WO2023159849A1 - Digital signature methods, computer device and medium - Google Patents

Digital signature methods, computer device and medium Download PDF

Info

Publication number
WO2023159849A1
WO2023159849A1 PCT/CN2022/103270 CN2022103270W WO2023159849A1 WO 2023159849 A1 WO2023159849 A1 WO 2023159849A1 CN 2022103270 W CN2022103270 W CN 2022103270W WO 2023159849 A1 WO2023159849 A1 WO 2023159849A1
Authority
WO
WIPO (PCT)
Prior art keywords
digital signature
conjugate
value
conjugate value
subgroup
Prior art date
Application number
PCT/CN2022/103270
Other languages
French (fr)
Chinese (zh)
Inventor
李飞鹏
林汉玲
李敏
王晓峰
Original Assignee
深圳大学
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳大学 filed Critical 深圳大学
Publication of WO2023159849A1 publication Critical patent/WO2023159849A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Definitions

  • This application belongs to the technical field of information security, and in particular relates to a digital signature method, computer equipment and media.
  • Digital signatures can be used to ensure the integrity of information transmission, verify the identity of the sender, and prevent denial of transactions, and are widely used in the field of information security.
  • the existing digital signature method is based on the classic public key cryptographic algorithm to ensure security.
  • the security of classical public-key cryptographic algorithms relies on the difficulty of factorization and discrete logarithm calculations.
  • the quantum computing system will perform the factorization of large integers and the calculation of discrete logarithms in polynomial time, and Google and IBM have respectively declared that their quantum computing systems have been realized or are being realized.
  • the embodiment of the present application provides a digital signature method, computer equipment and media to solve the problem that digital signatures based on existing public key cryptography cannot resist quantum computing attacks.
  • the first aspect of the embodiment of the present application provides a digital signature method, which is applied to the signing party, and the method includes:
  • the index of the braid group is an integer greater than or equal to 6, and the multiplication of the elements of the first subgroup and the second subgroup is not possible exchange;
  • the digital signature is sent to the verifier.
  • the following formula is used to perform a conjugate operation on the private key and the braid group to obtain a first conjugate value:
  • a 1 x ⁇ 1 x -1
  • a 2 x ⁇ 2 x -1
  • a n-1 x ⁇ n-1 x -1 ;
  • ⁇ 1 , ⁇ 2 , ..., ⁇ n-1 are multiple generators of the braid group; x is the private key; a 1 , a 2 , ..., a n-1 are the first common yoke value, n is the exponent.
  • the public key includes a hash function, and according to the second conjugate value and the private key, the following formula is used to calculate the digital signature of the information to be signed:
  • K x(b 1 , b 2 , . . . , b n-1 );
  • b 1 , b 2 ,..., b n-1 is the second conjugate value
  • S is the digital signature
  • H is the hash function
  • m is the information to be signed
  • n is the The exponent
  • means to concatenate the characters m and e together.
  • the second aspect of the embodiment of the present application provides a digital signature method, which is applied to the verifier, and the method includes:
  • the digital signature from the signer is received, the digital signature is verified according to the second conjugate value and the first conjugate value.
  • the calculating the second conjugate value according to the public key of the signing party includes:
  • the public key also includes a braid group and a subgroup, and the index of the braid group is an integer greater than or equal to 6;
  • the following formula is used to perform a conjugate operation on the element and the braid group to obtain a second conjugate value:
  • b 1 y ⁇ 1 y -1
  • b 2 y ⁇ 2 y -1
  • ..., b n-1 y ⁇ n-1 y -1 ;
  • b 1 , b 2 , ..., b n-1 are the second conjugate values; ⁇ 1 , ⁇ 2 , ..., ⁇ n-1 are multiple generators of the braid group; y is the element, n being the index.
  • the verifying the digital signature according to the second conjugate value and the first conjugate value includes:
  • the verification value is equal to the digital signature, the verification of the digital signature is passed.
  • the public key further includes a hash function, and according to the second conjugate value and the first conjugate value, the following formula is used to calculate the verification value corresponding to the digital signature:
  • K' y(a 1 , a 2 ,..., a n-1 );
  • y is the element
  • S' is the verification value
  • H is the hash function
  • m is the information to be signed
  • n is the index
  • indicates that the characters m and e' are connected together.
  • the third aspect of the embodiment of the present application provides a digital signature device, which is applied to the signing party, and the device includes:
  • Subgroup determination module used to determine the first subgroup and the second subgroup from the established braid group, the index of the braid group is an integer greater than or equal to 6, the first subgroup and the second subgroup Multiplication of elements of subgroups is not commutative;
  • a conjugate operation module configured to select any element from the first subgroup as a private key, and perform a conjugate operation on the private key and the braid group to obtain a first conjugate value
  • a public key generating module configured to generate a public key based on the braid group and the first conjugate value
  • a digital signature module configured to calculate the digital signature of the information to be signed according to the second conjugate value and the private key when receiving the second conjugate value sent by the verifier, and the second conjugate value is determined by The verifier calculates and obtains according to the public key;
  • a sending module configured to send the digital signature to the verifier.
  • the following formula is used to perform a conjugate operation on the private key and the braid group to obtain a first conjugate value:
  • a 1 x ⁇ 1 x -1
  • a 2 x ⁇ 2 x -1
  • a n-1 x ⁇ n-1 x -1 ;
  • ⁇ 1 , ⁇ 2 , ..., ⁇ n-1 are multiple generators of the braid group; x is the private key; a 1 , a 2 , ..., a n-1 are the first common yoke value, n is the exponent.
  • the public key includes a hash function, and according to the second conjugate value and the private key, the following formula is used to calculate the digital signature of the information to be signed:
  • K x(b 1 , b 2 , . . . , b n-1 );
  • b 1 , b 2 ,..., b n-1 is the second conjugate value
  • S is the digital signature
  • H is the hash function
  • m is the information to be signed
  • n is the The exponent
  • means to concatenate the characters m and e together.
  • the fourth aspect of the embodiment of the present application provides a digital signature device, which is applied to the verifier, and the device includes:
  • a calculation module configured to calculate a second conjugate value according to the public key of the signer, the public key including the first conjugate value
  • a sending module configured to send the second conjugate value to the signer, where the second conjugate value is used by the signer to calculate a digital signature of the information to be signed;
  • a verification module configured to verify the digital signature according to the second conjugate value and the first conjugate value when receiving the digital signature from the signer.
  • the calculation module includes:
  • the obtaining submodule is used to obtain the public key of the signing party, the public key also includes a braid group and a subgroup, and the index of the braid group is an integer greater than or equal to 6;
  • the calculation submodule is configured to perform a conjugate operation on the element and the braid group to obtain the second conjugate value.
  • the calculation submodule uses the following formula to perform a conjugate operation on the element and the braid group to obtain a second conjugate value:
  • b 1 y ⁇ 1 y -1
  • b 2 y ⁇ 2 y -1
  • ..., b n-1 y ⁇ n-1 y -1 ;
  • b 1 , b 2 , ..., b n-1 are the second conjugate values; ⁇ 1 , ⁇ 2 , ..., ⁇ n-1 are multiple generators of the braid group; y is the element, n being the index.
  • the verification module includes:
  • a verification value calculation submodule configured to calculate a verification value corresponding to the digital signature according to the second conjugate value and the first conjugate value
  • a judging submodule configured to pass the verification of the digital signature if the verification value is equal to the digital signature.
  • the public key further includes a hash function
  • the verification value calculation submodule uses the following formula to calculate the verification value corresponding to the digital signature:
  • K' y(a 1 , a 2 ,..., a n-1 );
  • y is the element
  • S' is the verification value
  • H is the hash function
  • m is the information to be signed
  • n is the index
  • indicates that the characters m and e' are connected together.
  • a fifth aspect of the embodiments of the present application provides a computer device, including a memory, a processor, and a computer program stored in the memory and operable on the processor, when the processor executes the computer program Realize the method described in the first aspect or the second aspect above.
  • the sixth aspect of the embodiments of the present application provides a computer-readable storage medium, the computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, the above-mentioned first or second aspect can be implemented. described method.
  • the seventh aspect of the embodiments of the present application provides a computer program product.
  • the computer program product is run on a computer device, the computer device is made to execute the method described in the first aspect or the second aspect above.
  • the signer determines the first subgroup and the second subgroup from the established braid group; then selects an element from the first subgroup as the private key of the signer, and performs a process on the private key and the braid group Conjugate operation to obtain the first conjugate value; then generate a public key based on the braid group and the first conjugate value; the verifier can obtain the public key of the signer to calculate the second conjugate value based on the public key, and the second The two conjugate values are sent to the signer; when the signer receives the second conjugate value sent by the verifier, he can calculate the digital signature with signature information according to the second conjugate value and private key; then send the digital signature to Verifier, the verifier can verify the digital signature.
  • the first subgroup and the second subgroup are two Mihailova subgroups of the braid group, and the multiplication of the elements of the two subgroups is not interchangeable. Since the membership problem of the Mihailova subgroup is unsolvable, there is no algorithm The private key of the signing party is attacked, so that the digital signature method in this application can resist quantum computing attacks.
  • Fig. 1 is a schematic flow chart of the steps of a digital signature method provided by the embodiment of the present application
  • Fig. 2 is a schematic flow chart of steps of another digital signature method provided by the embodiment of the present application.
  • Fig. 3 is a schematic diagram of a digital signature device provided by an embodiment of the present application.
  • Fig. 4 is a schematic diagram of another digital signature device provided by the embodiment of the present application.
  • Fig. 5 is a schematic diagram of a computer device provided by an embodiment of the present application.
  • Fig. 1 shows a schematic flow chart of steps of a digital signature method provided by the embodiment of the present application.
  • the digital signature method shown in Fig. 1 is applied to the signing party, and may specifically include the following steps:
  • the index of the braid group is an integer greater than or equal to 6, and the elements of the first subgroup and the second subgroup Multiplication is not commutative.
  • the braid group B n can be established first, and the braid group B n is a group defined by the following presentation:
  • the elements of the braid group are represented by the words in the set ⁇ 1 , ⁇ 2 ,..., ⁇ n-1 ⁇ representing the unique normal form of the element.
  • the braid group B n has the following properties: the word representing the elements of B n on the generator set of B n has a unique normal form that can be calculated; the product operation and inverse operation of the group based on the normal form are feasible and computable of.
  • the braid group B n contains a subgroup L i isomorphic to F 2 ⁇ F 2 , that is , two rank- 2 Subgroups of direct product isomorphisms of free groups:
  • the first subgroup and the second subgroup above are two Mihailova subgroups P and Q of the braided group, and the multiplication of the elements in the first subgroup and the second subgroup is not commutative.
  • the signer can select an element from the first subgroup as the private key x, and then perform a conjugate operation on the private key and the braid group to obtain the first conjugate value.
  • the braid group B n , the exponent n, the second subgroup Q and the first conjugate value a 1 , a 2 ,..., a n-1 are used as the public key of the signer, and the public key can be obtained by the verifier.
  • the public key also includes a collision-resistant hash function.
  • the verifier can obtain the public key of the signer, and then calculate the second conjugate value according to the public key of the signer; then the verifier can send the second conjugate value to the signer.
  • the signer When the signer receives the second conjugate value sent by the verifier, it can calculate a digital signature with signature information according to the second conjugate value and the private key.
  • the signer can replace the occurrences of all generators in the private key with the first public value, and then calculate the product of the private key and the first conjugate value; use the private key and the reciprocal to calculate an intermediate value; based on the The intermediate value encrypts the information to be signed.
  • the anti-collision hash function can be used for encryption, and the anti-collision hash function is irreversible, which can guarantee the security of the digital signature in the data communication process.
  • the calculation formula of the digital signature can be:
  • K x(b 1 , b 2 , . . . , b n-1 );
  • b 1 , b 2 ,..., b n-1 is the second conjugate value
  • S is the digital signature
  • H is the anti-collision hash function
  • m is the information to be signed
  • n is the exponent,
  • the signer sends the calculated digital signature to the verifier, and the verifier can confirm the identity of the signer based on the digital signature.
  • the signer uses an element in the Mihailova subgroup as the private key, and the membership problem in the Mihailova subgroup is unsolvable, and the security guarantee of the digital signature algorithm depends on the unsolvability of the corresponding decision problem , so that the digital signature algorithm in this embodiment is resistant to all known attacks including quantum computing attacks.
  • FIG 2 shows a schematic flow chart of another digital signature method provided by the embodiment of the present application.
  • the digital signature method shown in Figure 2 is applied to the verifier, and may specifically include the following steps:
  • the verifier may obtain the public key of the signer, and the public key may include a first conjugate value, and the first conjugate value is calculated by the signer according to the step in S102.
  • the public key also includes a braid group and a subgroup, the index of the braid group is an integer greater than or equal to 6, and the subgroup is a Mihailova subgroup of the braid group, that is, the Mihailova subgroup Q in the above step S101.
  • the verifier can select an element from the subgroup, and then use this element to perform a conjugate operation with the braid group to obtain a second conjugate value.
  • the calculation formula of the second conjugate value can be:
  • b 1 y ⁇ 1 y -1
  • b 2 y ⁇ 2 y -1
  • ..., b n-1 y ⁇ n-1 y -1 ;
  • b 1 , b 2 , ..., b n-1 are the second conjugate values; ⁇ 1 , ⁇ 2 , ..., ⁇ n-1 are multiple generators of the braid group; y is an element, and n is an index.
  • the verifier can send the second conjugate value to the signer, and after receiving the second conjugate value, the signer can use the above steps in S104 to calculate the digital value of the information to be signed sign.
  • the verifier When the verifier receives the digital signature of the signer, it can calculate the verification value corresponding to the digital signature according to the second conjugate value and the first conjugate value; if the verification value is equal to the digital signature, the digital signature verification is passed . If the verification value is not equal to the digital signature, the verification fails.
  • the public key may also include a hash function, and the calculation formula of the verification value may be:
  • K' y(a 1 , a 2 ,..., a n-1 );
  • y is the element
  • S' is the verification value
  • H is the hash function
  • m is the information to be signed
  • n is the index
  • means to connect the characters m and e' together.
  • the verification principle is:
  • the signer determines an element from a Mihailova subgroup of the braid group as a private key
  • the verifier determines an element from another Mihailova subgroup of the braid group to perform the conjugate operation.
  • the private key only needs to be in the hands of the signer, and it can be verified without sending the private key to the verifier, thereby avoiding the theft of the private key during data communication; the security of the digital signature in this embodiment depends on Mihailova The membership problem in the subgroup is unsolvable, so the digital signature method in this embodiment can resist quantum computing attacks and has higher security.
  • the signer and the verifier may reach an agreement in advance, so that the digital signature method in this embodiment is used for identity verification and information completeness verification.
  • the digital signature method in this embodiment may include three processes of key generation, signature and verification.
  • the key generation process can include:
  • the signer selects a braid group B n with index n ⁇ 6 as the public key, whose generators are ⁇ 1 , ⁇ 2 ,..., ⁇ n-1 , and selects an input byte of arbitrary length and a fixed output byte
  • the signer selects two Mihailova subgroups P and Q of B n , and the multiplication of the elements of P and Q is not commutative, and Q is used as the public key.
  • the signing process can include:
  • the verification process can include:
  • means to connect the characters m and e' together). And verify whether S ' S, if the equality is established, then accept the signature, otherwise reject the signature.
  • means to connect the characters m and e' together). And verify whether S ' S, if the equality is established, then accept the signature, otherwise reject the signature.
  • the platform for establishing the digital signature protocol is two Mihailova subgroups P and Q with multiplicative non-commutative elements in a braid group B n and B n with an index of n ⁇ 6, and at the same time, P and Q
  • the subgroup membership problem of is unsolvable.
  • Subgroup membership problem refers to a subgroup H whose generator set is X for a given group G, to determine whether any element g in G can be represented by a word on X, that is, to determine whether g is Elements in H.
  • c is commutative with every ⁇ i multiplication. Since B n is generated by ⁇ 1 , ⁇ 2 , . . . , ⁇ n-1 , c is an element at the center of B n . And the center of B n is the infinite cyclic subgroup ⁇ 2 > generated by ⁇ 2 , where
  • c is an element of ⁇ 2 >.
  • d is also an element of ⁇ 2 >. Since ⁇ 2 > is the center of B n , and ⁇ i 2 ⁇ 2 >, ⁇ i+1 2 ⁇ 2 >, ⁇ i+3 2 ⁇ 2 > and ⁇ i+4 2 ⁇ 2 > generate The subgroups of the quotient group B n / ⁇ 2 > are isomorphic to the subgroups of B n generated by ⁇ i 2 , ⁇ i+1 2 , ⁇ i+3 2 and ⁇ i+4 2 , so that the rank of is 2 free group.
  • This application selects the elements of the Mihailova subgroup of the braid group B n as the key components of its private key through the signing party, and proves that all possible attacks are feasible and incomputable, that is, the digital signature method of the present invention is resistant to including All known attacks against quantum computing.
  • the security guarantee of the established digital signature algorithm depends on the unsolvability of the corresponding decision problem, rather than the computational difficulty of the corresponding decision problem;
  • the classic public key cryptographic algorithm is based on the calculation difficulty, so that the digital signature algorithm of the present invention is resistant to all known attacks including quantum computing attacks.
  • the digital signature method can be used for identity verification.
  • the digital signature method in the application is described below with an example of the digital signature method in the application in the identity verification scenario:
  • the digital signature method in this embodiment can be used to implement Bob's authentication of Alice.
  • Alice and Bob can reach a digital signature agreement according to the method in this embodiment.
  • Alice is the signer
  • Bob is the verifier.
  • the generators of the braid group B n are ⁇ 1 , ⁇ 2 ,..., ⁇ n-1 , and at the same time choose an input byte of any length and output
  • the byte is a collision-resistant hash function H of fixed length k bytes: B n ⁇ 0, 1 ⁇ k , where k is a sufficiently large fixed natural number.
  • Alice's public key is (n, B n , Q, H, a 1 , a 2 ,..., a n-1 ), and her private key is x.
  • Bob can publicly obtain Alice's public key.
  • identity verification When identity verification is to be performed, Alice and Bob can agree to use Alice's unique identification information m for identity verification.
  • Alice can then send the digital signature to Bob when she sends information to Bob.
  • Bob uses the digital signature to determine whether the information comes from Alice, preventing Oscar from masquerading as Alice.
  • the digital signature method can also be used to ensure the integrity of information transmission.
  • the following uses an example of the digital signature method in this application in the identity verification scenario to illustrate the digital signature method in the application:
  • the digital signature method in this embodiment can be used to confirm the integrity of the information.
  • Alice and Bob can reach a digital signature agreement according to the method in this embodiment.
  • Alice is the signer in this application
  • Bob is the verifier in this application.
  • the generators of the braid group B n are ⁇ 1 , ⁇ 2 ,..., ⁇ n-1 , and at the same time choose an input byte of any length and output
  • the byte is a collision-resistant hash function H of fixed length k bytes: B n ⁇ 0, 1 ⁇ k , where k is a sufficiently large fixed natural number.
  • Alice's public key is (n, B n , Q, H, a 1 , a 2 ,..., a n-1 ), and her private key is x.
  • Bob can publicly obtain Alice's public key.
  • a hash function can be used to generate the digest m of the message.
  • Alice sends a message to Bob
  • she can send the digital signature along with the message to Bob.
  • Bob uses the digital signature to determine whether the message has been tampered with.
  • FIG. 3 shows a schematic diagram of a digital signature device provided by the embodiment of the present application.
  • the subgroup determination module 31 is used to determine the first subgroup and the second subgroup from the established braid group, the index of the braid group is an integer greater than or equal to 6, the first subgroup and the second subgroup Multiplication of elements of two subgroups is not commutative;
  • a conjugate operation module 32 configured to select any element from the first subgroup as a private key, and perform a conjugate operation on the private key and the braid group to obtain a first conjugate value
  • a public key generating module 33 configured to generate a public key based on the braid group and the first conjugate value
  • the digital signature module 34 is configured to calculate the digital signature of the information to be signed according to the second conjugated value and the private key when receiving the second conjugated value sent by the verifier, and the second conjugated value calculated by the verifier based on the public key;
  • a sending module 35 configured to send the digital signature to the verifier.
  • the conjugate operation module 32 uses the following formula to perform a conjugate operation on the private key and the braid group to obtain a first conjugate value:
  • a 1 x ⁇ 1 x -1
  • a 2 x ⁇ 2 x -1
  • a n-1 x ⁇ n-1 x -1 ;
  • ⁇ 1 , ⁇ 2 , ..., ⁇ n-1 are multiple generators of the braid group; x is the private key; a 1 , a 2 , ..., a n-1 are the first common yoke value, n is the exponent.
  • the public key includes a hash function
  • the digital signature module 34 uses the following formula to calculate the digital signature of the information to be signed:
  • K x(b 1 , b 2 , . . . , b n-1 );
  • b 1 , b 2 ,..., b n-1 is the second conjugate value
  • S is the digital signature
  • H is the hash function
  • m is the information to be signed
  • n is the The exponent
  • means to concatenate the characters m and e together.
  • FIG. 4 shows a schematic diagram of another digital signature device provided by the embodiment of the present application.
  • a calculation module 41 configured to calculate a second conjugate value according to the public key of the signer, where the public key includes the first conjugate value;
  • a sending module 42 configured to send the second conjugate value to the signer, where the second conjugate value is used by the signer to calculate a digital signature of the information to be signed;
  • the verification module 43 is configured to verify the digital signature according to the second conjugate value and the first conjugate value when receiving the digital signature from the signer.
  • the calculation module 41 includes:
  • the obtaining submodule is used to obtain the public key of the signing party, the public key also includes a braid group and a subgroup, and the index of the braid group is an integer greater than or equal to 6;
  • the calculation submodule is configured to perform a conjugate operation on the element and the braid group to obtain the second conjugate value.
  • the calculation submodule uses the following formula to perform a conjugate operation on the element and the braid group to obtain a second conjugate value:
  • b 1 y ⁇ 1 y -1
  • b 2 y ⁇ 2 y -1
  • ..., b n-1 y ⁇ n-1 y -1 ;
  • b 1 , b 2 , ..., b n-1 are the second conjugate values; ⁇ 1 , ⁇ 2 , ..., ⁇ n-1 are multiple generators of the braid group; y is the element, n being the index.
  • the above verification module 43 includes:
  • a verification value calculation submodule configured to calculate a verification value corresponding to the digital signature according to the second conjugate value and the first conjugate value
  • a judging submodule configured to pass the verification of the digital signature if the verification value is equal to the digital signature.
  • the public key further includes a hash function
  • the verification value calculation submodule uses the following formula to calculate the verification value corresponding to the digital signature:
  • K' y(a 1 , a 2 ,..., a n-1 );
  • y is the element
  • S' is the verification value
  • H is the hash function
  • m is the information to be signed
  • n is the index
  • indicates that the characters m and e' are connected together.
  • the description is relatively simple, and for related details, please refer to the description of the method embodiment.
  • FIG. 5 is a schematic structural diagram of a computer device provided by an embodiment of the present application.
  • the computer device 5 of this embodiment includes: at least one processor 50 (only one is shown in Figure 5), a processor, a memory 51, and a processor that is stored in the memory 51 and can be processed in the at least one processor.
  • a computer program 52 running on the processor 50 when the processor 50 executes the computer program 52, implements the steps in any of the above-mentioned method embodiments.
  • the computer device 5 may be computing devices such as desktop computers, notebooks, palmtop computers, and cloud servers.
  • the computer device may include, but is not limited to, a processor 50 and a memory 51 .
  • Fig. 5 is only an example of the computer device 5, and does not constitute a limitation to the computer device 5, and may include more or less components than those shown in the figure, or combine certain components, or different components , for example, may also include input and output devices, network access devices, and so on.
  • the so-called processor 50 can be a central processing unit (Central Processing Unit, CPU), and the processor 50 can also be other general processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit) , ASIC), off-the-shelf programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • a general-purpose processor may be a microprocessor, or the processor may be any conventional processor, or the like.
  • the storage 51 may be an internal storage unit of the computer device 5 in some embodiments, such as a hard disk or memory of the computer device 5 .
  • the memory 51 can also be an external storage device of the computer device 5 in other embodiments, such as a plug-in hard disk equipped on the computer device 5, a smart memory card (Smart Media Card, SMC), a secure digital (Secure Digital, SD) card, flash memory card (Flash Card), etc.
  • the memory 51 may also include both an internal storage unit of the computer device 5 and an external storage device.
  • the memory 51 is used to store operating system, application program, boot loader (BootLoader), data and other programs, such as the program code of the computer program.
  • the memory 51 can also be used to temporarily store data that has been output or will be output.
  • the embodiment of the present application also provides a computer-readable storage medium, the computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, the steps in each of the foregoing method embodiments can be realized.
  • An embodiment of the present application provides a computer program product.
  • the computer program product When the computer program product is run on a computer device, the computer device can implement the steps in the foregoing method embodiments when executed.

Abstract

The embodiments of the present application belong to the technical field of information security, and provide digital signature methods, a computer device and a medium. The method comprises: determining a first subgroup and a second subgroup from an established braid group, an index of the braid group being an integer greater than or equal to 6, and multiplication of elements of the first subgroup and the second subgroup being not commutative; selecting from the first subgroup a first element as a private key, and performing conjugate operation on the private key and the braid group to obtain a first conjugate value; generating a public key on the basis of the braid group and the first conjugate value; when a second conjugate value sent by a verifier is received, calculating a digital signature of information to be signed according to the second conjugate value and the private key, the second conjugate value being calculated by the verifier according to the public key; and sending the digital signature to the verifier. Digital signatures using the above method are resistant to quantum computing attacks and are more secure.

Description

一种数字签名方法、计算机设备及介质A digital signature method, computer equipment and medium
本申请申明享有2022年02月25日在中国专利局递交的、申请号为202210182974.0、发明名称为“一种数字签名方法、计算机设备及介质”的中国专利申请的优先权,该中国专利申请的整体内容以参考的方式结合在本申请中。This application declares to enjoy the priority of the Chinese patent application with the application number 202210182974.0 and the title of the invention "a digital signature method, computer equipment and medium" submitted at the China Patent Office on February 25, 2022. The Chinese patent application The entire content is incorporated by reference in this application.
技术领域technical field
本申请属于信息安全技术领域,特别是涉及一种数字签名方法、计算机设备及介质。This application belongs to the technical field of information security, and in particular relates to a digital signature method, computer equipment and media.
背景技术Background technique
数字签名可以用于保证信息传输的完整性、进行发送者的身份验证以及防止交易中的抵赖发生,在信息安全领域的应用十分广泛。Digital signatures can be used to ensure the integrity of information transmission, verify the identity of the sender, and prevent denial of transactions, and are widely used in the field of information security.
现有的数字签名方法是基于经典公钥密码算法来保障安全性的。经典公钥密码算法的安全性依托于因数分解和离散对数的计算难度大。但是量子计算系统将在多项式时间内进行大整数的因数分解和离散对数的计算,而Google和IBM已分别宣称其设计的量子计算系统已经实现或正在实现。这意示着基于RSA,ECC,E1Gamal建立的公钥密码协议将不再安全。因此,需要能够抗量子计算的数字签名算法。The existing digital signature method is based on the classic public key cryptographic algorithm to ensure security. The security of classical public-key cryptographic algorithms relies on the difficulty of factorization and discrete logarithm calculations. However, the quantum computing system will perform the factorization of large integers and the calculation of discrete logarithms in polynomial time, and Google and IBM have respectively declared that their quantum computing systems have been realized or are being realized. This means that public key cryptographic protocols based on RSA, ECC, and E1Gamal will no longer be safe. Therefore, digital signature algorithms that can resist quantum computing are needed.
技术问题technical problem
有鉴于此,本申请实施例提供了一种数字签名方法、计算机设备及介质,用以解决基于现有公钥密码的数字签名不能抗量子计算攻击的问题。In view of this, the embodiment of the present application provides a digital signature method, computer equipment and media to solve the problem that digital signatures based on existing public key cryptography cannot resist quantum computing attacks.
技术解决方案technical solution
为解决上述技术问题,本申请实施例采用的技术方案是:In order to solve the above-mentioned technical problems, the technical solution adopted in the embodiment of the present application is:
本申请实施例的第一方面提供了一种数字签名方法,应用于签名方,所述方法包括:The first aspect of the embodiment of the present application provides a digital signature method, which is applied to the signing party, and the method includes:
从已建立的辫群中确定第一子群和第二子群,所述辫群的指数为大于或等于6的整数,所述第一子群和所述第二子群的元素的乘法不可交换;Determine the first subgroup and the second subgroup from the established braid group, the index of the braid group is an integer greater than or equal to 6, and the multiplication of the elements of the first subgroup and the second subgroup is not possible exchange;
从所述第一子群中选取任一元素作为私钥,并对所述私钥和所述辫群进行共轭运算,得到第一共轭值;selecting any element from the first subgroup as a private key, and performing a conjugate operation on the private key and the braid group to obtain a first conjugate value;
基于所述辫群和所述第一共轭值生成公钥;generating a public key based on the braid group and the first conjugate value;
当接收到验证方发送的第二共轭值时,根据所述第二共轭值和所述私钥,计算待签名信息的数字签名,所述第二共轭值由所述验证方根据所述公钥计算得到;When receiving the second conjugate value sent by the verifier, calculate the digital signature of the information to be signed according to the second conjugate value and the private key, and the second conjugate value is determined by the verifier according to the The above public key is calculated;
将所述数字签名发送至所述验证方。The digital signature is sent to the verifier.
在一个实施例中,采用如下公式对所述私钥和所述辫群进行共轭运算,得到第一共轭值:In one embodiment, the following formula is used to perform a conjugate operation on the private key and the braid group to obtain a first conjugate value:
a 1=xσ 1x -1,a 2=xσ 2x -1,…,a n-1=xσ n-1x -1a 1 = xσ 1 x -1 , a 2 = xσ 2 x -1 , ..., a n-1 = xσ n-1 x -1 ;
其中,σ 1,σ 2,…,σ n-1为所述辫群的多个生成元;x为所述私钥;a 1,a 2,…,a n-1为所述第一共轭值,n为所述指数。 Among them, σ 1 , σ 2 , ..., σ n-1 are multiple generators of the braid group; x is the private key; a 1 , a 2 , ..., a n-1 are the first common yoke value, n is the exponent.
在一个实施例中,所述公钥包括哈希函数,根据所述第二共轭值和所述私钥,采用如下公式计算待签名信息的数字签名:In one embodiment, the public key includes a hash function, and according to the second conjugate value and the private key, the following formula is used to calculate the digital signature of the information to be signed:
K=x(b 1,b 2,…,b n-1); K=x(b 1 , b 2 , . . . , b n-1 );
e=x -1K; e=x - 1K;
S=H(m||e);S=H(m||e);
其中,b 1,b 2,…,b n-1为所述第二共轭值;S为所述数字签名,H为所述哈希函数,m为所述待签名信息,n为所述指数,||表示将字符m和e连接一起。 Wherein, b 1 , b 2 ,..., b n-1 is the second conjugate value; S is the digital signature, H is the hash function, m is the information to be signed, and n is the The exponent, || means to concatenate the characters m and e together.
本申请实施例的第二方面提供了一种数字签名方法,应用于验证方,所述方法包括:The second aspect of the embodiment of the present application provides a digital signature method, which is applied to the verifier, and the method includes:
根据签名方的公钥计算第二共轭值,所述公钥包括第一共轭值;calculating a second conjugate value based on the signer's public key, the public key comprising the first conjugate value;
将所述第二共轭值发送至所述签名方,所述第二共轭值用于所述签名方计算待签名信息的数字签名;sending the second conjugate value to the signer, where the second conjugate value is used by the signer to calculate a digital signature of the information to be signed;
当接收到来自所述签名方的所述数字签名时,根据所述第二共轭值和所述第一共轭值,对所述数字签名进行验证。When the digital signature from the signer is received, the digital signature is verified according to the second conjugate value and the first conjugate value.
在一个实施例中,所述根据签名方的公钥计算第二共轭值,包括:In one embodiment, the calculating the second conjugate value according to the public key of the signing party includes:
获取签名方的公钥,所述公钥还包括辫群和子群,所述辫群的指数为大于或等于6的整数;Obtain the public key of the signing party, the public key also includes a braid group and a subgroup, and the index of the braid group is an integer greater than or equal to 6;
从所述子群中选取任一元素;selecting any element from said subgroup;
对所述元素和所述辫群进行共轭运算,得到所述第二共轭值。performing a conjugate operation on the element and the braid group to obtain the second conjugate value.
在一个实施例中,采用如下公式,对所述元素和所述辫群进行共轭运算,得到第二共轭值:In one embodiment, the following formula is used to perform a conjugate operation on the element and the braid group to obtain a second conjugate value:
b 1=yσ 1y -1,b 2=yσ 2y -1,…,b n-1=yσ n-1y -1b 1 =yσ 1 y -1 , b 2 =yσ 2 y -1 , ..., b n-1 = yσ n-1 y -1 ;
其中,b 1,b 2,…,b n-1为所述第二共轭值;σ 1,σ 2,…,σ n-1为所述辫群的多个生成元;y为所述元素,n为所述指数。 Wherein, b 1 , b 2 , ..., b n-1 are the second conjugate values; σ 1 , σ 2 , ..., σ n-1 are multiple generators of the braid group; y is the element, n being the index.
在一个实施例中,所述根据所述第二共轭值和所述第一共轭值,对所述数字签名进行验证,包括:In one embodiment, the verifying the digital signature according to the second conjugate value and the first conjugate value includes:
根据所述第二共轭值和所述第一共轭值,计算所述数字签名对应的验证值;calculating a verification value corresponding to the digital signature according to the second conjugate value and the first conjugate value;
若所述验证值等于所述数字签名,则所述数字签名验证通过。If the verification value is equal to the digital signature, the verification of the digital signature is passed.
在一个实施例中,所述公钥还包括哈希函数,根据所述第二共轭值和所述第一共轭值, 采用如下公式计算所述数字签名对应的验证值:In one embodiment, the public key further includes a hash function, and according to the second conjugate value and the first conjugate value, the following formula is used to calculate the verification value corresponding to the digital signature:
K’=y(a 1,a 2,…,a n-1); K'=y(a 1 , a 2 ,..., a n-1 );
e’=(y -1K’) -1e'=(y -1 K') -1 ;
S’=H(m||e’);S'=H(m||e');
其中,y为所述元素,S’为所述验证值,H为所述哈希函数,m为所述待签名信息,n为所述指数,||表示将字符m和e’连接一起。Wherein, y is the element, S' is the verification value, H is the hash function, m is the information to be signed, n is the index, and || indicates that the characters m and e' are connected together.
本申请实施例的第三方面提供了一种数字签名装置,应用于签名方,所述装置包括:The third aspect of the embodiment of the present application provides a digital signature device, which is applied to the signing party, and the device includes:
子群确定模块,用于从已建立的辫群中确定第一子群和第二子群,所述辫群的指数为大于或等于6的整数,所述第一子群和所述第二子群的元素的乘法不可交换;Subgroup determination module, used to determine the first subgroup and the second subgroup from the established braid group, the index of the braid group is an integer greater than or equal to 6, the first subgroup and the second subgroup Multiplication of elements of subgroups is not commutative;
共轭运算模块,用于从所述第一子群中选取任一元素作为私钥,并对所述私钥和所述辫群进行共轭运算,得到第一共轭值;A conjugate operation module, configured to select any element from the first subgroup as a private key, and perform a conjugate operation on the private key and the braid group to obtain a first conjugate value;
公钥生成模块,用于基于所述辫群和所述第一共轭值生成公钥;A public key generating module, configured to generate a public key based on the braid group and the first conjugate value;
数字签名模块,用于当接收到验证方发送的第二共轭值时,根据所述第二共轭值和所述私钥,计算待签名信息的数字签名,所述第二共轭值由所述验证方根据所述公钥计算得到;A digital signature module, configured to calculate the digital signature of the information to be signed according to the second conjugate value and the private key when receiving the second conjugate value sent by the verifier, and the second conjugate value is determined by The verifier calculates and obtains according to the public key;
发送模块,用于将所述数字签名发送至所述验证方。A sending module, configured to send the digital signature to the verifier.
在一个实施例中,采用如下公式对所述私钥和所述辫群进行共轭运算,得到第一共轭值:In one embodiment, the following formula is used to perform a conjugate operation on the private key and the braid group to obtain a first conjugate value:
a 1=xσ 1x -1,a 2=xσ 2x -1,…,a n-1=xσ n-1x -1a 1 = xσ 1 x -1 , a 2 = xσ 2 x -1 , ..., a n-1 = xσ n-1 x -1 ;
其中,σ 1,σ 2,…,σ n-1为所述辫群的多个生成元;x为所述私钥;a 1,a 2,…,a n-1为所述第一共轭值,n为所述指数。 Among them, σ 1 , σ 2 , ..., σ n-1 are multiple generators of the braid group; x is the private key; a 1 , a 2 , ..., a n-1 are the first common yoke value, n is the exponent.
在一个实施例中,所述公钥包括哈希函数,根据所述第二共轭值和所述私钥,采用如下公式计算待签名信息的数字签名:In one embodiment, the public key includes a hash function, and according to the second conjugate value and the private key, the following formula is used to calculate the digital signature of the information to be signed:
K=x(b 1,b 2,…,b n-1); K=x(b 1 , b 2 , . . . , b n-1 );
e=x -1K; e=x - 1K;
S=H(m||e);S=H(m||e);
其中,b 1,b 2,…,b n-1为所述第二共轭值;S为所述数字签名,H为所述哈希函数,m为所述待签名信息,n为所述指数,||表示将字符m和e连接一起。 Wherein, b 1 , b 2 ,..., b n-1 is the second conjugate value; S is the digital signature, H is the hash function, m is the information to be signed, and n is the The exponent, || means to concatenate the characters m and e together.
本申请实施例的第四方面提供了一种数字签名装置,应用于验证方,所述装置包括:The fourth aspect of the embodiment of the present application provides a digital signature device, which is applied to the verifier, and the device includes:
计算模块,用于根据签名方的公钥计算第二共轭值,所述公钥包括第一共轭值;a calculation module, configured to calculate a second conjugate value according to the public key of the signer, the public key including the first conjugate value;
发送模块,用于将所述第二共轭值发送至所述签名方,所述第二共轭值用于所述签名 方计算待签名信息的数字签名;A sending module, configured to send the second conjugate value to the signer, where the second conjugate value is used by the signer to calculate a digital signature of the information to be signed;
验证模块,用于当接收到来自所述签名方的所述数字签名时,根据所述第二共轭值和所述第一共轭值,对所述数字签名进行验证。A verification module, configured to verify the digital signature according to the second conjugate value and the first conjugate value when receiving the digital signature from the signer.
在一个实施例中,所述计算模块,包括:In one embodiment, the calculation module includes:
获取子模块,用于获取签名方的公钥,所述公钥还包括辫群和子群,所述辫群的指数为大于或等于6的整数;The obtaining submodule is used to obtain the public key of the signing party, the public key also includes a braid group and a subgroup, and the index of the braid group is an integer greater than or equal to 6;
选取子模块,用于从所述子群中选取任一元素;selecting a sub-module for selecting any element from said subgroup;
计算子模块,用于对所述元素和所述辫群进行共轭运算,得到所述第二共轭值。The calculation submodule is configured to perform a conjugate operation on the element and the braid group to obtain the second conjugate value.
在一个实施例中,所述计算子模块采用如下公式,对所述元素和所述辫群进行共轭运算,得到第二共轭值:In one embodiment, the calculation submodule uses the following formula to perform a conjugate operation on the element and the braid group to obtain a second conjugate value:
b 1=yσ 1y -1,b 2=yσ 2y -1,…,b n-1=yσ n-1y -1b 1 =yσ 1 y -1 , b 2 =yσ 2 y -1 , ..., b n-1 = yσ n-1 y -1 ;
其中,b 1,b 2,…,b n-1为所述第二共轭值;σ 1,σ 2,…,σ n-1为所述辫群的多个生成元;y为所述元素,n为所述指数。 Wherein, b 1 , b 2 , ..., b n-1 are the second conjugate values; σ 1 , σ 2 , ..., σ n-1 are multiple generators of the braid group; y is the element, n being the index.
在一个实施例中,所述验证模块包括:In one embodiment, the verification module includes:
验证值计算子模块,用于根据所述第二共轭值和所述第一共轭值,计算所述数字签名对应的验证值;A verification value calculation submodule, configured to calculate a verification value corresponding to the digital signature according to the second conjugate value and the first conjugate value;
判断子模块,用于若所述验证值等于所述数字签名,则所述数字签名验证通过。A judging submodule, configured to pass the verification of the digital signature if the verification value is equal to the digital signature.
在一个实施例中,所述公钥还包括哈希函数,所述验证值计算子模块采用如下公式计算所述数字签名对应的验证值:In one embodiment, the public key further includes a hash function, and the verification value calculation submodule uses the following formula to calculate the verification value corresponding to the digital signature:
K’=y(a 1,a 2,…,a n-1); K'=y(a 1 , a 2 ,..., a n-1 );
e’=(y -1K’) -1e'=(y -1 K') -1 ;
S’=H(m||e’);S'=H(m||e');
其中,y为所述元素,S’为所述验证值,H为所述哈希函数,m为所述待签名信息,n为所述指数,||表示将字符m和e’连接一起。Wherein, y is the element, S' is the verification value, H is the hash function, m is the information to be signed, n is the index, and || indicates that the characters m and e' are connected together.
本申请实施例的第五方面提供了一种计算机设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现如上述第一方面或第二方面所述的方法。A fifth aspect of the embodiments of the present application provides a computer device, including a memory, a processor, and a computer program stored in the memory and operable on the processor, when the processor executes the computer program Realize the method described in the first aspect or the second aspect above.
本申请实施例的第六方面提供了一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,所述计算机程序被处理器执行时实现如上述第一方面或第二方面所述的方法。The sixth aspect of the embodiments of the present application provides a computer-readable storage medium, the computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, the above-mentioned first or second aspect can be implemented. described method.
本申请实施例的第七方面提供了一种计算机程序产品,当所述计算机程序产品在计算 机设备上运行时,使得所述计算机设备执行上述第一方面或第二方面所述的方法。The seventh aspect of the embodiments of the present application provides a computer program product. When the computer program product is run on a computer device, the computer device is made to execute the method described in the first aspect or the second aspect above.
有益效果Beneficial effect
本申请实施例,签名方从已建立的辫群中确定第一子群和第二子群;然后从第一子群中选取一个元素作为签名方的私钥,并对私钥和辫群进行共轭运算,得到第一共轭值;再基于辫群和第一共轭值生成公钥;验证方可以获取到签名方的公钥从而基于公钥计算得到第二共轭值,并将第二共轭值发送至签名方;签名方在接收到验证方发送的第二共轭值时,可以根据第二共轭值和私钥,计算带签名信息的数字签名;然后将数字签名发送至验证方,验证方可以对数字签名进行验证。本实施例中的方案,第一子群和第二子群是辫群的两个Mihailova子群,两个子群的元素的乘法不可交换,由于Mihailova子群的成员问题是不可解的,故无算法对签名方的私钥进行攻击,从而使得本申请中的数字签名方法能够抗量子计算攻击。In the embodiment of the present application, the signer determines the first subgroup and the second subgroup from the established braid group; then selects an element from the first subgroup as the private key of the signer, and performs a process on the private key and the braid group Conjugate operation to obtain the first conjugate value; then generate a public key based on the braid group and the first conjugate value; the verifier can obtain the public key of the signer to calculate the second conjugate value based on the public key, and the second The two conjugate values are sent to the signer; when the signer receives the second conjugate value sent by the verifier, he can calculate the digital signature with signature information according to the second conjugate value and private key; then send the digital signature to Verifier, the verifier can verify the digital signature. In the scheme in this embodiment, the first subgroup and the second subgroup are two Mihailova subgroups of the braid group, and the multiplication of the elements of the two subgroups is not interchangeable. Since the membership problem of the Mihailova subgroup is unsolvable, there is no algorithm The private key of the signing party is attacked, so that the digital signature method in this application can resist quantum computing attacks.
附图说明Description of drawings
为了更清楚地说明本申请实施例中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单的介绍。In order to illustrate the technical solutions in the embodiments of the present application more clearly, the following briefly introduces the drawings required for the embodiments or the description of the prior art.
图1是本申请实施例提供的一种数字签名方法的步骤流程示意图;Fig. 1 is a schematic flow chart of the steps of a digital signature method provided by the embodiment of the present application;
图2是本申请实施例提供的另一种数字签名方法的步骤流程示意图;Fig. 2 is a schematic flow chart of steps of another digital signature method provided by the embodiment of the present application;
图3是本申请实施例提供的一种数字签名装置的示意图;Fig. 3 is a schematic diagram of a digital signature device provided by an embodiment of the present application;
图4是本申请实施例提供的另一种数字签名装置的示意图;Fig. 4 is a schematic diagram of another digital signature device provided by the embodiment of the present application;
图5是本申请实施例提供的一种计算机设备的示意图。Fig. 5 is a schematic diagram of a computer device provided by an embodiment of the present application.
本发明的实施方式Embodiments of the present invention
为了更清楚地说明本申请实施例中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单的介绍。In order to illustrate the technical solutions in the embodiments of the present application more clearly, the following briefly introduces the drawings required for the embodiments or the description of the prior art.
参照图1,示出了本申请实施例提供的一种数字签名方法的步骤流程示意图,图1所示的数字签名方法应用于签名方,具体可以包括如下步骤:Referring to Fig. 1, it shows a schematic flow chart of steps of a digital signature method provided by the embodiment of the present application. The digital signature method shown in Fig. 1 is applied to the signing party, and may specifically include the following steps:
S101,从已建立的辫群中确定第一子群和第二子群,所述辫群的指数为大于或等于6的整数,所述第一子群和所述第二子群的元素的乘法不可交换。S101, determine the first subgroup and the second subgroup from the established braid group, the index of the braid group is an integer greater than or equal to 6, and the elements of the first subgroup and the second subgroup Multiplication is not commutative.
具体地,可以先建立辫群B n,辫群B n由如下呈示所定义的群: Specifically, the braid group B n can be established first, and the braid group B n is a group defined by the following presentation:
B n=<σ 1,σ 2,…,σ n-1iσ j=σ jσ i,|i-j|≥2,σ iσ i+1σ i=σ i+1σ iσ i+1,1≤i≤n-2> B n =<σ 1 , σ 2 ,..., σ n-1i σ j= σ j σ i , |ij|≥2, σ i σ i+1 σ ii+1 σ i σ i +1 , 1≤i≤n-2>
辫群的元素均以集合{σ 1,σ 2,…,σ n-1}上代表该元素的具有唯一性的正规形式的字表示。辫群B n具有如下性质:于B n的生成元集合上的代表B n的元素的字具有可计算的唯一的正规形式;基于正规形式的群的乘积运算和求逆运算是能行可计算的。 The elements of the braid group are represented by the words in the set {σ 1 , σ 2 ,..., σ n-1 } representing the unique normal form of the element. The braid group B n has the following properties: the word representing the elements of B n on the generator set of B n has a unique normal form that can be calculated; the product operation and inverse operation of the group based on the normal form are feasible and computable of.
辫群B n含有与F 2×F 2同构的子群L i,即由σ i 2,σ i+1 2,σ i+3 2,σ i+4 2生成的两个秩为2的自由群的直积同构的子群: The braid group B n contains a subgroup L i isomorphic to F 2 ×F 2 , that is , two rank- 2 Subgroups of direct product isomorphisms of free groups:
L i=<σ i 2,σ i+1 2,σ i+3 2,σ i+4 2>,i=1,2,..,n-5 L i =<σ i 2 , σ i+1 2 , σ i+3 2 , σ i+4 2 >, i=1, 2, .., n-5
再由两个元素生成的其字问题不可解的有限呈示群H,构造L i的一个Mihailova子群M i(参看参考文献[3])。下方即为M i的56个生成元: Then construct a Mihailova subgroup M i of L i from the finite presentation group H whose word problem is unsolvable generated by two elements (see reference [3]). Below are the 56 generators of Mi :
σ i 2σ i+3 2,σ i+1 2σ i+4 2,S ij,T ij,j=1,2,…,27 σ i 2 σ i+3 2 , σ i+1 2 σ i+4 2 , S ij , T ij , j=1, 2,..., 27
而27个S 1j为(把所有的σ 1换为σ i,σ 2换为σ i+1,即得所有的S ij;把所有的σ 1换为σ i+3,σ 2换为σ i+4,即得所有的T ij): And the 27 S 1j are (replace all σ 1 with σ i , σ 2 with σ i+1 , then get all S ij ; replace all σ 1 with σ i+3 , and σ 2 with σ i+4 , that is, all T ij ):
Figure PCTCN2022103270-appb-000001
Figure PCTCN2022103270-appb-000001
Figure PCTCN2022103270-appb-000002
Figure PCTCN2022103270-appb-000002
Figure PCTCN2022103270-appb-000003
Figure PCTCN2022103270-appb-000003
Figure PCTCN2022103270-appb-000004
Figure PCTCN2022103270-appb-000004
Figure PCTCN2022103270-appb-000005
Figure PCTCN2022103270-appb-000005
Figure PCTCN2022103270-appb-000006
Figure PCTCN2022103270-appb-000006
Figure PCTCN2022103270-appb-000007
Figure PCTCN2022103270-appb-000007
Figure PCTCN2022103270-appb-000008
Figure PCTCN2022103270-appb-000008
Figure PCTCN2022103270-appb-000009
Figure PCTCN2022103270-appb-000009
Figure PCTCN2022103270-appb-000010
Figure PCTCN2022103270-appb-000010
Figure PCTCN2022103270-appb-000011
Figure PCTCN2022103270-appb-000011
Figure PCTCN2022103270-appb-000012
Figure PCTCN2022103270-appb-000012
Figure PCTCN2022103270-appb-000013
Figure PCTCN2022103270-appb-000013
Figure PCTCN2022103270-appb-000014
Figure PCTCN2022103270-appb-000014
Figure PCTCN2022103270-appb-000015
Figure PCTCN2022103270-appb-000015
Figure PCTCN2022103270-appb-000016
Figure PCTCN2022103270-appb-000016
Figure PCTCN2022103270-appb-000017
Figure PCTCN2022103270-appb-000017
Figure PCTCN2022103270-appb-000018
Figure PCTCN2022103270-appb-000018
Figure PCTCN2022103270-appb-000019
Figure PCTCN2022103270-appb-000019
Figure PCTCN2022103270-appb-000020
Figure PCTCN2022103270-appb-000020
Figure PCTCN2022103270-appb-000021
Figure PCTCN2022103270-appb-000021
Figure PCTCN2022103270-appb-000022
Figure PCTCN2022103270-appb-000022
Figure PCTCN2022103270-appb-000023
Figure PCTCN2022103270-appb-000023
Figure PCTCN2022103270-appb-000024
Figure PCTCN2022103270-appb-000024
Figure PCTCN2022103270-appb-000025
Figure PCTCN2022103270-appb-000025
Figure PCTCN2022103270-appb-000026
Figure PCTCN2022103270-appb-000026
Figure PCTCN2022103270-appb-000027
Figure PCTCN2022103270-appb-000027
所有Mihailova子群M i(i=1,2,..,n-5)的成员问题是不可解的。 The membership problems of all Mihailova subgroups M i (i=1, 2, . . . , n-5) are unsolvable.
上述第一子群和第二子群,为辫群的两个Mihailova子群P和Q,第一子群和第二子群中的元素的乘法不可交换。The first subgroup and the second subgroup above are two Mihailova subgroups P and Q of the braided group, and the multiplication of the elements in the first subgroup and the second subgroup is not commutative.
S102,从所述第一子群中选取任一元素作为私钥,并对所述私钥和所述辫群进行共轭运算,得到第一共轭值。S102. Select any element from the first subgroup as a private key, and perform a conjugate operation on the private key and the braid group to obtain a first conjugate value.
具体地,签名方可以从第一子群中选取一个元素作为私钥x,然后对私钥和辫群进行共轭运算,得到第一共轭值。Specifically, the signer can select an element from the first subgroup as the private key x, and then perform a conjugate operation on the private key and the braid group to obtain the first conjugate value.
具体地,第一共轭值的计算公式为:a 1=xσ 1x -1,a 2=xσ 2x -1,…,a n-1=xσ n-1x -1,(a 1,a 2,…,a n-1),其中1,2,…,n 1为辫群的多个生成元;x为私钥;a1,a2,…,an-1为第一共轭值,n为指数。 Specifically, the calculation formula of the first conjugate value is: a 1 =xσ 1 x -1 , a 2 =xσ 2 x -1 ,..., a n-1 =xσ n-1 x -1 , (a 1 , a 2 ,…, a n-1 ), where 1, 2,…, n 1 are multiple generators of the braid group; x is the private key; a1, a2,…, an-1 is the first conjugate value, n is an exponent.
S103,基于所述辫群和所述第一共轭值生成公钥。S103. Generate a public key based on the braid group and the first conjugate value.
将辫群B n、指数n、第二子群Q和第一共轭值a 1,a 2,…,a n-1作为签名方的公钥,公钥可以被验证方获取到。 The braid group B n , the exponent n, the second subgroup Q and the first conjugate value a 1 , a 2 ,..., a n-1 are used as the public key of the signer, and the public key can be obtained by the verifier.
在一种可能的实现方式中,公钥中还包括抗碰撞哈希函数。In a possible implementation manner, the public key also includes a collision-resistant hash function.
S104,当接收到验证方发送的第二共轭值时,根据所述第二共轭值和所述私钥,计算待签名信息的数字签名,所述第二共轭值由所述验证方根据所述公钥计算得到。S104. When receiving the second conjugate value sent by the verifier, calculate the digital signature of the information to be signed according to the second conjugate value and the private key, and the second conjugate value is determined by the verifier Calculated based on the public key.
验证方可以获取到签名方的公钥,然后根据签名方的公钥计算得到第二共轭值;之后验证方可以将第二共轭值发送至签名方。The verifier can obtain the public key of the signer, and then calculate the second conjugate value according to the public key of the signer; then the verifier can send the second conjugate value to the signer.
签名方接收到验证方发送的第二共轭值时,可以根据第二共轭值和私钥,计算带签名信息的数字签名。When the signer receives the second conjugate value sent by the verifier, it can calculate a digital signature with signature information according to the second conjugate value and the private key.
具体地,签名方可以将私钥中所有生成元的出现分贝替换为第一公责之,然后计算私钥与第一共轭值的乘积;在采用私钥和倒数计算一个中间值;基于该中间值对待签名信息进行加密。可以采用抗碰撞哈希函数进行加密,抗碰撞哈希函数具有不可逆性,可以保障数字签名在数据通信过程中的安全。Specifically, the signer can replace the occurrences of all generators in the private key with the first public value, and then calculate the product of the private key and the first conjugate value; use the private key and the reciprocal to calculate an intermediate value; based on the The intermediate value encrypts the information to be signed. The anti-collision hash function can be used for encryption, and the anti-collision hash function is irreversible, which can guarantee the security of the digital signature in the data communication process.
具体地,数字签名的计算公式可以为:Specifically, the calculation formula of the digital signature can be:
K=x(b 1,b 2,…,b n-1); K=x(b 1 , b 2 , . . . , b n-1 );
e=x -1K; e=x - 1K;
S=H(m||e);S=H(m||e);
其中,b 1,b 2,…,b n-1为第二共轭值;S为数字签名,H为抗碰撞哈希函数,m为待签名信息,n为指数,||表示将字符m和e连接一起。 Among them, b 1 , b 2 ,..., b n-1 is the second conjugate value; S is the digital signature, H is the anti-collision hash function, m is the information to be signed, n is the exponent, || Connect with e.
S105,将所述数字签名发送至所述验证方。S105. Send the digital signature to the verifier.
签名方将计算得到的数字签名发送至验证方,验证方可以根据数字签名确认签名方的身份。The signer sends the calculated digital signature to the verifier, and the verifier can confirm the identity of the signer based on the digital signature.
在本申请实施例中,签名方采用了Mihailova子群中的一个元素作为私钥,而Mihailova子群中的成员问题是不可解的,数字签名算法的安全保障是依赖于对应的判定问题的不可解性,从而使得本实施例中的数字签名算法是抗包括量子量计算攻击的所有已知攻击。In the embodiment of this application, the signer uses an element in the Mihailova subgroup as the private key, and the membership problem in the Mihailova subgroup is unsolvable, and the security guarantee of the digital signature algorithm depends on the unsolvability of the corresponding decision problem , so that the digital signature algorithm in this embodiment is resistant to all known attacks including quantum computing attacks.
参照图2,示出了本申请实施例提供的另一种数字签名方法的步骤流程示意图,图2所示的数字签名方法应用于验证方,具体可以包括如下步骤:Referring to Figure 2, it shows a schematic flow chart of another digital signature method provided by the embodiment of the present application. The digital signature method shown in Figure 2 is applied to the verifier, and may specifically include the following steps:
S201,根据签名方的公钥计算第二共轭值,所述公钥包括第一共轭值。S201. Calculate a second conjugate value according to the public key of the signer, where the public key includes the first conjugate value.
具体地,验证方可以获取到签名方的公钥,公钥可以包括第一共轭值,第一共轭值是签名方按照S102中的步骤所计算出来的。Specifically, the verifier may obtain the public key of the signer, and the public key may include a first conjugate value, and the first conjugate value is calculated by the signer according to the step in S102.
公钥中还包括辫群和子群,辫群的指数为大于或等于6的整数,子群是辫群的一个Mihailova子群,也就是上述步骤S101步骤中的Mihailova子群Q。The public key also includes a braid group and a subgroup, the index of the braid group is an integer greater than or equal to 6, and the subgroup is a Mihailova subgroup of the braid group, that is, the Mihailova subgroup Q in the above step S101.
验证方可以从子群中选取一个元素,然后采用该元素与辫群进行共轭运算,得到第二共轭值。第二共轭值的计算公式可以为:The verifier can select an element from the subgroup, and then use this element to perform a conjugate operation with the braid group to obtain a second conjugate value. The calculation formula of the second conjugate value can be:
b 1=yσ 1y -1,b 2=yσ 2y -1,…,b n-1=yσ n-1y -1b 1 =yσ 1 y -1 , b 2 =yσ 2 y -1 , ..., b n-1 = yσ n-1 y -1 ;
其中,b 1,b 2,…,b n-1为第二共轭值;σ 1,σ 2,…,σ n-1为辫群的多个生成元;y为元素,n为指数。 Wherein, b 1 , b 2 , ..., b n-1 are the second conjugate values; σ 1 , σ 2 , ..., σ n-1 are multiple generators of the braid group; y is an element, and n is an index.
S202,将所述第二共轭值发送至所述签名方,所述第二共轭值用于所述签名方计算待签名信息的数字签名。S202. Send the second conjugate value to the signer, where the second conjugate value is used by the signer to calculate a digital signature of the information to be signed.
具体地,当需要对签名方进行验证时,验证方可以将第二共轭值发送至签名方,签名方接收到第二共轭值后,可以采用上述S104中的步骤计算待签名信息的数字签名。Specifically, when the signer needs to be verified, the verifier can send the second conjugate value to the signer, and after receiving the second conjugate value, the signer can use the above steps in S104 to calculate the digital value of the information to be signed sign.
S203,当接收到来自所述签名方的所述数字签名时,根据所述第二共轭值和所述第一共轭值,对所述数字签名进行验证。S203. When receiving the digital signature from the signer, verify the digital signature according to the second conjugate value and the first conjugate value.
当验证方接收到签名方的数字签名时,可以根据所述第二共轭值和所述第一共轭值,计算数字签名对应的验证值;若验证值等于数字签名,则数字签名验证通过。若验证值不等于数字签名,则验证不通过。When the verifier receives the digital signature of the signer, it can calculate the verification value corresponding to the digital signature according to the second conjugate value and the first conjugate value; if the verification value is equal to the digital signature, the digital signature verification is passed . If the verification value is not equal to the digital signature, the verification fails.
具体地,公钥中还可以包括哈希函数,验证值的计算公式可以为:Specifically, the public key may also include a hash function, and the calculation formula of the verification value may be:
K’=y(a 1,a 2,…,a n-1); K'=y(a 1 , a 2 ,..., a n-1 );
e’=(y -1K’) -1e'=(y -1 K') -1 ;
S’=H(m||e’);S'=H(m||e');
其中,y为元素,S’为验证值,H为哈希函数,m为待签名信息,n为指数,||表示将字符m和e’连接一起。Among them, y is the element, S' is the verification value, H is the hash function, m is the information to be signed, n is the index, and || means to connect the characters m and e' together.
验证原理为:The verification principle is:
e=x -1K e=x - 1K
=x -1x(b 1,b 2,…,b n-1) =x -1 x(b 1 , b 2 , . . . , b n-1 )
=x -1x(y -1σ 1y,y -1σ 2y,…,y -1σ n-1y) = x -1 x(y -1 σ 1 y, y -1 σ 2 y, ..., y -1 σ n-1 y)
=x -1y -1x(σ 1,σ 2,…,σ n-1)y = x -1 y -1 x(σ 12 ,...,σ n-1 )y
=x -1y -1xy = x -1 y -1 xy
e’=(y -1K’) -1 e'=(y -1 K') -1
=(y -1y(a 1,a 2,…,a n-1)) -1 =(y -1 y(a 1 , a 2 ,..., a n-1 )) -1
=(y -1y(x -1σ 1x,x -1σ 2x,…,x -1σ n-1x)) -1 =(y -1 y(x -1 σ 1 x,x -1 σ 2 x,...,x -1 σ n-1 x)) -1
=(y -1x -1y(σ 1,σ 2,…,σ n-1)x) -1 =(y -1 x -1 y(σ 12 ,...,σ n-1 )x) -1
=(y -1x -1yx) -1=x -1y -1xy =(y -1 x -1 yx) -1 =x -1 y -1 xy
所以S’=H(m||e’)=H(m||e)=SSo S'=H(m||e')=H(m||e)=S
在本申请实施例中,签名方从辫群的一个Mihailova子群中确定一个元素作为私钥,验 证方从辫群的另一个Mihailova子群中确定一个元素进行共轭运算。私钥只需要掌握在签名方手中,不需要将私钥发送至验证方即可进行验证,从而避免了私钥在数据通信过程中被窃取;本实施例中的数字签名的安全性依赖于Mihailova子群中的成员问题是不可解的,因此本实施例中的数字签名方法可以抵抗量子计算攻击,安全性更高。In the embodiment of this application, the signer determines an element from a Mihailova subgroup of the braid group as a private key, and the verifier determines an element from another Mihailova subgroup of the braid group to perform the conjugate operation. The private key only needs to be in the hands of the signer, and it can be verified without sending the private key to the verifier, thereby avoiding the theft of the private key during data communication; the security of the digital signature in this embodiment depends on Mihailova The membership problem in the subgroup is unsolvable, so the digital signature method in this embodiment can resist quantum computing attacks and has higher security.
需要说明的是,上述实施例中各步骤的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本申请实施例的实施过程构成任何限定。It should be noted that the sequence numbers of the steps in the above embodiments do not mean the order of execution, the execution order of each process should be determined by its functions and internal logic, and should not constitute any limited.
为了便于理解,下面以一个完整的示例对本申请提供的数字签名方法进行介绍。For ease of understanding, a complete example is used below to introduce the digital signature method provided by this application.
在本实施例中,签名方和验证方可以预先达成协议,从而采用本实施例中数字签名方式进行身份验证和信息完成性验证。本实施例中数字签名方法可以包括密钥生成、签名和验证三个过程。In this embodiment, the signer and the verifier may reach an agreement in advance, so that the digital signature method in this embodiment is used for identity verification and information completeness verification. The digital signature method in this embodiment may include three processes of key generation, signature and verification.
密钥生成过程可以包括:The key generation process can include:
签名方选取一个指数为n≥6的辫群B n作为公钥,其生成元为σ 1,σ 2,…,σ n-1,同时选取一个输入字节为任意长而输出字节为固定长度k字节的抗碰撞哈希函数H:B n→{0,1} k,其中k是一个足够大的固定的自然数。 The signer selects a braid group B n with index n≥6 as the public key, whose generators are σ 1 , σ 2 ,..., σ n-1 , and selects an input byte of arbitrary length and a fixed output byte A collision-resistant hash function H of length k bytes: B n → {0, 1} k , where k is a sufficiently large fixed natural number.
签名方选取B n的2个Mihailova子群P和Q,且满足P和Q的元素的乘法不可交换,其中Q作为公钥。 The signer selects two Mihailova subgroups P and Q of B n , and the multiplication of the elements of P and Q is not commutative, and Q is used as the public key.
签名方从Mihailova子群P中选取一个元素x作为其私钥,记为x=x(σ 1,σ 2,…,σ n-1),并计算a 1=xσ 1x -1,a 2=xσ 2x -1,…,a n-1=xσ n-1x -1,(a 1,a 2,…,a n-1)作为其公钥;签名方的公钥为(n,B n,Q,H,a 1,a 2,…,a n-1),私钥为x。 The signer selects an element x from the Mihailova subgroup P as its private key, denoted as x=x(σ 12 ,…,σ n-1 ), and calculates a 1 =xσ 1 x -1 , a 2 =xσ 2 x -1 ,..., a n-1 =xσ n-1 x -1 , (a 1 , a 2 ,..., a n-1 ) as its public key; the public key of the signer is (n, B n , Q, H, a 1 , a 2 ,..., a n-1 ), the private key is x.
签名过程可以包括:The signing process can include:
验证方选取从签名方公布的公钥Q选取一个元素y,记为y=y(σ 1,σ 2,…,σ n-1),并计算b 1=yσ 1y -1,b 2=yσ 2y -1,…,b n-1=yσ n-1y -1,并将(b 1,b 2,…,b n-1)发送给签名方。 The verifier selects an element y from the public key Q published by the signer, denoted as y=y(σ 1 , σ 2 ,…,σ n-1 ), and calculates b 1 =yσ 1 y -1 , b 2 = yσ 2 y -1 , ..., b n-1 = yσ n-1 y -1 , and send (b 1 , b 2 , ..., b n-1 ) to the signer.
收到验证方的(b 1,b 2,…,b n-1),签名方将私钥x中所有σ i的出现分别替换为b i(i=1,2,…,n-1),并计算x(b 1,b 2,…,b n-1),记为K。进一步利用私钥计算e=x -1K,再进一步计算S=H(m||e)(其中||表示将字符m和e连接一起)。m为待签名信息,签名方对m的签名为S。 After receiving (b 1 , b 2 , ..., b n-1 ) from the verifier, the signer replaces all occurrences of σ i in the private key x with b i (i=1, 2, ..., n-1) , and calculate x(b 1 , b 2 ,..., b n-1 ), denoted as K. Further use the private key to calculate e=x -1 K, and further calculate S=H(m||e) (where || means to connect characters m and e together). m is the information to be signed, and the signer's signature on m is S.
验证过程可以包括:The verification process can include:
验证方获取签名方公布的公钥(a 1,a 2,…,a n-1),然后将之前选取的y中所有σ i的出现替换为a i,i=1,…,n-1,并计算得到y(a 1,a 2,…,a n-1),记为K’,进一步计算e’=(y -1K’) -1, 再进一步计算S =H(m||e’)(其中||表示将字符m和e’连接一起)。并验证是否S =S,如果等式成立,则接受签名,否则拒绝签名。 The verifier obtains the public key (a 1 , a 2 , ..., a n-1 ) announced by the signer, and then replaces all occurrences of σ i in the previously selected y with a i , i=1, ..., n-1 , and calculate y(a 1 , a 2 ,..., a n-1 ), denote it as K', further calculate e'=(y -1 K') -1 , and further calculate S ' = H(m| |e') (where || means to connect the characters m and e' together). And verify whether S ' = S, if the equality is established, then accept the signature, otherwise reject the signature.
验证方获取签名方公布的公钥(a 1,a 2,…,a n-1),然后将步骤(4)中的y中所有σ i的出现替换为a i,i=1,…,n-1,并计算得到y(a 1,a 2,…,a n-1),记为K’,进一步计算e’=(y -1K’) -1,再进一步计算S =H(m||e’)(其中||表示将字符m和e’连接一起)。并验证是否S =S,如果等式成立,则接受签名,否则拒绝签名。 The verifier obtains the public key (a 1 , a 2 , ..., a n-1 ) announced by the signer, and then replaces all occurrences of σ i in y in step (4) with a i , i=1, ..., n-1, and calculate y(a 1 , a 2 ,..., a n-1 ), denote it as K', further calculate e'=(y -1 K') -1 , and further calculate S ' = H (m||e') (where || means to connect the characters m and e' together). And verify whether S ' = S, if the equality is established, then accept the signature, otherwise reject the signature.
在本申请实施例中,建立数字签名协议的平台是一个指数为n≥6的辫群B n和B n中两个具有元素的乘法不可交换的Mihailova子群P和Q,同时使得P和Q的子群成员问题是不可解的。 In the embodiment of this application, the platform for establishing the digital signature protocol is two Mihailova subgroups P and Q with multiplicative non-commutative elements in a braid group B n and B n with an index of n≥6, and at the same time, P and Q The subgroup membership problem of is unsolvable.
子群成员问题(membership problem or generalized word problem)是指给定群G的一个其生成元集为X的子群H,判定G中任意元素g是否可由X上的字代表,即判定g是否为H中元素。Subgroup membership problem (membership problem or generalized word problem) refers to a subgroup H whose generator set is X for a given group G, to determine whether any element g in G can be represented by a word on X, that is, to determine whether g is Elements in H.
假若第三方试图攻击本协议,她只能通过协议双方的公开信息{σ 1,σ 2,…,σ n-1},{n,B n,Q,H,a 1,a 2,…,a n-1}(a i=x -1σ ix,i=1,…,n-1)以及通过信道获得的{b 1,b 2,…,b n-1}(b i=y -1σ iy,i=1,…,n-1)实施攻击。如果她能得到B n的元素s和t使得 If a third party tries to attack this protocol, she can only use the public information {σ 1 , σ 2 ,…,σ n-1 }, {n, B n , Q, H, a 1 , a 2 ,…, a n-1 }(a i =x -1 σ i x, i=1,…,n-1) and {b 1 ,b 2 ,…,b n-1 }(b i =y -1 σ i y, i=1,...,n-1) to implement the attack. If she can get the elements s and t of B n such that
s -1σ is=y -1σ iy,t -1σ it=x -1σ ix,i=1,2,…,n-1, s -1 σ i s=y -1 σ i y,t -1 σ i t=x -1 σ i x,i=1,2,...,n-1,
令s=cy,t=dx(其中c,d为B n的某个元素),那么有 Make s=cy, t=dx (wherein c, d are some element of B n ), then have
s -1σ is=(cy) -1σ icy=y -1c -1σ icy=y -1σ iy,i=1,2,…,n-1 s -1 σ i s = (cy) -1 σ i cy = y -1 c -1 σ i cy = y -1 σ i y, i = 1, 2, ..., n-1
从而有thus have
c -1σ ic=σ i,i=1,2,…,n-1 c -1 σ i c = σ i , i = 1, 2, ..., n-1
即c与每一个σ i乘法可交换。由于B n由σ 1,σ 2,…,σ n-1所生成,c是B n中心的元素。而B n的中心是由Δ 2所生成的无限循环子群<Δ 2>,其中 That is, c is commutative with every σ i multiplication. Since B n is generated by σ 1 , σ 2 , . . . , σ n-1 , c is an element at the center of B n . And the center of B n is the infinite cyclic subgroup <Δ 2 > generated by Δ 2 , where
Δ=σ 1σ 2…σ n-1σ 1σ 2…σ n-2…σ 1σ 2σ 3σ 1σ 2σ 1 Δ=σ 1 σ 2 ...σ n-1 σ 1 σ 2 ...σ n-2 ...σ 1 σ 2 σ 3 σ 1 σ 2 σ 1
从而c是<Δ 2>的元素。同理,d也是<Δ 2>的元素。由于<Δ 2>是B n的中心,而σ i 22>,σ i+1 22>,σ i+3 22>和σ i+4 22>生成的商群B n/<Δ 2>的子群与σ i 2,σ i+1 2,σ i+3 2和σ i+4 2生成B n的子群同构,从而也是的秩为2的自由群。故子商群(M i2>)/<Δ 2>也是商群B n/<Δ 2>的Mihailova子群。故(M i2>)/<Δ 2>的子群成员问题也是不可解的。从而攻击者如果能获得B n的元素s和t使得 Thus c is an element of <Δ 2 >. Similarly, d is also an element of <Δ 2 >. Since <Δ 2 > is the center of B n , and σ i 22 >, σ i+1 22 >, σ i+3 22 > and σ i+4 22 > generate The subgroups of the quotient group B n /<Δ 2 > are isomorphic to the subgroups of B n generated by σ i 2 , σ i+1 2 , σ i+3 2 and σ i+4 2 , so that the rank of is 2 free group. So the sub-quotient group (M i2 >)/<Δ 2 > is also a Mihailova subgroup of the quotient group B n /<Δ 2 >. Therefore, the subgroup membership problem of (M i2 >)/<Δ 2 > is also unsolvable. Therefore, if the attacker can obtain the elements s and t of B n such that
s -1σ is=y -1σ iy,t -1σ it=x -1σ it,i=1,2,…,n-1, s -1 σ i s=y -1 σ i y,t -1 σ i t=x -1 σ i t,i=1,2,...,n-1,
那么s=cy,t=dx,c,d∈<Δ 2>,故在商群B n/<Δ 2>中有s<Δ 2>=y<Δ 2>和t<Δ 2>=x<Δ 2>。即 攻击者在商群B n/<Δ 2>中必须找到Mihailova子群(M i2>)/<Δ 2>中元素y<Δ 2>和x<Δ 2>。由于(M i2>)/<Δ 2>的子群成员问题是不可解的,故不存在算法使得攻击者能成功获得y<Δ 2>和x<Δ 2>,从而也不存在算法使得攻击者能成功获得所需的s和t。 Then s=cy, t=dx, c, d∈<Δ 2 >, so in the quotient group B n /<Δ 2 >, there are s<Δ 2 >=y<Δ 2 > and t<Δ 2 >=x <Δ 2 >. That is, the attacker must find the elements y<Δ 2 > and x<Δ 2 > in the Mihailova subgroup (M i2 >)/<Δ 2 > in the quotient group B n /<Δ 2 >. Since the subgroup membership problem of (M i2 >)/<Δ 2 > is unsolvable, there is no algorithm that allows the attacker to successfully obtain y<Δ 2 > and x<Δ 2 >, so there is no algorithm So that the attacker can successfully obtain the required s and t.
本申请通过签名方选取了辫群B n的Mihailova子群的元素作为其私钥的关键成分,并且证明了所有可能的攻击均是能行不可计算的,即本发明的数字签名方法是抗包括量子计算攻击的所有已知攻击。 This application selects the elements of the Mihailova subgroup of the braid group B n as the key components of its private key through the signing party, and proves that all possible attacks are feasible and incomputable, that is, the digital signature method of the present invention is resistant to including All known attacks against quantum computing.
与现有技术相比,具有以下优点:所建立的数字签名算法的安全保障是依赖于对应的判定问题的不可解性,而不是对应的判定问题的计算困难性;经典公钥密码算法是基于计算的困难性,从而本发明的数字签名算法是抗包括量子计算攻击的所有已知攻击。Compared with the existing technology, it has the following advantages: the security guarantee of the established digital signature algorithm depends on the unsolvability of the corresponding decision problem, rather than the computational difficulty of the corresponding decision problem; the classic public key cryptographic algorithm is based on the calculation difficulty, so that the digital signature algorithm of the present invention is resistant to all known attacks including quantum computing attacks.
数字签名方法可以用于进行身份验证,下面以对本申请中的数字签名方法在身份验证场景下的实例对申请中的数字签名方法进行说明:The digital signature method can be used for identity verification. The digital signature method in the application is described below with an example of the digital signature method in the application in the identity verification scenario:
Alice要向Bob发送信息,为了防止Oscar伪装成Alice向Bob发送信息,此时可以通过本实施例中的数字签名方法来实现Bob对Alice的身份验证。Alice wants to send information to Bob. In order to prevent Oscar from pretending to be Alice and sending information to Bob, the digital signature method in this embodiment can be used to implement Bob's authentication of Alice.
首先,Alice和Bob可以按照本实施例中的方法达成数字签名协议,此时Alice为签名方,Bob为验证方。First, Alice and Bob can reach a digital signature agreement according to the method in this embodiment. At this time, Alice is the signer, and Bob is the verifier.
Alice可以选取一个指数为n≥6的辫群B n作为公钥,辫群B n的生成元为σ 1,σ 2,…,σ n-1,同时选取一个输入字节为任意长而输出字节为固定长度k字节的抗碰撞哈希函数H:B n→{0,1} k,其中k是一个足够大的固定的自然数。 Alice can choose a braid group B n whose index is n≥6 as the public key. The generators of the braid group B n are σ 1 , σ 2 ,..., σ n-1 , and at the same time choose an input byte of any length and output The byte is a collision-resistant hash function H of fixed length k bytes: B n →{0, 1} k , where k is a sufficiently large fixed natural number.
Alice选取B n的2个Mihailova子群P和Q,且满足P和Q的元素的乘法不可交换。 Alice selects two Mihailova subgroups P and Q of B n , and the multiplication of elements satisfying P and Q is not commutative.
Alice从Mihailova子群P中选取一个元素x作为其私钥,记为x=x(σ 1,σ 2,…,σ n-1),并计算a 1=xσ 1x -1,a 2=xσ 2x -1,…,a n-1=xσ n-1x -1,(a 1,a 2,…,a n-1)。 Alice selects an element x from the Mihailova subgroup P as its private key, denoted as x=x(σ 12 ,…,σ n-1 ), and calculates a 1 =xσ 1 x -1 , a 2 = xσ 2 x -1 , . . . , a n-1 = xσ n-1 x -1 , (a 1 , a 2 , . . . , a n-1 ).
Alice的公钥为(n,B n,Q,H,a 1,a 2,…,a n-1),私钥为x。Bob可以公开获取到Alice的公钥。 Alice's public key is (n, B n , Q, H, a 1 , a 2 ,..., a n-1 ), and her private key is x. Bob can publicly obtain Alice's public key.
在要进行身份验证时,Alice和Bob可以约定采用Alice的一个唯一标识信息m进行身份验证。When identity verification is to be performed, Alice and Bob can agree to use Alice's unique identification information m for identity verification.
Bob从Alice公布的公钥Q中选取一个元素y,记为y=y(σ 1,σ 2,…,σ n-1),并计算b 1=yσ 1y -1,b 2=yσ 2y -1,…,b n-1=yσ n-1y -1,并将(b 1,b 2,…,b n-1)发送给Alice。 Bob selects an element y from the public key Q published by Alice, denoted as y=y(σ 12 ,…,σ n-1 ), and calculates b 1 =yσ 1 y -1 , b 2 =yσ 2 y -1 , ..., b n-1 = yσ n-1 y -1 , and send (b 1 , b 2 , ..., b n-1 ) to Alice.
收到Bob的(b 1,b 2,…,b n-1)后,Alice将私钥x中所有σ i的出现分别替换为b i(i=1,2,…,n-1),并计算x(b 1,b 2,…,b n-1),记为K。进一步利用私钥计算e=x -1K,再进一步计算S=H(m||e)(其中||表示将字符m和e连接一起)。Alice对m的签名为S。 After receiving Bob's (b 1 , b 2 , ..., b n-1 ), Alice replaces all occurrences of σ i in the private key x with b i (i=1, 2, ..., n-1), And calculate x(b 1 , b 2 , . . . , b n-1 ), denoted as K. Further use the private key to calculate e=x -1 K, and further calculate S=H(m||e) (where || means to connect characters m and e together). Alice's signature on m is S.
然后Alice在向Bob发送信息时,可以将该数字签名发送给Bob。Bob通过该数字签名 确定信息是否来源于Alice,避免Oscar伪装成Alice。Alice can then send the digital signature to Bob when she sends information to Bob. Bob uses the digital signature to determine whether the information comes from Alice, preventing Oscar from masquerading as Alice.
Bob在接收到Alice的信息后,可以获取到携带的数字签名。然后将之前选取的y中所有σ i的出现替换为a i,i=1,…,n-1,并计算得到y(a 1,a 2,…,a n-1),记为K’,进一步计算e’=(y -1K’) -1,再进一步计算S =H(m||e’)(其中||表示将字符m和e’连接一起)。Bob验证是否S =S,如果等式成立,则表明该信息确实来自Alice,否则该信息并不是由Alice发送的。 After Bob receives Alice's information, he can obtain the digital signature carried. Then replace all occurrences of σ i in the previously selected y with a i , i=1,...,n-1, and calculate y(a 1 , a 2 ,...,a n-1 ), denoted as K' , and further calculate e'=(y -1 K') -1 , and further calculate S ' =H(m||e') (where || means connecting characters m and e' together). Bob verifies whether S ' = S, and if the equality holds, it indicates that the information is indeed from Alice, otherwise the information is not sent by Alice.
数字签名方法还可以用于保证信息传输的完整性,下面以对本申请中的数字签名方法在身份验证场景下的实例对申请中的数字签名方法进行说明:The digital signature method can also be used to ensure the integrity of information transmission. The following uses an example of the digital signature method in this application in the identity verification scenario to illustrate the digital signature method in the application:
Alice要向Bob发送信息,为了防止Oscar篡改Alice向Bob发送的信息,此时可以通过本实施例中的数字签名方法来实现信息完整性确认。Alice wants to send information to Bob. In order to prevent Oscar from tampering with the information Alice sent to Bob, the digital signature method in this embodiment can be used to confirm the integrity of the information.
首先,Alice和Bob可以按照本实施例中的方法达成数字签名协议,此时Alice为本申请中的签名方,Bob为本申请中的验证方。First, Alice and Bob can reach a digital signature agreement according to the method in this embodiment. At this time, Alice is the signer in this application, and Bob is the verifier in this application.
Alice可以选取一个指数为n≥6的辫群B n作为公钥,辫群B n的生成元为σ 1,σ 2,…,σ n-1,同时选取一个输入字节为任意长而输出字节为固定长度k字节的抗碰撞哈希函数H:B n→{0,1} k,其中k是一个足够大的固定的自然数。 Alice can choose a braid group B n whose index is n≥6 as the public key. The generators of the braid group B n are σ 1 , σ 2 ,..., σ n-1 , and at the same time choose an input byte of any length and output The byte is a collision-resistant hash function H of fixed length k bytes: B n →{0, 1} k , where k is a sufficiently large fixed natural number.
Alice选取B n的2个Mihailova子群P和Q,且满足P和Q的元素的乘法不可交换。 Alice selects two Mihailova subgroups P and Q of B n , and the multiplication of elements satisfying P and Q is not commutative.
Alice从Mihailova子群P中选取一个元素x作为其私钥,记为x=x(σ 1,σ 2,…,σ n-1),并计算a 1=xσ 1x -1,a 2=xσ 2x -1,…,a n-1=xσ n-1x -1,(a 1,a 2,…,a n-1)。 Alice selects an element x from the Mihailova subgroup P as its private key, denoted as x=x(σ 12 ,…,σ n-1 ), and calculates a 1 =xσ 1 x -1 , a 2 = xσ 2 x -1 , . . . , a n-1 = xσ n-1 x -1 , (a 1 , a 2 , . . . , a n-1 ).
Alice的公钥为(n,B n,Q,H,a 1,a 2,…,a n-1),私钥为x。Bob可以公开获取到Alice的公钥。 Alice's public key is (n, B n , Q, H, a 1 , a 2 ,..., a n-1 ), and her private key is x. Bob can publicly obtain Alice's public key.
Alice向Bob发送报文时,可以对采用哈希函数生成该报文的摘要m。When Alice sends a message to Bob, a hash function can be used to generate the digest m of the message.
Bob从Alice公布的公钥Q中选取一个元素y,记为y=y(σ 1,σ 2,…,σ n-1),并计算b 1=yσ 1y -1,b 2=yσ 2y -1,…,b n-1=yσ n-1y -1,并将(b 1,b 2,…,b n-1)发送给Alice。 Bob selects an element y from the public key Q published by Alice, denoted as y=y(σ 12 ,…,σ n-1 ), and calculates b 1 =yσ 1 y -1 , b 2 =yσ 2 y -1 , ..., b n-1 = yσ n-1 y -1 , and send (b 1 , b 2 , ..., b n-1 ) to Alice.
收到Bob的(b 1,b 2,…,b n-1)后,Alice将私钥x中所有σ i的出现分别替换为b i(i=1,2,…,n-1),并计算x(b 1,b 2,…,b n-1),记为K。进一步利用私钥计算e=x -1K,再进一步计算S=H(m||e)(其中||表示将字符m和e连接一起)。Alice对m的签名为S。 After receiving Bob's (b 1 , b 2 , ..., b n-1 ), Alice replaces all occurrences of σ i in the private key x with b i (i=1, 2, ..., n-1), And calculate x(b 1 , b 2 , . . . , b n-1 ), denoted as K. Further use the private key to calculate e=x -1 K, and further calculate S=H(m||e) (where || means to connect characters m and e together). Alice's signature on m is S.
然后Alice在向Bob发送报文时,可以将该数字签名随同报文发送给Bob。Bob通过该数字签名确定报文是否被篡改。Then when Alice sends a message to Bob, she can send the digital signature along with the message to Bob. Bob uses the digital signature to determine whether the message has been tampered with.
Bob在接收到Alice的信息后,可以获取到携带的数字签名。再采用与Alice相同的哈希函数生成报文的摘要m’。然后将之前选取的y中所有σ i的出现替换为a i,i=1,…,n-1,并计算得到y(a 1,a 2,…,a n-1),记为K’,进一步计算e’=(y -1K’) -1,再进一步计算S =H(m’|| e’)(其中||表示将字符m’和e’连接一起)。Bob验证是否S =S,如果等式成立,则表明该报文未被篡改,否则该报文已经被篡改。 After Bob receives Alice's information, he can obtain the digital signature carried. Then use the same hash function as Alice to generate the digest m' of the message. Then replace all occurrences of σ i in the previously selected y with a i , i=1,...,n-1, and calculate y(a 1 , a 2 ,...,a n-1 ), denoted as K' , and further calculate e'=(y -1 K') -1 , and further calculate S ' = H(m'|| e') (where || means connecting characters m' and e' together). Bob verifies whether S ' = S, if the equality holds, it indicates that the message has not been tampered with, otherwise the message has been tampered with.
参照图3,示出了本申请实施例提供的一种数字签名装置的示意图,图3所示的数字签名装置应用于签名方,具体可以包括子群确定模块31、共轭运算模块32、公钥生成模块33、数字签名模块34和发送模块35,其中:Referring to FIG. 3, it shows a schematic diagram of a digital signature device provided by the embodiment of the present application. The digital signature device shown in FIG. Key generation module 33, digital signature module 34 and sending module 35, wherein:
子群确定模块31,用于从已建立的辫群中确定第一子群和第二子群,所述辫群的指数为大于或等于6的整数,所述第一子群和所述第二子群的元素的乘法不可交换;The subgroup determination module 31 is used to determine the first subgroup and the second subgroup from the established braid group, the index of the braid group is an integer greater than or equal to 6, the first subgroup and the second subgroup Multiplication of elements of two subgroups is not commutative;
共轭运算模块32,用于从所述第一子群中选取任一元素作为私钥,并对所述私钥和所述辫群进行共轭运算,得到第一共轭值;A conjugate operation module 32, configured to select any element from the first subgroup as a private key, and perform a conjugate operation on the private key and the braid group to obtain a first conjugate value;
公钥生成模块33,用于基于所述辫群和所述第一共轭值生成公钥;A public key generating module 33, configured to generate a public key based on the braid group and the first conjugate value;
数字签名模块34,用于当接收到验证方发送的第二共轭值时,根据所述第二共轭值和所述私钥,计算待签名信息的数字签名,所述第二共轭值由所述验证方根据所述公钥计算得到;The digital signature module 34 is configured to calculate the digital signature of the information to be signed according to the second conjugated value and the private key when receiving the second conjugated value sent by the verifier, and the second conjugated value calculated by the verifier based on the public key;
发送模块35,用于将所述数字签名发送至所述验证方。A sending module 35, configured to send the digital signature to the verifier.
在一种可能的实现方式中,共轭运算模块32采用如下公式对所述私钥和所述辫群进行共轭运算,得到第一共轭值:In a possible implementation manner, the conjugate operation module 32 uses the following formula to perform a conjugate operation on the private key and the braid group to obtain a first conjugate value:
a 1=xσ 1x -1,a 2=xσ 2x -1,…,a n-1=xσ n-1x -1a 1 = xσ 1 x -1 , a 2 = xσ 2 x -1 , ..., a n-1 = xσ n-1 x -1 ;
其中,σ 1,σ 2,…,σ n-1为所述辫群的多个生成元;x为所述私钥;a 1,a 2,…,a n-1为所述第一共轭值,n为所述指数。 Among them, σ 1 , σ 2 , ..., σ n-1 are multiple generators of the braid group; x is the private key; a 1 , a 2 , ..., a n-1 are the first common yoke value, n is the exponent.
在一种可能的实现方式中,所述公钥包括哈希函数,数字签名模块34采用如下公式计算待签名信息的数字签名:In a possible implementation, the public key includes a hash function, and the digital signature module 34 uses the following formula to calculate the digital signature of the information to be signed:
K=x(b 1,b 2,…,b n-1); K=x(b 1 , b 2 , . . . , b n-1 );
e=x -1K; e=x - 1K;
S=H(m||e);S=H(m||e);
其中,b 1,b 2,…,b n-1为所述第二共轭值;S为所述数字签名,H为所述哈希函数,m为所述待签名信息,n为所述指数,||表示将字符m和e连接一起。 Wherein, b 1 , b 2 ,..., b n-1 is the second conjugate value; S is the digital signature, H is the hash function, m is the information to be signed, and n is the The exponent, || means to concatenate the characters m and e together.
参照图4,示出了本申请实施例提供的另一种数字签名装置的示意图,图4所示的数字签名装置应用于验证方,具体可以包括计算模块41、发送模块42和验证模块43,其中:Referring to FIG. 4, it shows a schematic diagram of another digital signature device provided by the embodiment of the present application. The digital signature device shown in FIG. in:
计算模块41,用于根据签名方的公钥计算第二共轭值,所述公钥包括第一共轭值;A calculation module 41, configured to calculate a second conjugate value according to the public key of the signer, where the public key includes the first conjugate value;
发送模块42,用于将所述第二共轭值发送至所述签名方,所述第二共轭值用于所述签名方计算待签名信息的数字签名;A sending module 42, configured to send the second conjugate value to the signer, where the second conjugate value is used by the signer to calculate a digital signature of the information to be signed;
验证模块43,用于当接收到来自所述签名方的所述数字签名时,根据所述第二共轭值和所述第一共轭值,对所述数字签名进行验证。The verification module 43 is configured to verify the digital signature according to the second conjugate value and the first conjugate value when receiving the digital signature from the signer.
在一种可能的实现方式中,上述计算模块41包括:In a possible implementation, the calculation module 41 includes:
获取子模块,用于获取签名方的公钥,所述公钥还包括辫群和子群,所述辫群的指数为大于或等于6的整数;The obtaining submodule is used to obtain the public key of the signing party, the public key also includes a braid group and a subgroup, and the index of the braid group is an integer greater than or equal to 6;
选取子模块,用于从所述子群中选取任一元素;selecting a sub-module for selecting any element from said subgroup;
计算子模块,用于对所述元素和所述辫群进行共轭运算,得到所述第二共轭值。The calculation submodule is configured to perform a conjugate operation on the element and the braid group to obtain the second conjugate value.
在一种可能的实现方式中,上述计算子模块采用如下公式,对所述元素和所述辫群进行共轭运算,得到第二共轭值:In a possible implementation manner, the calculation submodule uses the following formula to perform a conjugate operation on the element and the braid group to obtain a second conjugate value:
b 1=yσ 1y -1,b 2=yσ 2y -1,…,b n-1=yσ n-1y -1b 1 =yσ 1 y -1 , b 2 =yσ 2 y -1 , ..., b n-1 = yσ n-1 y -1 ;
其中,b 1,b 2,…,b n-1为所述第二共轭值;σ 1,σ 2,…,σ n-1为所述辫群的多个生成元;y为所述元素,n为所述指数。 Wherein, b 1 , b 2 , ..., b n-1 are the second conjugate values; σ 1 , σ 2 , ..., σ n-1 are multiple generators of the braid group; y is the element, n being the index.
在一种可能的实现方式中上述验证模块43包括:In a possible implementation manner, the above verification module 43 includes:
验证值计算子模块,用于根据所述第二共轭值和所述第一共轭值,计算所述数字签名对应的验证值;A verification value calculation submodule, configured to calculate a verification value corresponding to the digital signature according to the second conjugate value and the first conjugate value;
判断子模块,用于若所述验证值等于所述数字签名,则所述数字签名验证通过。A judging submodule, configured to pass the verification of the digital signature if the verification value is equal to the digital signature.
在一种可能的实现方式中,所述公钥还包括哈希函数,上述验证值计算子模块采用如下公式计算所述数字签名对应的验证值:In a possible implementation, the public key further includes a hash function, and the verification value calculation submodule uses the following formula to calculate the verification value corresponding to the digital signature:
K’=y(a 1,a 2,…,a n-1); K'=y(a 1 , a 2 ,..., a n-1 );
e’=(y -1K’) -1e'=(y -1 K') -1 ;
S’=H(m||e’);S'=H(m||e');
其中,y为所述元素,S’为所述验证值,H为所述哈希函数,m为所述待签名信息,n为所述指数,||表示将字符m和e’连接一起。Wherein, y is the element, S' is the verification value, H is the hash function, m is the information to be signed, n is the index, and || indicates that the characters m and e' are connected together.
对于装置实施例而言,由于其与方法实施例基本相似,所以描述得比较简单,相关之处参见方法实施例部分的说明即可。As for the device embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for related details, please refer to the description of the method embodiment.
图5为本申请实施例提供的计算机设备的结构示意图。如图5所示,该实施例的计算机设备5包括:至少一个处理器50(图5中仅示出一个)处理器、存储器51以及存储在所述存储器51中并可在所述至少一个处理器50上运行的计算机程序52,所述处理器50执行所述计算机程序52时实现上述任意各个方法实施例中的步骤。FIG. 5 is a schematic structural diagram of a computer device provided by an embodiment of the present application. As shown in Figure 5, the computer device 5 of this embodiment includes: at least one processor 50 (only one is shown in Figure 5), a processor, a memory 51, and a processor that is stored in the memory 51 and can be processed in the at least one processor. A computer program 52 running on the processor 50, when the processor 50 executes the computer program 52, implements the steps in any of the above-mentioned method embodiments.
所述计算机设备5可以是桌上型计算机、笔记本、掌上电脑及云端服务器等计算设备。该计算机设备可包括,但不仅限于,处理器50、存储器51。本领域技术人员可以理解,图 5仅仅是计算机设备5的举例,并不构成对计算机设备5的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件,例如还可以包括输入输出设备、网络接入设备等。The computer device 5 may be computing devices such as desktop computers, notebooks, palmtop computers, and cloud servers. The computer device may include, but is not limited to, a processor 50 and a memory 51 . Those skilled in the art can understand that Fig. 5 is only an example of the computer device 5, and does not constitute a limitation to the computer device 5, and may include more or less components than those shown in the figure, or combine certain components, or different components , for example, may also include input and output devices, network access devices, and so on.
所称处理器50可以是中央处理单元(Central Processing Unit,CPU),该处理器50还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现成可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。The so-called processor 50 can be a central processing unit (Central Processing Unit, CPU), and the processor 50 can also be other general processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit) , ASIC), off-the-shelf programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general-purpose processor may be a microprocessor, or the processor may be any conventional processor, or the like.
所述存储器51在一些实施例中可以是所述计算机设备5的内部存储单元,例如计算机设备5的硬盘或内存。所述存储器51在另一些实施例中也可以是所述计算机设备5的外部存储设备,例如所述计算机设备5上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,所述存储器51还可以既包括所述计算机设备5的内部存储单元也包括外部存储设备。所述存储器51用于存储操作系统、应用程序、引导装载程序(BootLoader)、数据以及其他程序等,例如所述计算机程序的程序代码等。所述存储器51还可以用于暂时地存储已经输出或者将要输出的数据。The storage 51 may be an internal storage unit of the computer device 5 in some embodiments, such as a hard disk or memory of the computer device 5 . The memory 51 can also be an external storage device of the computer device 5 in other embodiments, such as a plug-in hard disk equipped on the computer device 5, a smart memory card (Smart Media Card, SMC), a secure digital (Secure Digital, SD) card, flash memory card (Flash Card), etc. Further, the memory 51 may also include both an internal storage unit of the computer device 5 and an external storage device. The memory 51 is used to store operating system, application program, boot loader (BootLoader), data and other programs, such as the program code of the computer program. The memory 51 can also be used to temporarily store data that has been output or will be output.
本申请实施例还提供了一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,所述计算机程序被处理器执行时实现可实现上述各个方法实施例中的步骤。The embodiment of the present application also provides a computer-readable storage medium, the computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, the steps in each of the foregoing method embodiments can be realized.
本申请实施例提供了一种计算机程序产品,当计算机程序产品在计算机设备上运行时,使得计算机设备执行时实现可实现上述各个方法实施例中的步骤。An embodiment of the present application provides a computer program product. When the computer program product is run on a computer device, the computer device can implement the steps in the foregoing method embodiments when executed.

Claims (18)

  1. 一种数字签名方法,其特征在于,应用于签名方,所述方法包括:A digital signature method, characterized in that it is applied to a signatory, the method comprising:
    从已建立的辫群中确定第一子群和第二子群,所述辫群的指数为大于或等于6的整数,所述第一子群和所述第二子群的元素的乘法不可交换;Determine the first subgroup and the second subgroup from the established braid group, the index of the braid group is an integer greater than or equal to 6, and the multiplication of the elements of the first subgroup and the second subgroup is not possible exchange;
    从所述第一子群中选取任一元素作为私钥,并对所述私钥和所述辫群进行共轭运算,得到第一共轭值;selecting any element from the first subgroup as a private key, and performing a conjugate operation on the private key and the braid group to obtain a first conjugate value;
    基于所述辫群和所述第一共轭值生成公钥;generating a public key based on the braid group and the first conjugate value;
    当接收到验证方发送的第二共轭值时,根据所述第二共轭值和所述私钥,计算待签名信息的数字签名,所述第二共轭值由所述验证方根据所述公钥计算得到;When receiving the second conjugate value sent by the verifier, calculate the digital signature of the information to be signed according to the second conjugate value and the private key, and the second conjugate value is determined by the verifier according to the The above public key is calculated;
    将所述数字签名发送至所述验证方。The digital signature is sent to the verifier.
  2. 如权利要求1所述的方法,其特征在于,采用如下公式对所述私钥和所述辫群进行共轭运算,得到第一共轭值:The method according to claim 1, wherein the following formula is used to perform a conjugate operation on the private key and the braid group to obtain the first conjugate value:
    a 1=xσ 1x -1,a 2=xσ 2x -1,…,a n-1=xσ n-1x -1a 1 = xσ 1 x -1 , a 2 = xσ 2 x -1 , ..., a n-1 = xσ n-1 x -1 ;
    其中,σ 1,σ 2,…,σ n-1为所述辫群的多个生成元;x为所述私钥;a 1,a 2,…,a n-1为所述第一共轭值,n为所述指数。 Among them, σ 1 , σ 2 , ..., σ n-1 are multiple generators of the braid group; x is the private key; a 1 , a 2 , ..., a n-1 are the first common yoke value, n is the exponent.
  3. 如权利要求1或2所述的方法,其特征在于,所述公钥包括哈希函数,根据所述第二共轭值和所述私钥,采用如下公式计算待签名信息的数字签名:The method according to claim 1 or 2, wherein the public key includes a hash function, and according to the second conjugate value and the private key, the following formula is used to calculate the digital signature of the information to be signed:
    K=x(b 1,b 2,…,b n-1); K=x(b 1 , b 2 , . . . , b n-1 );
    e=x -1K; e=x - 1K;
    S=H(m||e);S=H(m||e);
    其中,b 1,b 2,…,b n-1为所述第二共轭值;S为所述数字签名,H为所述哈希函数,m为所述待签名信息,n为所述指数,||表示将字符m和e连接一起。 Wherein, b 1 , b 2 ,..., b n-1 is the second conjugate value; S is the digital signature, H is the hash function, m is the information to be signed, and n is the The exponent, || means to concatenate the characters m and e together.
  4. 一种数字签名方法,其特征在于,应用于验证方,所述方法包括:A digital signature method, characterized in that it is applied to a verifier, the method comprising:
    根据签名方的公钥计算第二共轭值,所述公钥包括第一共轭值;calculating a second conjugate value based on the signer's public key, the public key comprising the first conjugate value;
    将所述第二共轭值发送至所述签名方,所述第二共轭值用于所述签名方计算待签名信息的数字签名;sending the second conjugate value to the signer, where the second conjugate value is used by the signer to calculate a digital signature of the information to be signed;
    当接收到来自所述签名方的所述数字签名时,根据所述第二共轭值和所述第一共轭值,对所述数字签名进行验证。When the digital signature from the signer is received, the digital signature is verified according to the second conjugate value and the first conjugate value.
  5. 如权利要求4所述的方法,其特征在于,所述根据签名方的公钥计算第二共轭值,包括:The method according to claim 4, wherein said calculating the second conjugate value according to the public key of the signing party comprises:
    获取签名方的公钥,所述公钥还包括辫群和子群,所述辫群的指数为大于或等于6的整数;Obtain the public key of the signing party, the public key also includes a braid group and a subgroup, and the index of the braid group is an integer greater than or equal to 6;
    从所述子群中选取任一元素;selecting any element from said subgroup;
    对所述元素和所述辫群进行共轭运算,得到所述第二共轭值。performing a conjugate operation on the element and the braid group to obtain the second conjugate value.
  6. 如权利要求5所述的方法,其特征在于,采用如下公式,对所述元素和所述辫群进行共轭运算,得到第二共轭值:The method according to claim 5, wherein the following formula is used to perform a conjugate operation on the elements and the braid group to obtain a second conjugate value:
    b 1=yσ 1y -1,b 2=yσ 2y -1,…,b n-1=yσ n-1y -1b 1 =yσ 1 y -1 , b 2 =yσ 2 y -1 , ..., b n-1 = yσ n-1 y -1 ;
    其中,b 1,b 2,…,b n-1为所述第二共轭值;σ 1,σ 2,…,σ n-1为所述辫群的多个生成元;y为所述元素,n为所述指数。 Wherein, b 1 , b 2 , ..., b n-1 are the second conjugate values; σ 1 , σ 2 , ..., σ n-1 are multiple generators of the braid group; y is the element, n being the index.
  7. 如权利要求5或6任一项所述的方法,其特征在于,所述根据所述第二共轭值和所述第一共轭值,对所述数字签名进行验证,包括:The method according to any one of claims 5 or 6, wherein the verifying the digital signature according to the second conjugate value and the first conjugate value comprises:
    根据所述第二共轭值和所述第一共轭值,计算所述数字签名对应的验证值;calculating a verification value corresponding to the digital signature according to the second conjugate value and the first conjugate value;
    若所述验证值等于所述数字签名,则所述数字签名验证通过。If the verification value is equal to the digital signature, the verification of the digital signature is passed.
  8. 如权利要求7所述的方法,其特征在于,所述公钥还包括哈希函数,根据所述第二共轭值和所述第一共轭值,采用如下公式计算所述数字签名对应的验证值:The method according to claim 7, wherein the public key further includes a hash function, and according to the second conjugate value and the first conjugate value, the following formula is used to calculate the hash function corresponding to the digital signature: Verify value:
    K’=y(a 1,a 2,…,a n-1); K'=y(a 1 , a 2 ,..., a n-1 );
    e’=(y -1K’) -1e'=(y -1 K') -1 ;
    S’=H(m||e’);S'=H(m||e');
    其中,y为所述元素,S’为所述验证值,H为所述哈希函数,m为所述待签名信息,n为所述指数,||表示将字符m和e’连接一起。Wherein, y is the element, S' is the verification value, H is the hash function, m is the information to be signed, n is the index, and || indicates that the characters m and e' are connected together.
  9. 一种数字签名装置,其特征在于,应用于签名方,所述装置包括:A digital signature device, characterized in that it is applied to a signatory, and the device includes:
    子群确定模块,用于从已建立的辫群中确定第一子群和第二子群,所述辫群的指数为大于或等于6的整数,所述第一子群和所述第二子群的元素的乘法不可交换;Subgroup determination module, used to determine the first subgroup and the second subgroup from the established braid group, the index of the braid group is an integer greater than or equal to 6, the first subgroup and the second subgroup Multiplication of elements of subgroups is not commutative;
    共轭运算模块,用于从所述第一子群中选取任一元素作为私钥,并对所述私钥和所述辫群进行共轭运算,得到第一共轭值;A conjugate operation module, configured to select any element from the first subgroup as a private key, and perform a conjugate operation on the private key and the braid group to obtain a first conjugate value;
    公钥生成模块,用于基于所述辫群和所述第一共轭值生成公钥;A public key generating module, configured to generate a public key based on the braid group and the first conjugate value;
    数字签名模块,用于当接收到验证方发送的第二共轭值时,根据所述第二共轭值和所述私钥,计算待签名信息的数字签名,所述第二共轭值由所述验证方根据所述公钥计算得到;A digital signature module, configured to calculate the digital signature of the information to be signed according to the second conjugate value and the private key when receiving the second conjugate value sent by the verifier, and the second conjugate value is determined by The verifier calculates and obtains according to the public key;
    发送模块,用于将所述数字签名发送至所述验证方。A sending module, configured to send the digital signature to the verifier.
  10. 如权利要求9所述的装置,其特征在于,采用如下公式对所述私钥和所述辫群进 行共轭运算,得到第一共轭值:The device according to claim 9, wherein the following formula is used to carry out conjugate operation on the private key and the braid group to obtain the first conjugate value:
    a 1=xσ 1x -1,a 2=xσ 2x -1,…,a n-1=xσ n-1x -1a 1 = xσ 1 x -1 , a 2 = xσ 2 x -1 , ..., a n-1 = xσ n-1 x -1 ;
    其中,σ 1,σ 2,…,σ n-1为所述辫群的多个生成元;x为所述私钥;a 1,a 2,…,a n-1为所述第一共轭值,n为所述指数。 Among them, σ 1 , σ 2 , ..., σ n-1 are multiple generators of the braid group; x is the private key; a 1 , a 2 , ..., a n-1 are the first common yoke value, n is the exponent.
  11. 如权利要求9或10所述的装置,其特征在于,所述公钥包括哈希函数,根据所述第二共轭值和所述私钥,采用如下公式计算待签名信息的数字签名:The device according to claim 9 or 10, wherein the public key includes a hash function, and according to the second conjugate value and the private key, the following formula is used to calculate the digital signature of the information to be signed:
    K=x(b 1,b 2,…,b n-1); K=x(b 1 , b 2 , . . . , b n-1 );
    e=x -1K; e=x - 1K;
    S=H(m||e);S=H(m||e);
    其中,b 1,b 2,…,b n-1为所述第二共轭值;S为所述数字签名,H为所述哈希函数,m为所述待签名信息,n为所述指数,||表示将字符m和e连接一起。 Wherein, b 1 , b 2 ,..., b n-1 is the second conjugate value; S is the digital signature, H is the hash function, m is the information to be signed, and n is the The exponent, || means to concatenate the characters m and e together.
  12. 一种数字签名装置,其特征在于,应用于验证方,所述装置包括:A digital signature device is characterized in that it is applied to a verifier, and the device includes:
    计算模块,用于根据签名方的公钥计算第二共轭值,所述公钥包括第一共轭值;a calculation module, configured to calculate a second conjugate value according to the public key of the signer, the public key including the first conjugate value;
    发送模块,用于将所述第二共轭值发送至所述签名方,所述第二共轭值用于所述签名方计算待签名信息的数字签名;A sending module, configured to send the second conjugate value to the signer, where the second conjugate value is used by the signer to calculate a digital signature of the information to be signed;
    验证模块,用于当接收到来自所述签名方的所述数字签名时,根据所述第二共轭值和所述第一共轭值,对所述数字签名进行验证。A verification module, configured to verify the digital signature according to the second conjugate value and the first conjugate value when receiving the digital signature from the signer.
  13. 如权利要求12所述的装置,其特征在于,所述计算模块,包括:The device according to claim 12, wherein the computing module comprises:
    获取子模块,用于获取签名方的公钥,所述公钥还包括辫群和子群,所述辫群的指数为大于或等于6的整数;The obtaining submodule is used to obtain the public key of the signing party, the public key also includes a braid group and a subgroup, and the index of the braid group is an integer greater than or equal to 6;
    选取子模块,用于从所述子群中选取任一元素;selecting a sub-module for selecting any element from said subgroup;
    计算子模块,用于对所述元素和所述辫群进行共轭运算,得到所述第二共轭值。The calculation submodule is configured to perform a conjugate operation on the element and the braid group to obtain the second conjugate value.
  14. 如权利要求13所述的装置,其特征在于,所述计算子模块采用如下公式,对所述元素和所述辫群进行共轭运算,得到第二共轭值:The device according to claim 13, wherein the calculation submodule uses the following formula to perform a conjugate operation on the element and the braid group to obtain a second conjugate value:
    b 1=yσ 1y -1,b 2=yσ 2y -1,…,b n-1=yσ n-1y -1b 1 =yσ 1 y -1 , b 2 =yσ 2 y -1 , ..., b n-1 = yσ n-1 y -1 ;
    其中,b 1,b 2,…,b n-1为所述第二共轭值;σ 1,σ 2,…,σ n-1为所述辫群的多个生成元;y为所述元素,n为所述指数。 Wherein, b 1 , b 2 , ..., b n-1 are the second conjugate values; σ 1 , σ 2 , ..., σ n-1 are multiple generators of the braid group; y is the element, n being the index.
  15. 如权利要求13或14任一项所述的装置,其特征在于,所述验证模块包括:The device according to any one of claims 13 or 14, wherein the verification module comprises:
    验证值计算子模块,用于根据所述第二共轭值和所述第一共轭值,计算所述数字签名对应的验证值;A verification value calculation submodule, configured to calculate a verification value corresponding to the digital signature according to the second conjugate value and the first conjugate value;
    判断子模块,用于若所述验证值等于所述数字签名,则所述数字签名验证通过。A judging submodule, configured to pass the verification of the digital signature if the verification value is equal to the digital signature.
  16. 如权利要求15所述的装置,其特征在于,所述公钥还包括哈希函数,所述验证值计算子模块采用如下公式计算所述数字签名对应的验证值:The device according to claim 15, wherein the public key further includes a hash function, and the verification value calculation submodule uses the following formula to calculate the verification value corresponding to the digital signature:
    K’=y(a 1,a 2,…,a n-1); K'=y(a 1 , a 2 ,..., a n-1 );
    e’=(y -1K’) -1e'=(y -1 K') -1 ;
    S’=H(m||e’);S'=H(m||e');
    其中,y为所述元素,S’为所述验证值,H为所述哈希函数,m为所述待签名信息,n为所述指数,||表示将字符m和e’连接一起。Wherein, y is the element, S' is the verification value, H is the hash function, m is the information to be signed, n is the index, and || indicates that the characters m and e' are connected together.
  17. 一种计算机设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序时实现如权利要求1-4或5-8任一项所述的数字签名方法。A computer device, comprising a memory, a processor, and a computer program stored in the memory and operable on the processor, characterized in that, when the processor executes the computer program, the computer program according to claim 1- 4 or the digital signature method described in any one of 5-8.
  18. 一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现如权利要求1-4或5-8任一项所述的数字签名方法。A computer-readable storage medium, the computer-readable storage medium stores a computer program, characterized in that, when the computer program is executed by a processor, the method according to any one of claims 1-4 or 5-8 is realized. Digital signature method.
PCT/CN2022/103270 2022-02-25 2022-07-01 Digital signature methods, computer device and medium WO2023159849A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210182974.0A CN114640463B (en) 2022-02-25 2022-02-25 Digital signature method, computer equipment and medium
CN202210182974.0 2022-02-25

Publications (1)

Publication Number Publication Date
WO2023159849A1 true WO2023159849A1 (en) 2023-08-31

Family

ID=81948498

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/103270 WO2023159849A1 (en) 2022-02-25 2022-07-01 Digital signature methods, computer device and medium

Country Status (2)

Country Link
CN (1) CN114640463B (en)
WO (1) WO2023159849A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114640463B (en) * 2022-02-25 2023-05-12 深圳大学 Digital signature method, computer equipment and medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107911209A (en) * 2017-12-28 2018-04-13 深圳大学 The method for establishing the security public key cryptography of resisting quantum computation attack
US20190215148A1 (en) * 2018-01-11 2019-07-11 Shenzhen University Method of establishing anti-attack public key cryptogram
CN111740821A (en) * 2020-05-06 2020-10-02 深圳大学 Method and device for establishing shared secret key
WO2021223090A1 (en) * 2020-05-06 2021-11-11 深圳大学 Method and apparatus for establishing shared key
CN114640463A (en) * 2022-02-25 2022-06-17 深圳大学 Digital signature method, computer equipment and medium

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103200000B (en) * 2013-03-27 2016-03-16 武汉大学 Shared key method for building up under a kind of quantum computation environment
WO2015081505A1 (en) * 2013-12-04 2015-06-11 王威鉴 Method for establishing public key cryptogram against quantum computing attack
US10523440B2 (en) * 2015-09-22 2019-12-31 Securerf Corporation Signature generation and verification system
WO2017063114A1 (en) * 2015-10-12 2017-04-20 王晓峰 Method for establishing secure attack-resistant public key cryptographic algorithm

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107911209A (en) * 2017-12-28 2018-04-13 深圳大学 The method for establishing the security public key cryptography of resisting quantum computation attack
US20190215148A1 (en) * 2018-01-11 2019-07-11 Shenzhen University Method of establishing anti-attack public key cryptogram
CN111740821A (en) * 2020-05-06 2020-10-02 深圳大学 Method and device for establishing shared secret key
WO2021223090A1 (en) * 2020-05-06 2021-11-11 深圳大学 Method and apparatus for establishing shared key
CN114640463A (en) * 2022-02-25 2022-06-17 深圳大学 Digital signature method, computer equipment and medium

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
RANJAN PRATIK, OM HARI: "Braid groups based group signature scheme", 2015 4TH INTERNATIONAL CONFERENCE ON RELIABILITY, INFOCOM TECHNOLOGIES AND OPTIMIZATION (ICRITO) (TRENDS AND FUTURE DIRECTIONS), IEEE, 1 September 2015 (2015-09-01) - 4 September 2015 (2015-09-04), pages 1 - 5, XP093087223, ISBN: 978-1-4673-7231-2, DOI: 10.1109/ICRITO.2015.7359230 *
李婧 (LI, JING): "基于访问结构的数据加密与共享协议的研究 (non-official translation: Research on Data Encryption and Sharing Protocol Based on Access Structure)", 中国博士学位论文全文数据库信息科技辑 (电子期刊) (INFORMATION & TECHNOLOGY, CHINA DOCTORAL DISSERTATIONS FULL-TEXT DATABASE (ELECTRONIC JOURNAL)), 15 February 2018 (2018-02-15) *
隗云 (KUI, YUN): "辫群上的数字签名研究 (non-official translation: Research on Digital Signature on Braid Group)", 中国博士学位论文全文数据库信息科技辑 (电子期刊) (INFORMATION & TECHNOLOGY, CHINA DOCTORAL DISSERTATIONS FULL-TEXT DATABASE (ELECTRONIC JOURNAL)), 15 July 2012 (2012-07-15) *

Also Published As

Publication number Publication date
CN114640463B (en) 2023-05-12
CN114640463A (en) 2022-06-17

Similar Documents

Publication Publication Date Title
WO2021238527A1 (en) Digital signature generation method and apparatus, computer device, and storage medium
JP4785851B2 (en) Digital signatures, including identity-based aggregate signatures
RU2376651C2 (en) Using isogenies to design cryptosystems
JP5064408B2 (en) Digital signature for network encoding
US9219602B2 (en) Method and system for securely computing a base point in direct anonymous attestation
US20110145579A1 (en) Password authentication method
WO2022183998A1 (en) Data processing method and apparatus, device, and storage medium
US11870911B2 (en) Providing a cryptographic information
US11838431B2 (en) Cryptographic operation
CN112446052A (en) Aggregated signature method and system suitable for secret-related information system
CN113098691A (en) Digital signature method, signature information verification method, related device and electronic equipment
CN110190957A (en) Multivariable broadcasting multi-signature method based on no certificate
WO2023159849A1 (en) Digital signature methods, computer device and medium
Anada et al. RSA public keys with inside structure: Proofs of key generation and identities for web-of-trust
US20080320557A1 (en) Batch verification device, program and batch verification method
Srivastava et al. An overview of hash based signatures
WO2012156254A1 (en) A method for performing a group digital signature
CN114139197A (en) Proxy security multi-party computing method, system, processing equipment and storage medium
WO2022116175A1 (en) Method and apparatus for generating digital signature and server
CN111740821B (en) Method and device for establishing shared secret key
WO2023093278A1 (en) Digital signature thresholding method and apparatus
WO2023093004A1 (en) Key data processing method and electronic device
KR20240045231A (en) Creation of digitally signed shares
Lee et al. Forward-secure multi-user aggregate signatures based on zk-SNARKs
CN115001698B (en) Aggregate signature method, apparatus, device and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22928118

Country of ref document: EP

Kind code of ref document: A1