corresponding second verification value; wherein the third preset formula is U 2 =s·q' + (r+s) ·v, and U 2 Representing the second verification value, Q' representing the target hash value, r representing the first partial attestation values of the attestation value set, s representing the second partial attestation values of the attestation value set, V representing the third partial attestation values of the attestation value set;
Carrying out hash calculation on the first verification value and the second verification value by using the second hash function to obtain corresponding target part proof values;
judging whether the target part proving value is consistent with the first part proving value in the proving value set or not to obtain a corresponding judging result;
and determining whether the verifiable random number is valid or not based on the judging result.
Optionally, the determining whether the verifiable random number is valid based on the determination result includes:
if the judging result shows that the target part proving value is consistent with the first part proving value in the proving value set, judging that the verifiable random number is valid and passing verification;
if the judging result shows that the target part proving value is inconsistent with the first part proving value in the proving value set, judging that the verifiable random number is invalid and verification is not passed.
In a second aspect, the present invention discloses a verifiable random function construction device based on SM2, comprising:
the construction module is used for constructing a system parameter set; the system parameter set comprises a finite field, the number of elements in the finite field, elliptic curve parameters, alpha groups, any generating element in the alpha groups, the order of the generating element, a first hash function, a second hash function and a third hash function;
The first calculation module is used for calculating a corresponding public key by using the randomly selected user private key and the generating elements in the system parameter set;
the second calculation module is used for carrying out hash calculation on the current message by utilizing the first hash function to obtain a corresponding hash value;
the first proof value determining module is used for utilizing the second hash function and carrying out hash calculation on the basis of the randomly selected intermediate value, the generator and the hash value to obtain a corresponding first partial proof value;
a second proof value determining module for determining a corresponding second partial proof value using the private key, the intermediate value, the first partial proof value, and the order of the generator;
a third attestation value determining module for determining a corresponding third partial attestation value using the private key and the hash value;
the verifiable random number generation module is used for carrying out hash calculation on the third partial proof value by utilizing a third hash function to obtain a corresponding verifiable random number;
and the proving value set constructing module is used for constructing a corresponding proving value set based on the first partial proving value, the second partial proving value and the third partial proving value.
In a third aspect, the present invention discloses an electronic device, comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the steps of the aforementioned disclosed SM 2-based verifiable random function construction method.
In a fourth aspect, the present invention discloses a computer-readable storage medium for storing a computer program; wherein the computer program when executed by a processor implements the steps of the aforementioned disclosed SM 2-based verifiable random function construction method.
It can be seen that the present invention provides a verifiable random function construction method based on SM2, comprising: constructing a system parameter set; the system parameter set comprises a finite field, the number of elements in the finite field, elliptic curve parameters, alpha groups, any generating element in the alpha groups, the order of the generating element, a first hash function, a second hash function and a third hash function; calculating a corresponding public key by using the randomly selected user private key and the generating element in the system parameter set; carrying out hash calculation on the current message by utilizing the first hash function to obtain a corresponding hash value; carrying out hash calculation by utilizing the second hash function based on the randomly selected intermediate value, the generator and the hash value to obtain a corresponding first partial proof value; determining a corresponding second partial proof value using the private key, the intermediate value, the first partial proof value, and the order of the generator; determining a corresponding third partial proof value using the private key and the hash value; and carrying out hash calculation on the third partial proving value by using a third hash function to obtain a corresponding verifiable random number, and constructing a corresponding proving value set based on the first partial proving value, the second partial proving value and the third partial proving value. Therefore, the verifiable random function constructed based on the SM2 elliptic curve public key cryptographic algorithm generates corresponding verifiable random numbers and a corresponding proving value set, can meet the autonomous and controllable safety requirement of the country on the verifiable random function, can ensure the correctness of the hash result, and can ensure the verifiability of the hash result.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a verifiable random function construction method based on SM 2;
FIG. 2 is a flowchart of a specific verification method disclosed in the present invention;
FIG. 3 is a schematic diagram of a specific SM 2-based verifiable random function architecture and verification thereof;
FIG. 4 is a schematic diagram of another embodiment of SM 2-based verifiable random function construction and verification thereof in accordance with the present disclosure;
fig. 5 is a schematic diagram of a verifiable random function construction device based on SM2 according to the present disclosure;
fig. 6 is a block diagram of an electronic device according to the present disclosure.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
At present, no VRF based on a domestic cryptographic algorithm exists, and the national security requirement on the independent and controllable verifiable random function cannot be met. Therefore, the invention provides an SM 2-based verifiable random function construction scheme, which can meet the national security requirement on autonomous and controllable verifiable random functions, and can ensure the correctness of the hash result and the verifiability of the hash result.
The embodiment of the invention discloses a verifiable random function construction method based on SM2, which is shown in a figure 1 and comprises the following steps:
step S11: constructing a system parameter set; the system parameter set comprises a finite field, the number of elements in the finite field, elliptic curve parameters, alpha groups, any generator in the alpha groups, the order of the generator, a first hash function, a second hash function and a third hash function.
It will be appreciated that during the initialization phase, the system is initialized to obtain the corresponding contained finite field of system build output, the finite fieldElement number, elliptic curve parameters, alpha group, any generator in alpha group, order of said generator, system parameter set of first hash function, second hash function and third hash function, e.g. given security parameter 1 n Then for a selected finite fieldGenerating elliptic curve equation y 2 =x 3 +ax+b mod p, constructing an Abelian group using points satisfying the equation>Then randomly selecting a generating element from Abelian groupThe coordinates of the generator G are (x G ,y G ) Generating element G with order q, selecting hash functionOutputting the corresponding system parametersWherein (1)>And
Wherein, abelian groupAn elliptic curve group with a prime number q is represented, elements in the Abelian group are points on the elliptic curve, a and b represent elliptic curve parameters, and G represents Abelian group +.>Q represents the order of generator G, i.e. Abelian +.>And->Represents the integer set consisting of integers 1,2, …, q-1, +.>Representing a prime field containing p elements.
Step S12: and calculating a corresponding public key by using the randomly selected user private key and the generating element in the system parameter set.
In this embodiment, after the system parameters are constructed, in the key generation stage, the corresponding public key is calculated by using the user private key selected randomly and the generator in the system parameters set. And specifically, carrying out dot multiplication on the randomly selected user private key and the generating element in the system parameter set to obtain a corresponding public key. For example, a user private key is randomly selected The public key is calculated using the private key and the generator in the system parameter set, i.e. p=d·g, to obtain a corresponding public-private key pair (P, d), where d represents the user private key and P represents the user public key.
Step S13: and carrying out hash calculation on the current message by using the first hash function to obtain a corresponding hash value.
In this embodiment, after determining the current public-private key pair, in the random number and proof generation stage, for the current message m, hash calculation is performed on the current message by using the first hash function to obtain a corresponding hash value. For example, a hash value for message m is calculated using a first hash function, i.e. q=h 1 (m) wherein Q represents the hash value.
Step S14: and carrying out hash calculation by utilizing the second hash function based on the randomly selected intermediate value, the generator and the hash value to obtain a corresponding first partial proof value.
In this embodiment, the first partial proof value is calculated, that is, the second hash function is used, and hash calculation is performed based on the intermediate value, the generator, and the hash value that are randomly selected, to obtain the corresponding first partial proof value. Specifically, performing point multiplication on the randomly selected intermediate value and the generator to obtain a corresponding first point multiplication result, and performing point multiplication on the intermediate value and the hash value to obtain a corresponding second point multiplication result; and carrying out hash calculation on the first point multiplication result and the second point multiplication result by using the second hash function to obtain a corresponding first partial proof value. For example, the intermediate value k is randomly selected, and Respectively carrying out point multiplication on the intermediate value and the generator G and the hash value to obtain a corresponding first point multiplication result and a corresponding second point multiplication result, and then carrying out hash calculation on the first point multiplication result and the second point multiplication result by using a second hash function to obtain a corresponding first partial proof value r, namely r=H 2 (k·G,k·Q)。
Step S15: determining a corresponding second partial proof value using the private key, the intermediate value, the first partial proof value, and the order of the generator.
In this embodiment, the private key, the intermediate value, the first partial proof value, and the order of the generator are used to determine the corresponding second partial proof value. Specifically, a first preset formula is utilized to calculate the private key, the intermediate value, the first partial proof value and the order of the generator to obtain a corresponding second partial proof value; the preset formula is s= ((1+d) -1 ·(k-r·d)))mod q;
Wherein s represents the second partial proof value, d represents the private key, k represents the intermediate value, r represents the first partial proof value, and q represents the order of the generator.
Step S16: and determining a corresponding third partial proof value by using the private key and the hash value.
In this embodiment, the private key and the hash value are used to determine a corresponding third partial proof value. Specifically, the private key and the hash value are subjected to dot multiplication to obtain a corresponding third partial proof value. For example, a third partial proof value V, i.e., v=d·q, is calculated.
Step S17: and carrying out hash calculation on the third partial proving value by using a third hash function to obtain a corresponding verifiable random number, and constructing a corresponding proving value set based on the first partial proving value, the second partial proving value and the third partial proving value.
In this embodiment, the third hash function is used to hash the third partial proof value to obtain a corresponding verifiable random number, e.g., to calculate a verifiable random number v, i.e., v=h 3 (V)。
In this embodiment, after the first partial proof value, the second partial proof value, and the third partial proof value are calculated, a corresponding set of proof values, i.e., (V, r, s), is constructed based on the first partial proof value, the second partial proof value, and the third partial proof value.
Therefore, in the embodiment of the invention, the verifiable random function constructed based on the SM2 elliptic curve public key cryptographic algorithm generates the corresponding verifiable random number and the corresponding proving value set, so that the national security requirement on autonomous and controllable verifiable random function can be met, the correctness of the hash result can be ensured, and the verifiability of the hash result can be ensured.
After generating the random number V and the proof value (V, r, s), corresponding verification may be performed, and the embodiment of the present invention further discloses a specific verification method, as shown in fig. 2, which may include:
step S21: and judging whether the process of carrying out hash calculation on the third partial proving value in the proving value set by using the third hash function to obtain the verifiable random number is established or not.
In this embodiment, for a verifiable random number V, a message m, and a proof value (V, r, s), it is first determined that the verifiable random number V, the message m, and the proof value (V, r, s) are obtained by performing hash computation on the third partial proof value in the proof value set using the third hash functionWhether the random number procedure is true or not, i.e. determining v=h 3 (V) whether or not it is established, and if not, it can be directly determined that the current verification is not passed.
Step S22: and if so, carrying out hash calculation on the message by utilizing the first hash function again to obtain a corresponding target hash value for verification.
In this embodiment, when determining whether the process of hashing the third partial proof value in the proof value set by using the third hash function to obtain the verifiable random number is established, if so, i.e., v=h 3 (V) if so, re-hashing the message with the first hash function to obtain a corresponding target hash value for verification, i.e., Q' =h 1 (m)。
Step S23: calculating the first partial proving value, the second partial proving value, the generator and the public key in the proving value set by using a second preset formula to obtain a corresponding first verification value; wherein the second preset formula is U 1 =s·g+ (r+s) ·p, and U 1 Representing the first verification value, r representing the first partial proof value of the set of proof values, s representing the second partial proof value of the set of proof values, G representing the generator, and P representing the public key.
It will be appreciated that the key pair generated in the key generation stage, the private key is used to generate the partial hash value and the public key is used to verify the hash value.
Step S24: calculating the first partial proving value, the second partial proving value, the third partial proving value and the target hash value in the proving value set by using a third preset formula to obtain a corresponding second verification value; wherein the third preset formula is U 2 =s·q' + (r+s) ·v, and U 2 Representing the second verification value, Q' representing the target hash value, r representing the first partial attestation values of the set of attestation values, s representing the second partial attestation values of the set of attestation values, V representing the third partial attestation values of the set of attestation values.
Step S25: and carrying out hash calculation on the first verification value and the second verification value by using the second hash function to obtain corresponding target part proof values.
In this embodiment, after a first verification value and a second verification value are calculated by using a newly generated target hash value, a partial proof value in a proof value set, a generator, and a public key, the first verification value and the second verification value are hashed by using the second hash function to obtain corresponding target partial proof values, i.e., r' =h 2 (U 1 ,U 2 ) Where r' represents the target portion proof value.
Step S26: and judging whether the target part proving value is consistent with the first part proving value in the proving value set or not to obtain a corresponding judging result.
In this embodiment, after determining the target portion proof value for verification, it is determined whether the target portion proof value is consistent with the first portion proof value in the proof value set to obtain a corresponding determination result, that is, whether r=r' is established.
Step S27: and determining whether the verifiable random number is valid or not based on the judging result.
In this embodiment, whether the verifiable random number is valid is determined based on the determination result, and if the determination result indicates that the target portion proof value is consistent with the first portion proof value in the proof value set, the verifiable random number is determined to be valid and verification is passed; if the judging result shows that the target part proving value is inconsistent with the first part proving value in the proving value set, judging that the verifiable random number is invalid and verification is not passed.
For example, referring to fig. 3, system initialization is completed to obtain corresponding system parametersAnd generating a corresponding public-private key pair (P, d), for the current message m, in the proving part, a verifiable random number and a proving valueThe process is specifically as follows:
(a) Calculating a hash value q=h for message m 1 (m);
(b) Randomly selects the intermediate value k, andcalculating a partial proof value r=h 2 (k·G,k·Q);
(c) Calculate the partial proof value s= ((1+d) -1 ·(k-r·d))mod q;
(d) Calculating a partial proof value v=d·q;
(e) Calculating a verifiable random number v=h 3 (V);
(f) The output may verify the random number V and the attestation value (V, r, s).
In the verification section, verification is performed using the output verifiable random number V and the proof value (V, r, s), and the message m, and a specific verification process is as follows:
(a) Judgment of v=h 3 (V) if not, outputting a preset symbol T to indicate that the current verification is not passed;
(b) Recalculate Q' =h 1 (m);
(c) Calculation U 1 =s·G+(r+s)·P;
(d) Calculation U 2 =s·Q′+(r+s)·V;
(e) Calculate r' =h 2 (U 1 ,U 2 );
(f) Judging whether r=r 'is true, if r=r' is true, judging that the verifiable random number is valid, and passing verification; if r=r' does not hold, it is determined that the verifiable random number is invalid and verification is not passed.
In order to realize batch verification of a plurality of results, the verification efficiency needs to be improved by adjusting the proving value set, that is, based on the first point multiplication result and the second point multiplication result, the second partial proving value and the third partial proving value construct corresponding proving value sets, that is, (V, a, B, s), wherein a=k·g, and b=k·q. It should be noted that r in the set of proof values (V, r, s) belongs toElements of (1), i.e.)>Whereas A, B in the set of proving values (V, a, B, s) constructed for realizing batch verification of a plurality of results all belong to points on the elliptic curve, the original set of proving values (V, r, s) is adjusted to (V, a, B, s) for the purpose of improving the verification efficiency.
For example, for a plurality of random numbers v generated 1 ,...,v n A plurality of proof values (V 1 ,A 1 ,B 1 ,s 1 ),...,(V n ,A n ,B n ,s n ) Current plurality of messages m 1 ,...,m n The batch verification process may include: for all i E [1, n]Firstly, judging whether the process of carrying out hash calculation on the third partial proof value in the ith proof value set by utilizing the third hash function to obtain the ith verifiable random number is true or not, namely judging v i =H 3 (V i ) If not, the ith random number can be directly judged to be invalid. If so, then for all i ε [1, n]Hash calculation is carried out on the ith message by utilizing the first hash function to obtain a corresponding ith target hash value for verification, namely Q '' i =H 1 (m i ) And utilize the calculation r i =H 2 (A i ,B i ) Then choose 2 random numbersJudgingIf so, judging that the ith verifiable random number is valid, and returning to 1 after verification is passed; if not, it is determined that the ith verifiable random number is invalid and verification is not passed. It should be noted that->Representing elliptic curve multi-scalar multiplication algorithms, existing optimization algorithms, such as Strauss-Shamir elliptic curve multi-scalar optimization algorithms, where O is the infinite point of the elliptic curve, may be used to increase computational efficiency.
As another example, referring to fig. 4, when i=1, system initialization is completed to obtain corresponding system parameters After the corresponding public and private key pair (P, d) is generated, the process of generating the verifiable random number and the proving value in the proving part aiming at the current message m is specifically as follows:
p1: calculating a hash value q=h for message m 1 (m);
P2: randomly selects the intermediate value k, andcalculating a partial proof value r=h 2 (k·G,k·Q);
P3: calculate the partial proof value s= ((1+d) -1 ·(k-r·d))mod q;
P4: calculating a partial proof value v=d·q;
p5: calculating a verifiable random number v=h 3 (V);
P6: the output may verify the random number V and the attestation value (V, a, B, s).
In the verification section, when i=1, verification is performed using the output verifiable random number V and the proof value (V, a, B, s), and the message m, and a specific verification process is as follows:
v1: judgment of v=h 3 (V) if not, outputting a preset symbol T to indicate that the current verification is not passed;
v2: recalculate Q' =h 1 (m);
V3: recalculate r' =h 2 (A,B);
V4: judging whether A=s.G+ (r' +s) P is true or not; if not, judging that the verifiable random number is invalid, and returning 0 if verification is not passed;
v5: judging whether B=s.Q '+ (r' +s) V is true or not; if not, judging that the verifiable random number is invalid, and returning 0 if verification is not passed;
v6: if the above-mentioned judgement is true, then it is judged that the verifiable random number is valid, and the verification is passed, and 1 is returned.
Correspondingly, the embodiment of the invention also discloses a verifiable random function construction device based on SM2, which is shown in fig. 5 and comprises:
a construction module 11 for constructing a system parameter set; the system parameter set comprises a finite field, the number of elements in the finite field, elliptic curve parameters, alpha groups, any generating element in the alpha groups, the order of the generating element, a first hash function, a second hash function and a third hash function;
a first calculation module 12, configured to calculate a corresponding public key using the randomly selected user private key and the generator in the system parameter set;
a second calculation module 13, configured to perform hash calculation on the current message by using the first hash function to obtain a corresponding hash value;
a first proof value determining module 14, configured to utilize the second hash function and perform hash computation based on the randomly selected intermediate value, the generator, and the hash value to obtain a corresponding first partial proof value;
a second proof value determining module 15 for determining a corresponding second partial proof value using the private key, the intermediate value, the first partial proof value, and the order of the generator;
A third attestation value determination module 16 for determining a corresponding third partial attestation value using the private key and the hash value;
a verifiable random number generation module 17, configured to perform hash computation on the third partial proof value by using a third hash function to obtain a corresponding verifiable random number;
a proof value set construction module 18 for constructing a corresponding proof value set based on the first partial proof value, the second partial proof value and the third partial proof value.
From the above, in the embodiment of the invention, the verifiable random function constructed based on the SM2 elliptic curve public key cryptographic algorithm generates the corresponding verifiable random number and the corresponding proving value set, so that the national security requirement on autonomous controllability of the verifiable random function can be met, the correctness of the hash result can be ensured, and the verifiability of the hash result can be ensured.
In some specific embodiments, the first computing module 12 may specifically include:
and the public key calculation unit is used for carrying out point multiplication on the randomly selected user private key and the generating elements in the system parameter set to obtain a corresponding public key.
In some specific embodiments, the first proof value determining module 14 may specifically include:
The first dot multiplication unit is used for dot multiplying the randomly selected intermediate value and the generating element to obtain a corresponding first dot multiplication result;
the second point multiplication unit is used for carrying out point multiplication on the intermediate value and the hash value to obtain a corresponding second point multiplication result;
and the first proving value determining unit is used for carrying out hash calculation on the first point multiplication result and the second point multiplication result by using the second hash function to obtain a corresponding first partial proving value.
In some specific embodiments, the second proof value determining module 15 may specifically include:
the second proof value determining unit is used for calculating the private key, the intermediate value, the first partial proof value and the order of the generator by using a first preset formula to obtain a corresponding second partial proof value; the preset formula is s= ((1+d) -1 ·(k-r·d))mod q:
Wherein s represents the second partial proof value, d represents the private key, k represents the intermediate value, r represents the first partial proof value, and q represents the order of the generator.
In some specific embodiments, the third proof value determining module 16 may specifically include:
and the third proof value determining unit is used for carrying out point multiplication on the private key and the hash value to obtain a corresponding third partial proof value.
In some specific embodiments, the SM 2-based verifiable random function construction device may specifically further include:
the first judging module is used for judging whether the process of carrying out hash calculation on the third partial proving value in the proving value set by utilizing the third hash function to obtain the verifiable random number is established or not;
the target hash value determining module is configured to, when the process of performing hash computation on the third partial proof value in the proof value set by using the third hash function to obtain the verifiable random number is established, re-perform hash computation on the message by using the first hash function to obtain a corresponding target hash value for verification;
the first verification value determining module is used for calculating the first partial proof value, the second partial proof value, the generator and the public key in the proof value set by using a second preset formula to obtain a corresponding first verification value; wherein the second preset formula is U 1 =s·g+ (r+s) ·p, and U 1 Representing the first verification value, r representing the first partial proof value in the proof value set, s representing the second partial proof value in the proof value set, G representing the generator, and P representing the public key;
The second verification value determining module is used for calculating the first partial verification value, the second partial verification value, the third partial verification value and the target hash value in the verification value set by utilizing a third preset formula to obtain a corresponding second verification value; wherein the third preset formula is U 2 =s·q' + (r+s) ·v, and U 2 Representing the second verification value, Q' representing the target hash value, r representing the first partial proof value of the set of proof values, s representing the second partial proof of the set of proof values-a plaintext value, V representing the third partial proof value of the set of proof values;
the target part proof value determining module is used for carrying out hash calculation on the first verification value and the second verification value by utilizing the second hash function to obtain corresponding target part proof values;
the second judging module is used for judging whether the target part proving value is consistent with the first part proving value in the proving value set or not to obtain a corresponding judging result;
and the third judging module is used for determining whether the verifiable random number is valid or not based on the judging result.
In some specific embodiments, the third determining module may specifically include:
A first judging unit, configured to judge that the verifiable random number is valid and pass verification when the judging result indicates that the target portion proof value is consistent with the first portion proof value in the proof value set;
and the second judging unit is used for judging that the verifiable random number is invalid and verification is not passed when the judging result shows that the target part proof value is inconsistent with the first part proof value in the proof value set.
Further, the embodiment of the invention also provides electronic equipment. Fig. 6 is a block diagram of an electronic device 20, according to an exemplary embodiment, and is not intended to limit the scope of use of the present invention in any way.
Fig. 6 is a schematic structural diagram of an electronic device 20 according to an embodiment of the present invention. The electronic device 20 may specifically include: at least one processor 21, at least one memory 22, a power supply 23, a communication interface 24, an input output interface 25, and a communication bus 26. Wherein the memory 22 is configured to store a computer program that is loaded and executed by the processor 21 to implement the relevant steps in the SM 2-based verifiable random function construction method disclosed in any of the foregoing embodiments. In addition, the electronic device 20 in the present embodiment may be specifically an electronic computer.
In this embodiment, the power supply 23 is configured to provide an operating voltage for each hardware device on the electronic device 20; the communication interface 24 can create a data transmission channel between the electronic device 20 and an external device, and the communication protocol to be followed is any communication protocol applicable to the technical solution of the present invention, which is not specifically limited herein; the input/output interface 25 is used for acquiring external input data or outputting external output data, and the specific interface type thereof may be selected according to the specific application requirement, which is not limited herein.
The memory 22 may be a carrier for storing resources, such as a read-only memory, a random access memory, a magnetic disk, or an optical disk, and the resources stored thereon may include an operating system 221, a computer program 222, and the like, and the storage may be temporary storage or permanent storage.
The operating system 221 is used for managing and controlling various hardware devices on the electronic device 20 and computer programs 222, which may be Windows Server, netware, unix, linux, etc. The computer program 222 may further include a computer program that can be used to perform other specific tasks in addition to the computer program that can be used to perform the SM 2-based verifiable random function construction method performed by the electronic device 20 as disclosed in any of the foregoing embodiments.
Further, the embodiment of the invention also discloses a computer readable storage medium, wherein a computer program is stored in the computer readable storage medium, and when the computer program is loaded and executed by a processor, the steps of the verifiable random function construction method based on SM2 disclosed in any embodiment are realized.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, so that the same or similar parts between the embodiments are referred to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The method, the device, the equipment and the storage medium for constructing the verifiable random function based on SM2 are described in detail, and specific examples are applied to the principle and the implementation mode of the invention, and the description of the examples is only used for helping to understand the method and the core idea of the invention; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present invention, the present description should not be construed as limiting the present invention in view of the above.

Claims (10)

1. A method for constructing a verifiable random function based on SM2, comprising:
constructing a system parameter set; the system parameter set comprises a finite field, the number of elements in the finite field, elliptic curve parameters, alpha groups, any generating element in the alpha groups, the order of the generating element, a first hash function, a second hash function and a third hash function;
calculating a corresponding public key by using the randomly selected user private key and the generating element in the system parameter set;
carrying out hash calculation on the current message by utilizing the first hash function to obtain a corresponding hash value;
Carrying out hash calculation by utilizing the second hash function based on the randomly selected intermediate value, the generator and the hash value to obtain a corresponding first partial proof value;
determining a corresponding second partial proof value using the private key, the intermediate value, the first partial proof value, and the order of the generator;
determining a corresponding third partial proof value using the private key and the hash value;
and carrying out hash calculation on the third partial proving value by using a third hash function to obtain a corresponding verifiable random number, and constructing a corresponding proving value set based on the first partial proving value, the second partial proving value and the third partial proving value.
2. The SM 2-based verifiable random function construction method of claim 1, wherein the computing the corresponding public key using the randomly selected user private key and the generator in the system parameter set comprises:
and carrying out point multiplication on the randomly selected user private key and the generating element in the system parameter set to obtain a corresponding public key.
3. The SM 2-based verifiable random function construction method of claim 1, wherein the performing a hash calculation using the second hash function based on the randomly selected intermediate value, the generator, and the hash value to obtain the corresponding first partial proof value comprises:
Performing point multiplication on the randomly selected intermediate value and the generator to obtain a corresponding first point multiplication result, and performing point multiplication on the intermediate value and the hash value to obtain a corresponding second point multiplication result;
and carrying out hash calculation on the first point multiplication result and the second point multiplication result by using the second hash function to obtain a corresponding first partial proof value.
4. The SM 2-based verifiable random function construction method of claim 1, wherein the determining the corresponding second partial proof value using the private key, the intermediate value, the first partial proof value, and the order of the generator comprises:
calculating the private key, the intermediate value, the first partial proof value and the order of the generator by using a first preset formula to obtain a corresponding second partial proof value; the preset formula is s= ((1+d) -1 ·(k-r·d))mod q;
Wherein s represents the second partial proof value, d represents the private key, k represents the intermediate value, r represents the first partial proof value, and q represents the order of the generator.
5. The SM 2-based verifiable random function construction method of claim 1, wherein the determining the corresponding third partial proof value using the private key and the hash value comprises:
And carrying out point multiplication on the private key and the hash value to obtain a corresponding third partial proof value.
6. The SM 2-based verifiable random function construction method of any one of claims 1 to 5, further comprising:
judging whether the process of carrying out hash calculation on the third partial proving value in the proving value set by utilizing the third hash function to obtain the verifiable random number is established or not;
if so, carrying out hash calculation on the message by utilizing the first hash function again to obtain a corresponding target hash value for verification;
calculating the first partial proving value, the second partial proving value, the generator and the public key in the proving value set by using a second preset formula to obtain a corresponding first verification value; wherein the second preset formula is U 1 =s·g+ (r+s) ·p, and U 1 Representing the first verification value, r representing the first one of the set of attestation valuesA portion of attestation values, s representing the second portion of attestation values in the set of attestation values, G representing the generator, P representing the public key;
calculating the first partial proving value, the second partial proving value, the third partial proving value and the target hash value in the proving value set by using a third preset formula to obtain a corresponding second verification value; wherein the third preset formula is U 2 =s·q' + (r+s) ·v, and U 2 Representing the second verification value, Q' representing the target hash value, r representing the first partial attestation values of the attestation value set, s representing the second partial attestation values of the attestation value set, V representing the third partial attestation values of the attestation value set;
carrying out hash calculation on the first verification value and the second verification value by using the second hash function to obtain corresponding target part proof values;
judging whether the target part proving value is consistent with the first part proving value in the proving value set or not to obtain a corresponding judging result;
and determining whether the verifiable random number is valid or not based on the judging result.
7. The SM 2-based verifiable random function construction method of claim 6, wherein the determining whether the verifiable random number is valid based on the determination result comprises:
if the judging result shows that the target part proving value is consistent with the first part proving value in the proving value set, judging that the verifiable random number is valid and passing verification;
if the judging result shows that the target part proving value is inconsistent with the first part proving value in the proving value set, judging that the verifiable random number is invalid and verification is not passed.
8. A verifiable random function construction device based on SM2, comprising:
the construction module is used for constructing a system parameter set; the system parameter set comprises a finite field, the number of elements in the finite field, elliptic curve parameters, alpha groups, any generating element in the alpha groups, the order of the generating element, a first hash function, a second hash function and a third hash function;
the first calculation module is used for calculating a corresponding public key by using the randomly selected user private key and the generating elements in the system parameter set;
the second calculation module is used for carrying out hash calculation on the current message by utilizing the first hash function to obtain a corresponding hash value;
the first proof value determining module is used for utilizing the second hash function and carrying out hash calculation on the basis of the randomly selected intermediate value, the generator and the hash value to obtain a corresponding first partial proof value;
a second proof value determining module for determining a corresponding second partial proof value using the private key, the intermediate value, the first partial proof value, and the order of the generator;
a third attestation value determining module for determining a corresponding third partial attestation value using the private key and the hash value;
The verifiable random number generation module is used for carrying out hash calculation on the third partial proof value by utilizing a third hash function to obtain a corresponding verifiable random number;
and the proving value set constructing module is used for constructing a corresponding proving value set based on the first partial proving value, the second partial proving value and the third partial proving value.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the steps of the SM 2-based verifiable random function construction method as recited in any one of claims 1 to 7.
10. A computer-readable storage medium storing a computer program; wherein the computer program when executed by a processor implements the steps of the SM 2-based verifiable random function construction method as claimed in any one of claims 1 to 7.
CN202311270944.6A 2023-09-28 2023-09-28 Verifiable random function construction method, device, equipment and medium based on SM2 Pending CN117595984A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311270944.6A CN117595984A (en) 2023-09-28 2023-09-28 Verifiable random function construction method, device, equipment and medium based on SM2

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311270944.6A CN117595984A (en) 2023-09-28 2023-09-28 Verifiable random function construction method, device, equipment and medium based on SM2

Publications (1)

Publication Number Publication Date
CN117595984A true CN117595984A (en) 2024-02-23

Family

ID=89915628

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311270944.6A Pending CN117595984A (en) 2023-09-28 2023-09-28 Verifiable random function construction method, device, equipment and medium based on SM2

Country Status (1)

Country Link
CN (1) CN117595984A (en)

Similar Documents

Publication Publication Date Title
Li et al. Secure attribute-based data sharing for resource-limited users in cloud computing
JP5329676B2 (en) Accelerating key agreement protocols
US5231668A (en) Digital signature algorithm
Zhou et al. Provable certificateless generalized signcryption scheme
CA2262549C (en) Accelerating public-key cryptography by precomputing randomly generated pairs
US20090232301A1 (en) Method and system for generating session key, and communication device
JP5690465B2 (en) Custom Static Diffie-Hellman Group
US8681986B2 (en) Single-round password-based key exchange protocols
EP2351287B1 (en) Method of generating a cryptographic key, network and computer program therefor
CA2984390A1 (en) Elliptic curve isogeny-based cryptographic scheme
Zhang et al. Delegation of signing rights using certificateless proxy signatures
Huang et al. Enhancement of Timestamp-based User Authentication Scheme with Smart Card.
CN114584323B (en) Lattice-based proxy signature and verification method, device, equipment and storage medium
CN109618348B (en) Method and device for realizing one-way proxy re-signature
Liu et al. An efficient fine-grained data access control system with a bounded service number
CN117595984A (en) Verifiable random function construction method, device, equipment and medium based on SM2
Bhattacharya et al. Improving the Diffie-Hellman secure key exchange
Xiong et al. A pairing-free key-insulated certificate-based signature scheme with provable security
Cheng et al. Cryptanalysis and improvement of a certificateless encryption scheme in the standard model
CN117353934A (en) Verifiable random function construction method, device and equipment based on ECDSA
KR20210061194A (en) Method and apparatus for public-key cryptography based on structured matrices
CN117527223B (en) Distributed decryption method and system for quantum-password-resistant grid
He et al. Pairing-free certificateless key-insulated encryption with provable security
CN115664651B (en) SM 9-based online and offline encryption and decryption method, system, equipment and medium
JP4462511B2 (en) Session parameter generation method for Elgamal-like protocol

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination