[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN106850229B - SM2 digital signature generation method and system based on product secret division - Google Patents

SM2 digital signature generation method and system based on product secret division Download PDF

Info

Publication number
CN106850229B
CN106850229B CN201710046710.1A CN201710046710A CN106850229B CN 106850229 B CN106850229 B CN 106850229B CN 201710046710 A CN201710046710 A CN 201710046710A CN 106850229 B CN106850229 B CN 106850229B
Authority
CN
China
Prior art keywords
mod
digital signature
calculated
integer
section
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710046710.1A
Other languages
Chinese (zh)
Other versions
CN106850229A (en
Inventor
龙毅宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan University of Technology WUT
Original Assignee
Wuhan University of Technology WUT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University of Technology WUT filed Critical Wuhan University of Technology WUT
Priority to CN201710046710.1A priority Critical patent/CN106850229B/en
Publication of CN106850229A publication Critical patent/CN106850229A/en
Application granted granted Critical
Publication of CN106850229B publication Critical patent/CN106850229B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Mathematical Physics (AREA)
  • Physics & Mathematics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Computing Systems (AREA)
  • Mathematical Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Storage Device Security (AREA)

Abstract

Invention is related to SM2 digital signature generation method: device 1,2 has secret d1、d2And dA(1+dA)‑1Mod n=d1d2Mod n, dAIt is user's SM2 private key;H=a (d is setA)‑1Mod n, Ga=[a] G, a are optional secret numbers, and G is the basic point of SM2, and h does not maintain secrecy;When generating digital signature, two device interactive computings go out Q=[(k1+k2)]Gb, r=(e+x1) mod n, wherein k1、k2It is the optional integer of device 1,2, Gb=[b] Ga, b is the integer that device 1 is only known, (x1,y1)=Q, e are the Hash Values of message;Device 1 is by w1=d1B mod n, s1=(hk1‑(b)‑1R) mod n is to device 2;Device 2 calculates s=d2w1(hk2+s1)mod n;(r, s) is the digital signature of message.

Description

SM2 digital signature generation method and system based on product secret division
Technical field
The invention belongs to field of information security technology, especially a kind of SM2 digital signature based on product secret division is raw At method and system.
Background technique
In public-key encryptosystem, in order to ensure the safety of private key for user, the private key of user is typically stored in It is used in special cryptographic hardware, is such as stored in USB Key, SmartCard and uses, and private key cannot be led from cryptographic hardware Out.But in some cases, for example, due to cost, or since unsuitable cryptographic hardware (is led to as mobile Believe terminal) so that user can not rely on cryptographic hardware to store private key and carry out crypto-operation using private key.For this Situation, most common method are the crypto modules using pure software, and private key for user is stored in user's computing device sheet In the permanent storage media on ground (electric board in the disk of such as PC, mobile communication terminal), and pass through PIN (Personal Identification Number) code protects private key.When needing using private key for user, software key Code module reads private key for user (user is required to input PIN code when necessary) from the permanent storage media of user's computing device, then Carry out crypto-operation.It is this using pure software password mould, private key for user is stored in computing device it is local by the way of there are users The risk of private key leakage cracks user for example, attacker steals the private key for user being stored in user's computing device by wooden horse The PIN code for protecting private key, to obtain private key for user;And it is this by the way of pure software crypto module, private key for user is most It need to be imported into memory and be used with plaintext version eventually, such attacker steals and is stored in possibly through certain attack pattern Private key for user in memory.How in the case where not using cryptographic hardware, secure storage and use private key for user have reality Demand, there is good practical application meaning to the solution of this problem.
The solution common to this problem is private key for user to be divided into more parts by certain mode, every part is known as Then partial secret share is especially stored in by secret shadow by every part of secret shadow storage into different computing devices Safety precautions in place, safety condition it is good profession cryptographic service mechanism online cryptographic service system in;When password is answered It when needing to carry out crypto-operation using private key for user with program, system, is such as digitally signed or when data deciphering, multiple calculating Device uses the secret shadow of oneself to carry out crypto-operation respectively, and the result for finally calculating each device merges, formed it is last, The result (result of digital signature or data deciphering) of crypto-operation is carried out using private key for user.
SM2 is a kind of ellipse curve public key cipher algorithm by the promulgation of national Password Management office (referring to " SM2 elliptic curve Public key algorithm " specification, national Password Management office, in December, 2010), digital signature is able to achieve based on this algorithm, key is handed over It changes and data encryption.But due to the unique digital signature operation mode of SM2 algorithm, common privacy sharing (segmentation) mode And the corresponding crypto-operation mode based on privacy sharing, the situation that SM2 private key is digitally signed can not be adapted for use with.
Summary of the invention
The purpose of the present invention is to propose to a kind of SM2 digital signature generation methods based on secret division (or shared), with full Foot is without the demand that in the case where cryptographic hardware, safe handling user SM2 private key is digitally signed.
For the purpose of the present invention, technical solution proposed by the present invention is a kind of SM2 number based on product secret division Signature generating method.
In the description below to technical solution of the present invention, if P, Q are the element (point) in elliptic curve point group, P+Q Indicate that the point of P, Q add, [k] P indicates that the point of k elliptic curve point P adds, i.e. P+P+...+P (shares k P);Ellipsis " ... ", Indicate the data item or multiple same operations of multiple same (types);c-1Indicate inverse (the i.e. cc of the mould n multiplication of integer c-1mod n =1);Multiple integers are multiplied (including integer symbol is multiplied, constant is multiplied with integer symbol), are not generating ambiguous situation Under, multiplication sign " " is dispensed, such as k1·k2It is reduced to k1k2, 3c, simplified position 3c;Mod n indicates mould n operation (modulo Operation), correspond in " SM2 ellipse curve public key cipher algorithm " specification (national Password Management office, in December, 2010) modn;In addition, the priority of the operators m od n of mould n operation be it is minimum, as a+b mod n is equal to (a+b) mod n, a-b Mod n is equal to (a-b) mod n, ab mod n and is equal to (ab) mod n.
Method of the invention is specific as follows.
The method is related to two devices for being referred to as device 1, device 2;
Before generating digital signature, following initialization operation is carried out for two devices that digital signature generates are participated in:
Secret shadow d is distributed to device 11, secret shadow d is distributed to device 22, wherein d1、d2It is in section [1, n-1] Integer, and n is elliptic curve used in elliptic curve point order of a group namely SM2 crypto-operation used in SM2 crypto-operation The rank of the basic point G of point group (elliptic curve point group used in SM2 crypto-operation refers to the cyclic group generated by basic point G);
The secret shadow of two devices and the SM2 private key d of userAMeet relationship:
(1+dA)-1dAMod n=d1d2Mod n, wherein (1+dA)-1It is (1+dA) the inverse (i.e. (1+d of mould n multiplicationA)-1(1 +dA) mod n=1);
An integer a is randomly choosed in section [1, n-1], calculates Ga=[a] G, h=a (dA)-1Mod n, wherein G be The basic point of SM2 elliptic curve point group;By h to device 1, device 2;GaIt will be to needing G in digital signature generating processaDevice 1 And/or (a in the present invention is not the parameter a of elliptic curve equation to device 2;GaWithout secrecy, unwanted problem is only needed);
(two devices do not possess a, dA;Carry out secret division, provide initialization operation can be one it is special close A crypto module, key management tool in key management system or user's computing device);
When needing the SM2 private key d using userAWhen being digitally signed for message M, two devices as follows into The generation of row digital signature (needs the SM2 private key d using userA, for the message M main body being digitally signed can be tune With in one of the cryptographic application of the two devices, system or crypto module or two devices cryptographic application, be System):
Firstly, two devices obtain Q=[(k by interactive computing1+k2)]Gb, r=(e+x1) mod n, and obtained r, Q Meet: r ≠ 0 and [r] G+Q are not the null elements (infinite point) of SM2 elliptic curve point group, wherein k1、k2It is during calculating Q Device 1, device 2 randomly selected integer, G in section [1, n-1] respectivelyb=[b] Ga, b is only having in section [1, n-1] The integer constant (secret) or b that device 1 is just known are the random selections in section [1, n-1] of device 1 during calculating Q An integer, G is the basic point of SM2 elliptic curve point group, x1It is derived from (x1,y1)=Q, e are exported from user identifier and message M Hash Value (i.e. hashed value) (present invention in b be not elliptic curve equation parameter b;By SM2 algorithm, e is from user identifier IDAEtc. Hash Value Z derived from parametersAThe Hash Value of data after merging with message M, standardizes referring to SM2);
Later, device 1 calculates w1=d1B mod n, s1=(hk1-(b)-1R) mod n, then by w1、s1It is sent to device 2;
Finally, device 2 receives the w of device 11、s1Afterwards, s=d is calculated2w1(hk2+s1) mod n (s=d at this time2d1(bh (k2+k1)-r) mod n=(1+dA)-1(ba(k2+k1)-dAr)mod n);(r, s) is exactly the number label for message M generated Name.
Here r is non-private data, can be transmitted between two as needed.
If b is the integer constant (secret) that the only device 1 in section [1, n-1] is just known, then generated in digital signature In preceding initialization procedure, (by initialization tool or system or device 1) calculates Gb=[b] Ga, device 1, device 2 save respectively Gb;When being digitally signed for message M, device 1 and device 2 all obtain G from the data locally savedb
If b is to calculate the randomly selected integer in section [1, n-1] of device 1 during Q, then message is being directed to When M is digitally signed, device 1 randomly chooses an integer b in section [1, n-1], and G is calculatedb=[b] Ga, then will GbIt is sent to device 2, thus device 1 and device 2 all obtain Gb
When being digitally signed for message M, two devices as follows, or by the side being equal with such as under type Formula obtains Q=[(k by interactive computing1+k2)]Gb, r=(e+x1) mod n, and obtained r, Q meets: r ≠ 0 and [r] G+Q It is not the null element (infinite point) of SM2 elliptic curve point group:
Firstly, device 1 and device 2 are respectively from the data of preservation or by calculating in real time and exchange obtains Gb
Later, device 1 randomly chooses an integer k in section [1, n-1]1, Q is calculated1=[k1]Gb
Device 2 randomly chooses an integer k in section [1, n-1]2, Q is calculated2=[k2]Gb, then by Q2It sends To device 1;
Device 1 receives Q2Afterwards, Q=Q is calculated1+Q2, Q=[(k at this time1+k2)]Gb(=[b (k1+k2)]Ga);
Device 1 check Q whether be SM2 elliptic curve point group null element (infinite point), if so, device 1 reselects k1, recalculate Q1=[k1]Gb, recalculate Q=Q1+Q2, rejudge whether Q is null element, this process repeated, until Q is not Until null element;If Q is not null element, device 1 takes (x1,y1)=Q calculates r=(e+x1)mod n;
If r, Q for being calculated meet: r ≠ 0 and [r] G+Q are not the null elements (infinite point) of SM2 elliptic curve point group, Then the calculating of Q, r are completed;Otherwise, device 1 randomly chooses an integer k in section [1, n-1] again1, then recalculate Q1, Q=Q1+Q2, rejudge whether Q is null element, and calculate r when Q is not null element, repeat this process, until r ≠ 0 and [r] G+Q is not the null element (infinite point) of SM2 elliptic curve point group;
Alternatively, if r=0 or [r] G+Q are the null elements (infinite point) of SM2 elliptic curve point group, two devices together from Head re-starts the calculating of Q, r, and (i.e. device 1 and device 2 retrieves Gb, device 1 reselects k1, device 2 reselects k2, Then Q=Q is calculated1+Q2, judge whether Q is null element, and r=(e+x is calculated when Q is not null element1) mod n), repeat this mistake Journey, until r ≠ 0 and [r] G+Q is not the null element (infinite point) of SM2 elliptic curve point group;
The equivalent mode, i.e., can equally obtain Q=[(k1+k2)]GbAnd r is calculated according to Q, and make r, Q full Sufficient r ≠ 0 and [r] G+Q are not the modes of the null element of SM2 elliptic curve point group.
If device 1 when Q, r is calculated, only checks whether r is zero, does not check whether [r] G+Q is SM2 elliptic curve The null element (infinite point) of point group, and the calculating that Q, r are only re-started in r=0 (does not re-start Q, r meter as long as r ≠ 0 Calculate), then:
After s is calculated in device 2, if checking discovery (s+r) mod n=0, the s being calculated is abandoned, device 1 is again An integer k is randomly choosed in section [1, n-1]1, recalculate Q1, Q=Q1+Q2, rejudge whether Q is null element, and R=(e+x is calculated when Q is not null element1) modn, device 2 recalculates s, this process repeated, until n ≠ 0 (s+r) mod;
Or after s is calculated in device 2, if check discovery (s+r) mod n=0, two devices together from the beginning again into (i.e. device 1 and device 2 obtains G for the calculating of row Q, rb, device 1 reselects k1, calculate Q1, device 2 reselects k2, calculate Q2, Then device 1 recalculates Q=Q1+Q2, judge whether Q is null element, and r=(e+x is calculated when Q is not null element1)mod N), device 2 recalculates s, until n ≠ 0 (s+r) mod.
In above scheme, if b be calculate Q during device 1 in section [1, n-1] randomly selected one it is whole It counts, then k1Either calculating Q1When the randomly selected integer in section [1, n-1] of device 1, be also possible to section [1, N-1] in the only integer constant just known of device 1 (calculate Q every time1When all use the same k1)。
The public key of user is still dAG is calculated and is published before secret division.
The system comprises two devices, wherein a device is user's computing device, the other is cipher key service system Cipher server or two devices be all cipher key service system cipher server;Two devices press the SM2 number label Name generation method, generates the digital signature using user SM2 private key d to message MA
It can see from the above summary of the invention, generated using the SM2 digital signature of the invention based on product secret division Method can be by the private key d with user when user does not have hardware cryptographic device to store SM2 private keyARelevant secret data (1 +dA)-1Two parts of secret shadows are divided by product, the cryptographic service system of different cryptographic service mechanisms is stored in respectively, is needing When being signed using the SM2 private key of user to message, the cryptographic service system of Liang Ge mechanism is secret using what is respectively had respectively Close share ultimately produces the digital signature for message by interaction;Alternatively, the portion in two parts of secret shadows is stored in one In the cryptographic service system of cryptographic service mechanism, another is stored in the computing device of user, when needing using user's When SM2 private key signs to message, the computing device of user and the cryptographic service system of cryptographic service mechanism use respectively respectively From the secret shadow having, the digital signature for message is ultimately produced by interaction;Since attacker obtains at two simultaneously Secret shadow in the cryptographic service system of different cryptographic service mechanisms, or obtained simultaneously in user's computing device and password clothes Be engaged in mechanism cryptographic service system in secret shadow a possibility that it is extremely low, this has been considerably improved the feelings in not cryptographic hardware Under condition, safety that user's SM2 private key uses.
Specific embodiment
The present invention will be further described with reference to the examples below.Following embodiment is not as a limitation of the invention.
By secret (1+dA)-1It is divided into d1、d2, and (1+dA)-1=d1d2Mod n is easily: in [1, n-1] with Machine selects an integer as d1, later, calculate d2=(d1)-1(1+dA)-1Mod n.
Embodiment 1,
In this embodiment, the computing device (such as PC, mobile communication terminal) of user is SM2 number of the invention One (device 1 or device 2) in two devices in signature segmentation generation method, another device is a cryptographic service system Cipher server in system (as device 2 or device 1);The computing device and cipher server of user does not save user's SM2 private key dA、(1+dA)-1;(1+dA)-1Secret shadow d1、d2, portion is stored in user's computing device, another is stored in In cipher server;When in user's computing device cryptographic application or system will use user SM2 private key dATo message When being signed, user's computing device (in fact, crypto module usually in user's computing device) and cipher server are handed over Mutually, secret shadow d is used using method of the invention1、d2Generate the digital signature of message.
Embodiment 2,
In this embodiment, a device in SM2 digital signature of the invention segmentation generation method is a mechanism Cipher server in cryptographic service system, another device are the cryptographic services in the cryptographic service system of another mechanism Device;User's computing device and the cipher server of Liang Ge cryptographic service mechanism do not save the SM2 private key d of userA、(1+dA)-1; (1+dA)-1Two parts of secret shadow d1、d2, it is stored in the cipher server of two cryptographic service systems respectively;When user calculates Cryptographic application or system in device will use the SM2 private key d of userAWhen signing to message, user's computing device (crypto module usually in user's computing device) transmits the request to a cryptographic service system, latter two cryptographic service The cipher server of system using method of the invention, uses secret shadow d by interaction1、d2The digital signature of message is generated, Then the signature of generation is returned to user's computing device;In digital signature generating process, two cryptographic service systems are adhered to separately Any of two cipher servers of system can be another all as the device 1 in digital signature generation method of the invention It is a to be used as device 2.
Based on method of the invention, it is easy to the system that the method for the present invention is implemented in building.
The SM2 digital signature segmentation generation system constructed based on method of the invention includes two devices, wherein a dress Setting is user's computing device, the other is the cipher server of cipher key service system or two devices are all cipher key service systems The cipher server of system;Two devices are generated using method of the invention and use user SM2 private key dATo the number label of message M Name.
Other unaccounted particular techniques are implemented, and are it is well known that not saying certainly for those skilled in the relevant art Bright.

Claims (6)

1. a kind of SM2 digital signature generation method based on product secret division, it is characterized in that:
The method is related to two devices for being referred to as first device, second device;
Before generating digital signature, following initialization operation is carried out for two devices that digital signature generates are participated in:
Secret shadow d is distributed to first device1, secret shadow d is distributed to second device2, wherein d1、d2It is in section [1, n-1] Integer, and n be ellipse used in elliptic curve point order of a group namely SM2 crypto-operation used in SM2 crypto-operation song The rank of the basic point G of line point group;The secret shadow of two devices and the SM2 private key d of userAMeet relationship:
(1+dA)-1dAMod n=d1d2Mod n, wherein (1+dA)-1It is (1+dA) mould n multiplication it is inverse;
An integer a is randomly choosed in section [1, n-1], calculates Ga=[a] G, h=a (dA)-1Mod n, wherein G is SM2 ellipse The basic point of circular curve point group;By h to first device, second device;GaIt will be to needing G in digital signature generating processaFirst dress It sets and/or second device;
When needing the SM2 private key d using userAWhen being digitally signed for message M, two devices are counted as follows The generation of word signature:
Firstly, two devices obtain Q=[(k by interactive computing1+k2)]Gb, r=(e+x1) mod n, and obtained r, Q meets: R ≠ 0 and [r] G+Q are not the null elements of SM2 elliptic curve point group, wherein k1、k2It is first device during calculating Q, the second dress Set randomly selected integer, G in section [1, n-1] respectivelyb=[b] Ga, b is the only first device ability in section [1, n-1] The integer constant or b known are to calculate first device randomly selected integer in section [1, n-1] during Q, G is the basic point of SM2 elliptic curve point group, x1It is derived from (x1,y1)=Q, e are the Hash Values derived from user identifier and message M;
Later, first device calculates w1=d1B mod n, s1=(hk1-(b)-1R) mod n, then by w1、s1It is sent to the second dress It sets;
Finally, second device receives the w of first device1、s1Afterwards, s=d is calculated2w1(hk2+s1)mod n;(r, s) is exactly to generate The digital signature for message M.
2. the SM2 digital signature generation method according to claim 1 based on product secret division, it is characterized in that:
If b is the integer constant that the only first device in section [1, n-1] is just known, then initial before digital signature generation During change, G is calculatedb=[b] Ga, first device, second device save G respectivelyb;When being digitally signed for message M, First device and second device obtain G from the data locally saved respectivelyb
If b is to calculate first device randomly selected integer in section [1, n-1] during Q, then message M is being directed to When being digitally signed, first device randomly chooses an integer b in section [1, n-1], and G is calculatedb=[b] Ga, then By GbIt is sent to second device, thus first device and second device all obtain Gb
3. the SM2 digital signature generation method according to claim 2 based on product secret division, it is characterized in that:
When being digitally signed for message M, two devices as follows, or by such a way that such as under type is equal, Q=[(k is obtained by interactive computing1+k2)]Gb, r=(e+x1) mod n, and obtained r, Q meet: r ≠ 0 and [r] G+Q is not The null element of SM2 elliptic curve point group:
Firstly, first device and second device are respectively from the data of preservation or by calculating in real time and exchange obtains Gb
Later, first device randomly chooses an integer k in section [1, n-1]1, Q is calculated1=[k1]Gb
Second device randomly chooses an integer k in section [1, n-1]2, Q is calculated2=[k2]Gb, then by Q2It is sent to First device;
First device receives Q2Afterwards, Q=Q is calculated1+Q2, Q=[(k at this time1+k2)]Gb
First device check Q whether be SM2 elliptic curve point group null element, if so, first device reselects k1, count again Calculate Q1=[k1]Gb, recalculate Q=Q1+Q2, rejudge whether Q is null element, this process repeated, until Q is not null element; If Q is not null element, first device takes (x1,y1)=Q calculates r=(e+x1)mod n;
If r, Q for being calculated meet: r ≠ 0 and [r] G+Q are not the null elements of SM2 elliptic curve point group, and Q, r's has been calculated At;Otherwise, first device randomly chooses an integer k in section [1, n-1] again1, then recalculate Q1, Q=Q1+Q2, Rejudge whether Q is null element, and calculate r when Q is not null element, repeats this process, until r ≠ 0 and [r] G+Q is not SM2 The null element of elliptic curve point group;
Alternatively, if r=0 or [r] G+Q are the null elements of SM2 elliptic curve point group from the beginning two devices re-start Q, r together Calculating, repeat this process, until r ≠ 0 and [r] G+Q is not the null element of SM2 elliptic curve point group;
The equivalent mode, i.e., can equally obtain Q=[(k1+k2)]GbAnd r is calculated according to Q, and r, Q is made to meet r ≠ 0 and [r] G+Q is not the mode of the null element of SM2 elliptic curve point group.
4. the SM2 digital signature generation method according to claim 3 based on product secret division, it is characterized in that:
If first device when Q, r is calculated, only checks whether r is zero, does not check whether [r] G+Q is SM2 elliptic curve point The null element of group, and the calculating of Q, r are only re-started in r=0, then:
After s is calculated in second device, if checking discovery (s+r) mod n=0, the s being calculated, first device weight are abandoned An integer k is newly randomly choosed in section [1, n-1]1, recalculate Q1, Q=Q1+Q2, rejudge whether Q is null element, with And r=(e+x is calculated when Q is not null element1) mod n, second device recalculates s, this process repeated, until (s+r) mod n ≠0;
Or after s is calculated in second device, if check discovery (s+r) mod n=0, two devices together from the beginning again into The calculating of row Q, r, second device recalculate s, until n ≠ 0 (s+r) mod.
5. the SM2 digital signature generation method according to claim 4 based on product secret division, it is characterized in that:
If b is to calculate first device randomly selected integer in section [1, n-1] during Q, then k1It is to calculate Q1When Only first device of the first device in section [1, n-1] in a randomly selected integer or section [1, n-1] is The integer constant known.
6. a kind of SM2 digital signature based on SM2 digital signature generation method of any of claims 1-4 generates system System, it is characterized in that:
The system comprises two devices, wherein a device is user's computing device, the other is cipher key service system is close Code server or two devices are all the cipher servers of cipher key service system;A device in two devices is as institute The first device in SM2 digital signature generation method is stated, another device is as in the SM2 digital signature generation method Two devices;Two devices press the SM2 digital signature generation method, generate and use user SM2 private key dATo the number label of message M Name.
CN201710046710.1A 2017-01-22 2017-01-22 SM2 digital signature generation method and system based on product secret division Active CN106850229B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710046710.1A CN106850229B (en) 2017-01-22 2017-01-22 SM2 digital signature generation method and system based on product secret division

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710046710.1A CN106850229B (en) 2017-01-22 2017-01-22 SM2 digital signature generation method and system based on product secret division

Publications (2)

Publication Number Publication Date
CN106850229A CN106850229A (en) 2017-06-13
CN106850229B true CN106850229B (en) 2019-10-25

Family

ID=59119717

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710046710.1A Active CN106850229B (en) 2017-01-22 2017-01-22 SM2 digital signature generation method and system based on product secret division

Country Status (1)

Country Link
CN (1) CN106850229B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107483191B (en) * 2017-08-16 2020-04-14 浪潮集团有限公司 SM2 algorithm key segmentation signature system and method
CN107528696B (en) * 2017-09-27 2020-01-14 武汉理工大学 Method and system for generating digital signature with hidden private key secret
CN107819581B (en) * 2017-10-20 2019-10-25 武汉理工大学 Generation method and system comprising secret number and elliptic curve point
CN107623570B (en) * 2017-11-03 2020-12-04 北京无字天书科技有限公司 SM2 signature method based on addition key segmentation
CN109257176A (en) * 2018-10-18 2019-01-22 天津海泰方圆科技有限公司 Decruption key segmentation and decryption method, device and medium based on SM2 algorithm
CN110166235B (en) * 2019-05-21 2020-08-11 武汉理工大学 SM9 digital signature collaborative generation method and system for enhancing security
CN110380855B (en) * 2019-06-14 2020-07-14 武汉理工大学 SM9 digital signature generation method and system supporting multi-party cooperative enhanced security
CN112367170B (en) * 2021-01-12 2021-08-24 四川新网银行股份有限公司 Data hiding query security sharing system and method based on multi-party security calculation

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101321053A (en) * 2007-06-08 2008-12-10 华为技术有限公司 Group cipher key generating method, system and apparatus
CN102075931A (en) * 2011-01-14 2011-05-25 中国科学技术大学 Information theoretical security-based key agreement method in satellite network
CN104202163A (en) * 2014-08-19 2014-12-10 武汉理工大学 Password system based on mobile terminal
CN104243456A (en) * 2014-08-29 2014-12-24 中国科学院信息工程研究所 Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8971528B2 (en) * 2013-01-29 2015-03-03 Certicom Corp. Modified elliptic curve signature algorithm for message recovery

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101321053A (en) * 2007-06-08 2008-12-10 华为技术有限公司 Group cipher key generating method, system and apparatus
CN102075931A (en) * 2011-01-14 2011-05-25 中国科学技术大学 Information theoretical security-based key agreement method in satellite network
CN104202163A (en) * 2014-08-19 2014-12-10 武汉理工大学 Password system based on mobile terminal
CN104243456A (en) * 2014-08-29 2014-12-24 中国科学院信息工程研究所 Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Secured user"s authentication and private data storage- access scheme in cloud computing using Elliptic curve cryptography;Shilpi Singh等;《IEEE Xplore》;20150504;第2015卷;全文 *
秘密共享技术及其应用研究;庞辽军;《中国优秀博硕士学位论文全文数据库信息科技辑》;20070515;第2007卷(第5期);全文 *

Also Published As

Publication number Publication date
CN106850229A (en) 2017-06-13

Similar Documents

Publication Publication Date Title
CN106603246B (en) A kind of SM2 digital signature segmentation generation method and system
CN106549770B (en) SM2 digital signature generation method and system
CN106850229B (en) SM2 digital signature generation method and system based on product secret division
CN106850198B (en) SM2 digital signature generation method and system based on the collaboration of more devices
CN106656512B (en) Support the SM2 digital signature generation method and system of threshold cryptography
CN106603231B (en) Based on the distributed SM2 digital signature generation method and system for going secretization
US8930704B2 (en) Digital signature method and system
CN107104793B (en) A kind of digital signature generation method and system
CN110120939B (en) Encryption method and system capable of repudiation authentication based on heterogeneous system
CN106712942B (en) SM2 digital signature generation method and system based on privacy sharing
CN107968710B (en) SM9 digital signature separation interaction generation method and system
CN110932865B (en) Linkable ring signature generation method based on SM2 digital signature algorithm
US6640303B1 (en) System and method for encryption using transparent keys
CN107483205B (en) A kind of the digital signature generation method and system of the private key secret based on encryption
CN110213057B (en) SM9 digital signature collaborative generation method and system with product r parameter
CN109951292B (en) Simplified SM9 digital signature separation interaction generation method and system
CN109361519B (en) Improved secret-containing number generation method and system
CN110166235B (en) SM9 digital signature collaborative generation method and system for enhancing security
CN106850584B (en) Anonymous authentication method facing client/server network
CN107528696A (en) The digital signature generation method and system of a kind of hiding private key secret
CN104868994B (en) Method, device and system for managing cooperative key
NL1043779B1 (en) Method for electronic signing and authenticaton strongly linked to the authenticator factors possession and knowledge
CN109962783A (en) SM9 digital signature collaboration generation method and system based on progressive calculating
CN111526131B (en) Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station
CN110401524B (en) Method and system for collaborative generation of secret-containing numbers by means of homomorphic encryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant