CN1505313A - Elliptic curve signature and signature verification method and apparatus - Google Patents

Elliptic curve signature and signature verification method and apparatus Download PDF

Info

Publication number
CN1505313A
CN1505313A CNA021547165A CN02154716A CN1505313A CN 1505313 A CN1505313 A CN 1505313A CN A021547165 A CNA021547165 A CN A021547165A CN 02154716 A CN02154716 A CN 02154716A CN 1505313 A CN1505313 A CN 1505313A
Authority
CN
China
Prior art keywords
signature
function
certifying
curve
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA021547165A
Other languages
Chinese (zh)
Other versions
CN100440776C (en
Inventor
陈建华
汪朝辉
李莉
涂航
崔竞松
彭蓉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
HAINAN XINAN DATA SYSTEM CO Ltd
Original Assignee
HAINAN XINAN DATA SYSTEM CO Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by HAINAN XINAN DATA SYSTEM CO Ltd filed Critical HAINAN XINAN DATA SYSTEM CO Ltd
Priority to CNB021547165A priority Critical patent/CN100440776C/en
Publication of CN1505313A publication Critical patent/CN1505313A/en
Application granted granted Critical
Publication of CN100440776C publication Critical patent/CN100440776C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Abstract

The invention is a kind of elliptical curve signing method. The transmitting end discloses the system parameter and the public key YA, then generates random k, carries on elliptical curve dot product calculation to k with the base point G of curve, gets a point kG on curve, uses function d to calculate kG and clear text m, gets r=d(m, kG); functions f0, f1, g0, g1 are all functions of r, solutes f0(r)+f1(r)s=k-xA(g0(r)+g1(r)s) with functions f0, f1, g0, g1 and personal key xA and gets the result s=(k-xAg0(r)-f0(r))(f1(r))-g1(r))-1; the reception side receives and uses the public YA, elliptical curve base point G and the function f0, f1, g0, g1 of transmitting end, and works out P=(f0(r)+f1(r)s)G+(g0(r)+g1(r))-G1(r)s)YA, uses function d' to calculate m'=d'(r, P); compares the m and m'; d and d' have following nature: if d shape is : D=d(x, y), through function d there may get y=d'(x, D).

Description

Ellipse curve signature and certifying signature method and apparatus
Technical field
The present invention relates to data signature and certifying signature, is signature and the certifying signature method of utilizing the elliptic curve discrete logarithm problem.
Background technology
Cryptographic system is divided into symmetric cryptosystem and asymmetric cryptosystem.
Symmetric cryptography also is the conventional cipher algorithm sometimes, is exactly that encryption key can be calculated from separate dense wanting, otherwise also sets up.In most of algorithms, the enciphering/deciphering key is identical.These algorithms also are secret-key algorithm or single key algorithm, and it requires sender and recipient before secure communication, consult a key.The fail safe of symmetric cryptography depends on key, and the key of divulging a secret just means that anyone can both carry out enciphering/deciphering to message.So though the speed of symmetric cryptography is very fast, how secret key safety being distributed to legal user but is a problem.
At patent " encryption device and method " (" CRYPTOGRAPHIC APPARATUS METHOD ", the patent No.: provided US4200770) one can be in overt channel the method and apparatus of interchange key, this method is called the public-key cryptography exchange or is called the Diffie-Hellman key exchange method.This patent makes communicating pair use a mould power function to consult and transmit their secret information.The assailant will seek out the secret information of transmission, must solve discrete logarithm problem.If the parameter of using is enough big, separating discrete logarithm problem is an intractable problem.
Public key cryptography claims asymmetric cryptography again, then can effectively solve the problem of above-mentioned authentication.Public key cryptography is different with the symmetric cryptography that only uses a key, and public key cryptography is asymmetric, and its uses two independences but the key of certain mathematical connection is arranged: PKI and private key.Secret its private key of recipient in the communication discloses its PKI like this.Most important progress in the public key cryptography is exactly a digital signature, realizes that by public key cryptography digital signature can effectively solve the problem of above-mentioned authentication.User A is before B transmission information, use the private key of oneself that this information is carried out digital signature, user B is after the information that receives the A transmission, use the signature of the disclosed public key verifications A of A, because have only A to have its private key, this has just guaranteed that the information that B received comes from A really, and is not distorted, and has also confirmed the identity of A simultaneously.
Patent " cryptographic communication system and method " (" CRYPTOGRAPHIC COMMUNICATIONSSYSTEM AND METHOD ", the patent No.: US4405829) proposed Rivest, a kind of public key cryptography method---the RSA of Shamir and Adleman invention.The fail safe of RSA public key cryptography method is based on the intractability of big integer factor resolution problem.But to the improving constantly of security requirement, also come also high more to the requirement of RSA key length along with at present.
Taher ElGamal has proposed a kind of public key digital signature mechanism based on euler algorithm.In this mechanism, transmit leg A uses the mould power function to hide private key x, calculates y=g xMod p, and PKI y is open.Recipient B utilizes private key to sign, and B utilizes the PKI of A to come certifying signature, and specific algorithm is as follows:
1, preprocessing process: obtain the needed parameters of signature
1.1: determine finite field gf (p), promptly determine prime number p;
1.2: determine generator g;
1.3: choose random number X A, make 1≤X A≤ p-1 is with X AAs signature key, i.e. private key;
1.4: calculate y A=g XA, y AAs PKI, be used for certifying signature;
1.6: open parameter g, p and PKI y A
2, signature process:
2.1: transmit leg open parameter g, p and PKI y A
2.2: generate random number k, wherein 1≤k≤p-1 utilizes the mould power function to calculate r=g k
2.3: calculate for plaintext m: s=k -1(m-xr) mod p;
2.4: above-mentioned acquisition (r s) is the signature of transmit leg to plaintext m, and transmit leg will (r, s) and expressly m sends to the recipient.
3, proof procedure:
3.1: recipient B receive expressly m with and signature (r, s);
3.2: according to known parameters p, the PKI y of g and A A, judge y A rr sWhether mod p equals g mMod p, if then checking is passed through, otherwise, authentication failed
4, finish.
The method is referred to as Digital Signature Algorithm (DSA) subsequently.
The Fundamentals of Mathematics relevant with the E1Gama1 data signature mechanism are quite complicated, and signature length is quite long.United States Patent (USP) " generates and verifies electronic signature and discern the method for signing " (" Method for Identifying Subscribers and for Generatingand Verifying Electronic Signatures in a Data Exchange System " patent No. US4 in data exchange system, 995,082) in, proposed the method for a kind of safe generation than the short number word signature, its basis is other mathematical method with lower complexity.
In United States Patent (USP) " Digital Signature Algorithm " (" Digital Signature Algorithm " patent No. US5,231,668), under the situation that keeps the same mathematical complexity, shortened the length of E1Gama1 digital signature.
Subsequently, the Rueppel of Switzerland and Australian Nyberg have obtained patent " digital signature method and key exchange method " (" Digital Signature Method and KeyAgreement Method " patent No. US5 in the U.S., 600,725), the endorsement method in this patent has signature, verifying speed is fast and the function of message recovery.Its concrete signature-verification process is as follows:
1, preprocessing process: obtain the needed parameters of signature
1.1: determine finite field gf (p);
1.2: determine generator g;
1.3: choose random number X A, make 1≤X A≤ p-1 is with X AAs private key for user;
1.4: calculate y A=g XAMod p, y AAs client public key;
1.6: open g, p and PKI y A
2, signature process:
2.1: obtain signature information m;
2.2: signer generates random number k, and wherein 1≤k≤p-1 utilizes the mould power function
Calculate r=mg -kMod p;
2.3: calculate s=k-xr mod p;
2.4: (r s) sends to the recipient to signer with its signature with message m.
3, proof procedure:
3.1: the recipient receive message m and its signature (r, s);
3.2: according to known parameters p, g, y A, judge g sy A rWhether mod p equals m (mod
P), if equate, then checking is passed through, otherwise, authentication failed;
4, finish.
Neal Koblitz in 1985 and Victor Miller propose respectively elliptic curve is used for common key cryptosystem, and have realized already present public key algorithm with elliptic curve.Cryptographic algorithm based on elliptic curve discrete logarithm problem intractability is called as elliptic curve cryptography (Elliptic Curve Cryptography is called for short ECC), becomes the public key algorithm of being accepted extensively by international cryptography circle.
Subsequently, DSA signature mechanism mentioned above and NR signature mechanism are transplanted on the elliptic curve successively, become ECDSA signature algorithm and ECNR signature algorithm, make signature mechanism based on a mathematics difficult problem, promote to based on elliptic curve discrete logarithm problem intractability from the discrete logarithm problem intractability.
Summary of the invention
The objective of the invention is to propose a kind of new ellipse curve signature method.This endorsement method is based on the elliptic curve discrete logarithm problem, this problem has higher complexity on mathematics, thereby have higher characteristics of unit security intensity, promptly can shorten the length of digital signature greatly with identical security intensity, accelerate signature speed, thereby more can satisfy the demand of constrained environments such as mobile communication; And this signature algorithm can construct by the selection of parameter than the application ECDSA ECDSA of DSA Digital Signature Algorithm on elliptic curve high-efficient algorithm more, the message that makes the user not transmit to be signed can also make this algorithm have the function of message recovery, even also can be carried out signature verification.
The invention provides a kind of signature and certifying signature method, system at first determines finite field gf (q), chooses elliptic curve equation E; Choose the basic point G of elliptic curve, and calculate elliptic curve point order of a group N on the finite field.Transmit leg A utilizes these system parameterss to generate the private key X of oneself as signer A, 1≤X wherein A≤ N-1 utilizes basic point G to calculate dot product then and obtains some Y on the elliptic curve A=X AG is as PKI.Below the signature process step of sender A for plaintext m:
At first, open system parameters of transmit leg A and PKI Y thereof A, generate random number k then, make k drop on the interval [1, N-1], the basic point G of k and curve is carried out the elliptic curve point multiplication operation, obtain the some kG on the curve; Use some kG that function d will obtain and expressly m carry out computing, wherein guarantee from d, to obtain the value of k, obtain r=d (m, kG).Function f 0, f 1, g 0, g 1Be all the function of r, use function f 0, f 1, g 0, g 1With random number and private key X ASolving equation f 0(r)+f 1(r) s=k-X A(g 0(r)+g 1(r) s) solve s=(k-X Ag 0(r)-f 0(r)) (f 1(r))-g 1(r) -1, obtain like this (r s) is the signature of A to plaintext m.(r s) sends to B to sender A with its signature with plaintext m.
Recipient B receives plaintext m, and (r, s), Y at first uses public-key with its signature A, elliptic curve basic point G and function f 0, f 1, g 0, g 1Calculate P=(f 0(r)+f 1(r) G+ (g s) 0(r)+g 1(r) Y s) A, use function d ' and calculating m '=d ' (r, P).M ' that calculates and the m that receives are compared, if identical then sign legally, simultaneously m ' recovers the plaintext that obtains from the signature result, if difference then sign illegal.
Wherein above-mentioned function d and function d ' must have following character: establishing function d shape is D=d (x, y), from function d can push away y=d ' (x, D), the function d that obtains like this can effectively be hidden cleartext information and random number information in above-mentioned signature and proof procedure; Function d ' can in above-mentioned proof procedure, recover the cleartext information that obtains hiding.
According to another aspect of the present invention, provide a kind of signature of described ellipse curve signature and certifying signature method and device of certifying signature of adopting;
Description of drawings
Fig. 1 is the flow chart of signature process of the present invention.
Fig. 2 is the flow chart of certifying signature process of the present invention.
Fig. 3 is the block diagram of signature of the present invention and certifying signature device.
Embodiment
Fig. 1 illustrates the flow chart of signature process of the present invention.
In step 101, recipient A discloses its PKI Y AAnd system parameters: the basic point G of curve E, elliptic curve point group, elliptic curve point order of a group N;
In step 102, recipient A generates random number k, 1≤k≤n-1 wherein, and wherein N is the some order of a group of elliptic curve;
In step 103, the point multiplication operation with k and basic point G make elliptic curve obtains the some kG on the curve;
In step 104, obtain expressly m.When the length of real messages was longer than the message-length that can sign, message m can be replaced with the result of Hash function h (m), promptly used private key that the hash value h (m) of message m is signed; When checking, the Hash of message m elder generation that receives is obtained h (m), re-use h (m) certifying signature;
In step 105, use function d that plaintext m and the kG that obtains in the step 104 carried out computing, obtain r=d (m, kG).Wherein function d must have following character: establish d function shape and be D=d (x, y), from function d can push away function d ', have y=d ' (x, the d function that D) obtains like this can effectively be hidden cleartext information and random number information in above-mentioned signature and proof procedure; D ' function can recover the cleartext information that obtains hiding in following validation process steps 204;
In step 106, use function d that plaintext m and the P that obtains in the step 104 carried out computing, obtain r=d (m, P).Use the function f of r 0, f 1, g 0, g 1With random number and private key X ASolving equation f 0(r)+f 1(r) s=k-X A(g 0(r)+g 1(r) s) solve s=(k-X Ag 0(r)-f 0(r)) (f 1(r))-g 1(r)) -1
In step 107, before sending the signature result, must judge whether the signature r and the s that obtain are zero, if be zero, then must skip to step 102, reselect random number k, again plaintext m are signed;
In step 108, the r and the s that obtain in step 107 are non-vanishing, then obtained A to the signature result of plaintext m (r, s).(r s) sends to B to sender A with its signature with plaintext m.
So far, signature process finishes.
Fig. 2 illustrates the flow chart of certifying signature process of the present invention.
In step 201, recipient B receive plaintext m that A sends and signature (r, s);
In step 202, B obtains the PKI Y of system parameters and A A
In step 203, the B Y that uses public-key A, elliptic curve basic point G and function f 0, f 1, g 0, g 1Calculate P=(f 0(r)+f 1(r) G+ (g s) 0(r)+g 1(r) Y s) A
In step 204, B uses function d ' and calculating m '=d ' (r, P);
In step 205, B compares m ' that obtains in the step 204 and the m that receives, if equate, and then to step 206, if unequal, then to step 207;
In step 206, m ' and the m that receives equate that checking is passed through, and it is legal to sign;
In step 206, m ' and the m that receives are unequal, and signature is illegal.
So far, the certifying signature process finishes.
In step 104, when the length of real messages was grown than the message-length that can sign, message m can be replaced with the result of Hash function h (m), and promptly the hash value h (m) to message week signs; In verification step 201, use the Hash function to handle earlier the message m that receives and obtain h (m), again to h (m) certifying signature.
If in the message m of signature, embed (Padding) information of filling, then when sending signature, can not send message m, and only send signature (r, s); When checking, (r s) recovers message m, utilizes the authenticity and integrity of filling (Padding) Information Authentication signature then to utilize signature.
The function d in step 105 and the function d of step 204 ' must have following character: establishing d function shape is D=d (x, y), from function d can push away y=d ' (x, D), the d function that obtains like this can effectively be hidden cleartext information and random number information in above-mentioned signature and proof procedure; D ' function can recover the cleartext information that obtains hiding in above-mentioned proof procedure.D and d ' can comprise following form:
A) d (m kG) can value be: d (m, kG)=(kG) x=r, then d ' ( r , P ) = r P x - 1 = m , Wherein (kG) xAnd P xRefer to the abscissa of getting a kG and P respectively;
B) d (m kG) can value be: d (m, kG)=m (kG) y=r, then d ' ( r , P ) = r P y - 1 = m , Wherein (kG) xAnd P xRefer to the ordinate of getting a kG and P respectively;
C) d (m kG) can value be: d (m, kG)=m (kG) x=r, then d ' (r, P)=r P x=m, wherein the computing also can use the  computing to replace;
D) d (m kG) can value be: d (m, kG)=m (kG) y=r, then d ' (r, P)=r P y=m, wherein the computing also can use the  computing to replace;
E) d (m kG) can value be: d (m, kG)=(m+ (kG) x) mod N=r, then d ' (r, P)=(r-P x) mod N=m, wherein N is that some G is at the elliptic curve point order of a group;
F) d (m, kG) can value for being that expressly kG is the symmetric cryptography function of key with m, and d ' (r, P) can value for being ciphertext accordingly with r, P is the symmetrical decryption function of key;
G) or the like.
Function f in step 106 and the step 203 0, f 1, g 0, g 1Be the linear function of r,, can get the simple function of the following r in order to obtain higher computational efficiency:
H) function f 0, f 1, g 0, g 1Value is f respectively 0(r)=c 0* r, f 1(r)=c 1, g 0(r)=c 2, g 1(r)=c 0* r, wherein c 0, c 1, c 2Be constant and function f 0, f 1, g 0, g 1Can exchange;
I) function f 0, f 1, g 0, g 1Value is f respectively 0(r)=c 1, f 1(r)=c 2, g 0(r)=c 0* r, g 1(r)=c 3, c wherein 0, c 1, c 2, c 3Be constant and function f 0, f 1, g 0, g 1Can exchange;
J) or the like.
Fig. 3 illustrates signature of the present invention and certifying signature device.When transmit leg A communicated by letter on a communication channel with recipient B, it is right that transmit leg A uses key generating device 340 to generate key: PKI Y AWith private key X A, announce its PKI and system parameters.A uses signature device 320, in conjunction with the signature process of Fig. 1 explanation plaintext m is signed, and expressly m and signature as a result S send to B.
Recipient B receives the expressly m and the S as a result that signs, and obtains the PKI Y of system parameters and A A, use certifying signature device 350, by in conjunction with the checking of Fig. 2 explanation to the signature of plaintext m S as a result, be verified the result.
Above invention has been described in conjunction with most preferred embodiment of the present invention, and those of ordinary skill in the art can do various modifications and change to it under the situation that does not depart from scope of the present invention.

Claims (24)

1. ellipse curve signature and certifying signature method, it is right that wherein transmit leg has oneself key: private key X AWith PKI Y A, and public address system parameter and PKI Y A, transmit leg uses the private key X of oneself APlaintext m is realized digital signature, and plaintext m and signature are sent to the recipient, the recipient can use the PKI Y of transmit leg AVerify that whether transmit leg is legal to the signature of plaintext m, comprises following steps:
Open system parameters of transmit leg and PKI Y thereof AGenerate random number k then, make k drop on the interval [1, n-1], wherein N is the some order of a group of elliptic curve, the basic point G of k and curve is carried out the elliptic curve point multiplication operation, obtain the some kG on the curve, the some kG and the plaintext m that use function d to obtain carry out computing, wherein guarantee to obtain from d the value of k, obtain r=d (m, kG); Function f 0, f 1, g 0, g 1Be all the function of r, use function f 0, f 1, g 0, g 1With random number and private key X ASolving equation f 0(r)+f 1(r) s=k-x A(g 0(r)+g 1(r) s) solve s=(k-x Ag 0(r)-f 0(r)) (f 1(r))-g 1(r) -1, obtain like this (r s) is the signature of transmit leg to plaintext m; (r s) sends to the recipient to transmit leg with its signature with plaintext m;
The recipient receives expressly m and transmit leg, and (r s), at first uses the PKI Y of transmit leg to the signature of m A, elliptic curve basic point G and function f 0, f 1, g 0, g 1Calculate P=(f 0(r)+f 1(r) G+ (g s) 0(r)+g 1(r) Y s) A, use function d ' and calculating m '=d ' (r, P); M ' that calculates and the m that receives are compared, if identical then sign legally, simultaneously m ' recovers the plaintext that obtains from the signature result, if difference then sign illegal;
Wherein above-mentioned function d and function d ' must have following character: establish function d shape and be D=d (x, y), from function d can push away y=d ' (x, D).
2. ellipse curve signature as claimed in claim 1 and certifying signature method, wherein when the length of real messages m is grown than the message-length that can sign, message m can be replaced with the result of Hash function h (m), promptly uses private key that the hash value h (m) of message m is signed; When checking, the Hash of message m elder generation that receives is obtained h (m), re-use h (m) certifying signature.
3. ellipse curve signature as claimed in claim 1 and certifying signature method wherein, if embed filling information in the message m of signature, then can not send message m when sending signature, and only send signature (r, s); When checking, (r s) recovers message m, utilizes the authenticity and integrity of filling information certifying signature then to utilize signature.
4. ellipse curve signature as claimed in claim 1 and certifying signature method, wherein function d and function d ' must have following character: establishing d function shape is D=d (x, y), from function d can push away y=d ' (x, D), the d function that obtains like this can effectively be hidden cleartext information and random number information in above-mentioned signature and proof procedure; D ' function can recover the cleartext information that obtains hiding in above-mentioned proof procedure.
5. ellipse curve signature as claimed in claim 1 and certifying signature method, wherein function d and function d ' be taken as: when d (m, kG) value be d (m, kG)=m (kG) xDuring=r, then d ' ( r , P ) = r P x - 1 = m , Wherein (kG) xAnd P xRefer to the abscissa of getting a kG and P respectively.
6. ellipse curve signature as claimed in claim 1 and certifying signature method, wherein function d and function d ' be taken as: when d (m, kG) value be d (m, kG)=m (kG) yDuring=r, then d ' ( r , P ) = r P y - 1 = m , Wherein (kG) xAnd P xRefer to the ordinate of getting a kG and P respectively.
7. ellipse curve signature as claimed in claim 1 and certifying signature method, wherein function d and function d ' be taken as: when d (m, kG) value be d (m, kG)=m (kG) xDuring=r, then d ' (r, P)=r P x=m, wherein the computing also can use the  computing to replace.
8. ellipse curve signature as claimed in claim 1 and certifying signature method, wherein function d and function d ' be taken as: when d (m, kG) value be d (m, kG)=m (kG) yDuring=r, then d ' (r, P)=r P y=m, wherein the computing also can use the  computing to replace.
9. ellipse curve signature as claimed in claim 1 and certifying signature method, wherein function d and function d ' be taken as: when d (m, kG) value is for being expressly with m, when kG is the symmetric cryptography function of key, and d ' (r, P) can value for being ciphertext accordingly with r, P is the symmetrical decryption function of key.
10. ellipse curve signature as claimed in claim 1 and certifying signature method, wherein function f 0, f 1, g 0, g 1Be the linear function of r.
11. ellipse curve signature as claimed in claim 1 and certifying signature method, wherein function f 0, f 1, g 0, g 1Be taken as: f 0(r)=c 0* r, f 1(r)=c 1, g 0(r)=c 2, g 1(r)=c 0* r, wherein c 0, c 1, c 2Be constant and function f 0, f 1, g 0, g 1Can exchange.
12. ellipse curve signature as claimed in claim 1 and certifying signature method, wherein function f 0, f 1, g 0, g 1Value is f respectively 0(r)=c 1, f 1(r)=c 2, g 0(r)=c 0* r, g 1(r)=c 3, c wherein 0, c 1, c 2, c 3Be constant and function f 0, f 1, g 0, g 1Can exchange.
13. ellipse curve signature and certifying signature system comprise key generating device (340), signature apparatus (320) and certifying signature device (350), and wherein to use described key generating device (340) to generate key right for the transmit leg of this system: private key X AWith PKI Y A, and public address system parameter and PKI Y A, and use described signature device (320) to utilize the private key X of oneself APlaintext m is realized digital signature, and wherein said signature device (320) is carried out:
Open system parameters and PKI Y thereof A, generate random number k then, make k drop on the interval [1, N-1], wherein N is the some order of a group of elliptic curve, and the basic point G of k and curve is carried out the elliptic curve point multiplication operation, obtains the some kG on the curve; Use some kG that function d will obtain and expressly m carry out computing, wherein guarantee from d, to obtain the value of k, obtain r=d (m, kG); Function f 0, f 1, g 0, g 1Be all the function of r, use function f 0, f 1, g 0, g 1With random number and private key X ASolving equation f 0(r)+f 1(r) s=k-X A(g 0(r)+g 1(r) s) solve s=(k-X Ag 0(r)-f 0(r)) (f 1(r))-g 1(r)) -1, obtain like this (r s) is the signature of transmit leg to plaintext m; (r s) sends to the recipient to transmit leg with its signature with plaintext m;
Described certifying signature device (320) is carried out:
(r s), at first uses the PKI Y of transmit leg to the signature of m to receive expressly m and transmit leg A, elliptic curve basic point G and function f 0, f 1, g 0, g 1Calculate P=(g 0(r)+f 1(r) G+ (g s) 0(r)+g 1(r) Y s) A, use function d ' and calculating m '=d ' (r, P); M ' that calculates and the m that receives are compared, if identical then sign legally, simultaneously m ' recovers the plaintext that obtains from the signature result, if difference then sign illegal;
Wherein above-mentioned function d and function d ' must have following character: establish function d shape and be D=d (x, y), from function d can push away y=d ' (x, D).
14. ellipse curve signature and certifying signature system as claim 13, wherein when the length of real messages m is grown than the message-length that can sign, the signature device replaces with the result of Hash function h (m) with message m, promptly uses private key that the hash value h (m) of message m is signed; When checking, the certifying signature device obtains h (m) with the Hash of message m elder generation that receives, and re-uses h (m) certifying signature.
15. as the ellipse curve signature and the certifying signature system of claim 13, wherein,, then when sending signature, can not send message m if in the message m of signature, embed filling information, and only send signature (r, s); When checking, (r s) recovers message m, utilizes the authenticity and integrity of filling information certifying signature then to utilize signature.
16. ellipse curve signature and certifying signature system as claim 13, wherein function d and function d ' must have following character: establishing d function shape is D=d (x, y), from function d can push away y=d ' (x, D), the d function that obtains like this can effectively be hidden cleartext information and random number information in above-mentioned signature and proof procedure; D ' function can recover the cleartext information that obtains hiding in above-mentioned proof procedure.
17. as the ellipse curve signature and the certifying signature system of claim 13, wherein function d and function d ' be taken as: when d (m, kG) value be d (m, kG)=m (kg) xDuring=r, then d ' ( r , P ) = r P x - 1 = m , Wherein (kG) xAnd P xRefer to the abscissa of getting a kG and P respectively.
18. as the ellipse curve signature and the certifying signature system of claim 13, wherein function d and function d ' be taken as: when d (m, kG) value be d (m, kG)=m (kg) yDuring=r, then d ' ( r , P ) = r P y - 1 = m , Wherein (kG) xAnd P xRefer to the ordinate of getting a kG and P respectively.
19. as the ellipse curve signature and the certifying signature system of claim 13, wherein function d and function d ' be taken as: when d (m, kG) value be d (m, kG)=m (kG) xDuring=r, then d ' (r, P)=r P x=m, wherein the computing also can use the  computing to replace.
20. as the ellipse curve signature and the certifying signature system of claim 13, wherein function d and function d ' be taken as: when d (m, kG) value be d (m, kG)=m (kG) yDuring=r, then d ' (r, P)=r P y=m, wherein the computing also can use the  computing to replace.
21. as the ellipse curve signature and the certifying signature system of claim 13, wherein function d and function d ' be taken as: when d (m, kG) value is for being expressly with m, when kG is the symmetric cryptography function of key, and d ' (r, P) can value for being ciphertext accordingly with r, P is the symmetrical decryption function of key.
22. ellipse curve signature and certifying signature system, wherein function f as claim 13 0, f 1, g 0, g 1Be the linear function of r.
23. ellipse curve signature and certifying signature system, wherein function f as claim 13 0, f 1, g 0, g 1Be taken as: f 0(r)=c 0* r, f 1(r)=c 1, g 0(r)=c 2, g 1(r)=c 0* r, wherein c 0, c 1, c 2Be constant and function f 0, f 1, g 0, g 1Can exchange.
24. ellipse curve signature and certifying signature system, wherein function f as claim 13 0, f 1, g 0, g 1Value is f respectively 0(r)=c 1, f 1(r)=c 2, g 0(r)=c 0* r, g 1(r)=c 3, c wherein 0, c 1, c 2, c 3Be constant and function f 0, f 1, g 0, g 1Can exchange.
CNB021547165A 2002-11-29 2002-11-29 Elliptic curve signature and signature verification method and apparatus Expired - Lifetime CN100440776C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB021547165A CN100440776C (en) 2002-11-29 2002-11-29 Elliptic curve signature and signature verification method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB021547165A CN100440776C (en) 2002-11-29 2002-11-29 Elliptic curve signature and signature verification method and apparatus

Publications (2)

Publication Number Publication Date
CN1505313A true CN1505313A (en) 2004-06-16
CN100440776C CN100440776C (en) 2008-12-03

Family

ID=34235561

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB021547165A Expired - Lifetime CN100440776C (en) 2002-11-29 2002-11-29 Elliptic curve signature and signature verification method and apparatus

Country Status (1)

Country Link
CN (1) CN100440776C (en)

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006074611A1 (en) * 2005-01-14 2006-07-20 Xianghao Nan Identifier-based private key generating method and device
CN101079701B (en) * 2006-05-22 2011-02-02 北京华大信安科技有限公司 Highly secure ellipse curve encryption and decryption method and device
CN101547099B (en) * 2009-05-07 2011-08-03 张键红 Elliptical curve-based method and elliptical curve-based device for self-authenticating signature
CN101488958B (en) * 2009-02-20 2011-09-07 东南大学 Large cluster safe real-time communication method executed by using elliptical curve
CN101296075B (en) * 2007-04-29 2012-03-21 四川虹微技术有限公司 Identity authentication system based on elliptic curve
CN102487321A (en) * 2010-12-03 2012-06-06 航天信息股份有限公司 Signcryption method and system
CN101507176B (en) * 2005-07-01 2012-07-04 微软公司 Elliptic curve point multiplication
CN101427500B (en) * 2006-04-24 2013-06-05 摩托罗拉移动公司 Method for elliptic curve public key cryptographic validation
CN104660399A (en) * 2013-11-25 2015-05-27 上海复旦微电子集团股份有限公司 RSA modular exponentiation calculation method and device
CN101385305B (en) * 2006-01-30 2015-08-19 西门子公司 The method and apparatus of Public key is arranged between the first communication equipment and second communication equipment
CN104866779A (en) * 2015-04-07 2015-08-26 福建师范大学 Method and system for controlling life cycle and safe deletion of electronic file
CN106685651A (en) * 2016-12-22 2017-05-17 北京信安世纪科技有限公司 Method for creating digital signatures by cooperation of client and server
CN103701598B (en) * 2013-12-05 2017-07-11 武汉信安珞珈科技有限公司 It is a kind of that endorsement method and digital signature device are checked based on SM2 signature algorithms
CN107257284A (en) * 2016-06-24 2017-10-17 收付宝科技有限公司 A kind of method and apparatus for carrying out virtual card transaction
CN107395370A (en) * 2017-09-05 2017-11-24 深圳奥联信息安全技术有限公司 Digital signature method and device based on mark
CN107612934A (en) * 2017-10-24 2018-01-19 济南浪潮高新科技投资发展有限公司 A kind of block chain mobile terminal computing system and method based on Secret splitting
CN109104712A (en) * 2018-07-17 2018-12-28 葫芦岛智多多科技有限责任公司 A kind of wireless charging encryption system and its encryption method based on NFC function
CN110022210A (en) * 2019-03-28 2019-07-16 思力科(深圳)电子科技有限公司 Signature sign test method, signature end and sign test end based on elliptic curve cipher
CN111125782A (en) * 2019-12-24 2020-05-08 兴唐通信科技有限公司 Method and system for verifying ID of unclonable chip
CN111475856A (en) * 2020-04-03 2020-07-31 数据通信科学技术研究所 Digital signature method and method for verifying digital signature
CN113225190A (en) * 2021-02-08 2021-08-06 数字兵符(福州)科技有限公司 Quantum security digital signature method using new problem
CN113810195A (en) * 2021-06-04 2021-12-17 国网山东省电力公司 Safe transmission method and device for power training simulation examination data
CN114065171A (en) * 2021-11-11 2022-02-18 北京海泰方圆科技股份有限公司 Identity authentication method, device, system, equipment and medium
CN113225190B (en) * 2021-02-08 2024-05-03 数字兵符(福州)科技有限公司 Quantum security digital signature method using new difficult problem

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109889341A (en) * 2019-01-15 2019-06-14 思力科(深圳)电子科技有限公司 Data processing method, electronic tag and radio-frequency card reader

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5271061A (en) * 1991-09-17 1993-12-14 Next Computer, Inc. Method and apparatus for public key exchange in a cryptographic system
US6088798A (en) * 1996-09-27 2000-07-11 Kabushiki Kaisha Toshiba Digital signature method using an elliptic curve, a digital signature system, and a program storage medium having the digital signature method stored therein
CA2233120C (en) * 1997-03-25 2009-08-11 Certicom Corp. Accelerated finite field operations on an elliptic curve
US6263081B1 (en) * 1997-07-17 2001-07-17 Matsushita Electric Industrial Co., Ltd. Elliptic curve calculation apparatus capable of calculating multiples at high speed
EP1038371A4 (en) * 1997-12-05 2002-01-30 Secured Information Technology Transformation methods for optimizing elliptic curve cryptographic computations
JPH11231779A (en) * 1998-02-19 1999-08-27 Nippon Telegr & Teleph Corp <Ntt> Method and device for blind signture using elliptic curve and program recording medium
CN1108041C (en) * 1999-12-01 2003-05-07 陈永川 Digital signature method using elliptic curve encryption algorithm

Cited By (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006074611A1 (en) * 2005-01-14 2006-07-20 Xianghao Nan Identifier-based private key generating method and device
CN101507176B (en) * 2005-07-01 2012-07-04 微软公司 Elliptic curve point multiplication
CN101385305B (en) * 2006-01-30 2015-08-19 西门子公司 The method and apparatus of Public key is arranged between the first communication equipment and second communication equipment
CN101427500B (en) * 2006-04-24 2013-06-05 摩托罗拉移动公司 Method for elliptic curve public key cryptographic validation
CN101079701B (en) * 2006-05-22 2011-02-02 北京华大信安科技有限公司 Highly secure ellipse curve encryption and decryption method and device
CN101296075B (en) * 2007-04-29 2012-03-21 四川虹微技术有限公司 Identity authentication system based on elliptic curve
CN101488958B (en) * 2009-02-20 2011-09-07 东南大学 Large cluster safe real-time communication method executed by using elliptical curve
CN101547099B (en) * 2009-05-07 2011-08-03 张键红 Elliptical curve-based method and elliptical curve-based device for self-authenticating signature
CN102487321A (en) * 2010-12-03 2012-06-06 航天信息股份有限公司 Signcryption method and system
CN102487321B (en) * 2010-12-03 2014-07-02 航天信息股份有限公司 Signcryption method and system
CN104660399A (en) * 2013-11-25 2015-05-27 上海复旦微电子集团股份有限公司 RSA modular exponentiation calculation method and device
CN104660399B (en) * 2013-11-25 2018-02-23 上海复旦微电子集团股份有限公司 A kind of RSA modular exponentiation operation method and device
CN103701598B (en) * 2013-12-05 2017-07-11 武汉信安珞珈科技有限公司 It is a kind of that endorsement method and digital signature device are checked based on SM2 signature algorithms
CN104866779A (en) * 2015-04-07 2015-08-26 福建师范大学 Method and system for controlling life cycle and safe deletion of electronic file
CN104866779B (en) * 2015-04-07 2018-05-11 福建师范大学 It is a kind of to control e-file life cycle and the method and system of safety deleting
CN107257284A (en) * 2016-06-24 2017-10-17 收付宝科技有限公司 A kind of method and apparatus for carrying out virtual card transaction
CN107257284B (en) * 2016-06-24 2020-05-19 收付宝科技有限公司 Method and device for carrying out virtual card transaction
CN106685651A (en) * 2016-12-22 2017-05-17 北京信安世纪科技有限公司 Method for creating digital signatures by cooperation of client and server
CN107395370A (en) * 2017-09-05 2017-11-24 深圳奥联信息安全技术有限公司 Digital signature method and device based on mark
CN107395370B (en) * 2017-09-05 2020-07-14 深圳奥联信息安全技术有限公司 Identification-based digital signature method and device
CN107612934A (en) * 2017-10-24 2018-01-19 济南浪潮高新科技投资发展有限公司 A kind of block chain mobile terminal computing system and method based on Secret splitting
CN109104712A (en) * 2018-07-17 2018-12-28 葫芦岛智多多科技有限责任公司 A kind of wireless charging encryption system and its encryption method based on NFC function
CN109104712B (en) * 2018-07-17 2021-04-30 北京神州安付科技股份有限公司 Wireless recharging encryption system based on NFC function and encryption method thereof
CN110022210A (en) * 2019-03-28 2019-07-16 思力科(深圳)电子科技有限公司 Signature sign test method, signature end and sign test end based on elliptic curve cipher
CN111125782A (en) * 2019-12-24 2020-05-08 兴唐通信科技有限公司 Method and system for verifying ID of unclonable chip
CN111475856A (en) * 2020-04-03 2020-07-31 数据通信科学技术研究所 Digital signature method and method for verifying digital signature
CN111475856B (en) * 2020-04-03 2023-12-22 数据通信科学技术研究所 Digital signature method and method for verifying digital signature
CN113225190A (en) * 2021-02-08 2021-08-06 数字兵符(福州)科技有限公司 Quantum security digital signature method using new problem
CN113225190B (en) * 2021-02-08 2024-05-03 数字兵符(福州)科技有限公司 Quantum security digital signature method using new difficult problem
CN113810195A (en) * 2021-06-04 2021-12-17 国网山东省电力公司 Safe transmission method and device for power training simulation examination data
CN113810195B (en) * 2021-06-04 2023-08-15 国网山东省电力公司 Safe transmission method and device for electric power training simulation assessment data
CN114065171A (en) * 2021-11-11 2022-02-18 北京海泰方圆科技股份有限公司 Identity authentication method, device, system, equipment and medium
CN114065171B (en) * 2021-11-11 2022-07-08 北京海泰方圆科技股份有限公司 Identity authentication method, device, system, equipment and medium

Also Published As

Publication number Publication date
CN100440776C (en) 2008-12-03

Similar Documents

Publication Publication Date Title
CN1505313A (en) Elliptic curve signature and signature verification method and apparatus
AU719462B2 (en) Cyclotomic polynomial construction of discrete logarithm cryptosystems over finite fields
EP1083700B1 (en) Hybrid digital signature scheme
CN1902853A (en) Method and apparatus for verifiable generation of public keys
CN103780385A (en) Blind signature method based on elliptic curve and device thereof
CN101051902A (en) Agent signcryption method and system
CN101079701A (en) Highly secure ellipse curve encryption and decryption method and device
US7904721B2 (en) Digital certificates
WO2006104362A1 (en) Fast batch verification method and apparatus there-of
US20010014153A1 (en) Key validation scheme
CN103780386A (en) Blind signature method based on identity and device thereof
CN100452695C (en) Elliptic curve encryption and decryption method and apparatus
CN1905447A (en) Authentication encryption method and E-mail system
US20080072055A1 (en) Digital signature scheme based on the division algorithm and the discrete logarithm problem
Saho et al. Securing document by digital signature through RSA and elliptic curve cryptosystems
Li et al. Group-oriented (t, n) threshold digital signature schemes with traceable signers
CN1268086C (en) Ring-based signature scheme
Tahat Convertible multi-authenticated encryption scheme with verification based on elliptic curve discrete logarithm problem
EP1025674A1 (en) Signature verification for elgamal schemes
Jain Digital signature
CN1464678A (en) Method for digital signature and authentication based on semi-group discrete logarithm problem
Бессалов et al. Security of modified digital public-key signature EDDSA
CN1481108A (en) Method related to obtainning asymmetry type cipher key from network system
CN1832402A (en) Numberical signature method based on lever function and super-increment sequence
US20040205337A1 (en) Digital message signature and encryption

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CX01 Expiry of patent term
CX01 Expiry of patent term

Granted publication date: 20081203