[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN108173639A - A Two-Party Cooperative Signature Method Based on SM9 Signature Algorithm - Google Patents

A Two-Party Cooperative Signature Method Based on SM9 Signature Algorithm Download PDF

Info

Publication number
CN108173639A
CN108173639A CN201810060113.9A CN201810060113A CN108173639A CN 108173639 A CN108173639 A CN 108173639A CN 201810060113 A CN201810060113 A CN 201810060113A CN 108173639 A CN108173639 A CN 108173639A
Authority
CN
China
Prior art keywords
signature
signer
algorithm
private key
calculates
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810060113.9A
Other languages
Chinese (zh)
Other versions
CN108173639B (en
Inventor
穆永恒
徐海霞
李佩丽
马添军
付烁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Data Assurance and Communication Security Research Center of CAS
Original Assignee
Data Assurance and Communication Security Research Center of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Data Assurance and Communication Security Research Center of CAS filed Critical Data Assurance and Communication Security Research Center of CAS
Priority to CN201810060113.9A priority Critical patent/CN108173639B/en
Publication of CN108173639A publication Critical patent/CN108173639A/en
Application granted granted Critical
Publication of CN108173639B publication Critical patent/CN108173639B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种基于SM9签名算法的两方合作签名方法。本方法为:KGC将用户私钥dsA的系数t2进行乘法拆分,即t2=(a‑1)·(at2);将a‑1作为签名者A1的私钥[at2]P1作为签名者A2的私钥A1将加密后的r1发送给A2,A2对r3(r1r2‑h)加密得到c3,计算并将c3和c4发送给A1,A1通过解密得到s1=r3(r1r2‑h),但得不到r2和r3,A1计算并验证(h,S)是否为合法签名,若是,则A1和A2合作签名成功;否则,中止签名。

The invention discloses a two-party cooperative signature method based on the SM9 signature algorithm. This method is: KGC multiplies and splits the coefficient t 2 of the user's private key ds A , that is, t 2 =(a ‑1 )·(at 2 ); takes a ‑1 as the private key of signer A 1 [at 2 ]P 1 as the private key of signer A 2 A 1 sends the encrypted r 1 to A 2 , and A 2 encrypts r 3 (r 1 r 2 ‑h) to obtain c 3 , and calculates And send c 3 and c 4 to A 1 , A 1 gets s 1 = r 3 (r 1 r 2 ‑h) through decryption, but can’t get r 2 and r 3 , A 1 calculates And verify whether (h, S) is a legal signature, if so, A 1 and A 2 signed successfully; otherwise, abort the signature.

Description

一种基于SM9签名算法的两方合作签名方法A Two-Party Cooperative Signature Method Based on SM9 Signature Algorithm

技术领域technical field

本发明属于信息安全技术领域,涉及一种门限签名(两方合作签名)的方法,具体为一种基于SM9签名算法的两方合作签名方法,能够保证协议执行的安全性和整体高效性。The invention belongs to the technical field of information security, and relates to a threshold signature (two-party cooperative signature) method, specifically a two-party cooperative signature method based on an SM9 signature algorithm, which can ensure the safety and overall efficiency of protocol execution.

背景技术Background technique

1.SM9数字签名算法1. SM9 digital signature algorithm

A.Shamir在1984年提出了标识密码(Identity-Based Cryptography)的概念,在标识密码系统中,用户的私钥由密钥生成中心(KGC)根据主密钥和用户标识计算得出,用户的公钥由用户标识唯一确定,从而用户不需要通过第三方保证其公钥的真实性。与基于证书的公钥密码系统相比,标识密码系统中的密钥管理环节可以得到适当简化。A.Shamir proposed the concept of Identity-Based Cryptography in 1984. In the Identity-Based Cryptography System, the user's private key is calculated by the Key Generation Center (KGC) based on the master key and the user ID. The user's The public key is uniquely determined by the user ID, so the user does not need a third party to guarantee the authenticity of his public key. Compared with the certificate-based public key cryptosystem, the key management link in the identity cryptosystem can be appropriately simplified.

椭圆曲线对具有双线性的性质,它在椭圆曲线的循环子群与扩域的乘法循环子群之间建立了联系。1999年,K.Ohgishi、R.Sakai和M.Kasahara在日本提出了用椭圆曲线对(pairing)构造基于标识的密钥共享方案;2001年,D.Boneh和M.Franklin,以及R.Sakai、K.Ohgishi和M.Kasahara等人独立提出了用椭圆曲线对构造标识公钥加密算法。这些工作引发了标识密码的新发展,我国于2016年发布了用椭圆曲线对实现的SM9标识密码算法,包括数字签名算法、密钥交换协议、密钥封装机制和公钥加密算法等。Elliptic curve pairs have the property of bilinearity, which establishes a connection between the cyclic subgroup of elliptic curves and the multiplicative cyclic subgroup of the extended field. In 1999, K.Ohgishi, R.Sakai, and M.Kasahara proposed in Japan an identity-based key sharing scheme using elliptic curve pairs (pairing); in 2001, D.Boneh and M.Franklin, and R.Sakai, K.Ohgishi and M.Kasahara et al independently proposed a public key encryption algorithm using elliptic curve pair construction. These works have led to new developments in identification cryptography. In 2016, my country released the SM9 identification cryptography algorithm implemented with elliptic curve pairs, including digital signature algorithms, key exchange protocols, key encapsulation mechanisms, and public key encryption algorithms.

SM9数字签名算法中的系统参数包括:椭圆曲线基域Fq的参数;椭圆曲线方程参数a和b;椭圆曲线阶的素因子N和相对于N的余因子cf;椭圆曲线E(Fq)相对于N的嵌入次数k;椭圆曲线(d1整除k)的N阶循环子群G1的生成元P1;椭圆曲线(d2整除k)的N阶循环子群G2的生成元P2;双线性对e的值域为N阶乘法循环群GT。用IDA表示用户A的身份标识,M表示待签消息,则用户A产生签名的过程如下:The system parameters in the SM9 digital signature algorithm include: the parameters of the elliptic curve base domain F q ; the parameters a and b of the elliptic curve equation; the prime factor N of the elliptic curve order and the cofactor cf relative to N; the elliptic curve E(F q ) embedding number k with respect to N; elliptic curve Generator P 1 of N-th order cyclic subgroup G 1 (d 1 divisible by k); elliptic curve The generator P 2 of the Nth-order cyclic subgroup G 2 (d 2 divisible by k); the range of the bilinear pair e is the N-factorial cyclic group G T . Use ID A to represent the identity of user A, and M to represent the message to be signed, then the process for user A to generate a signature is as follows:

●密钥生成阶段● Key generation phase

1)KGC产生随机数ks∈[1,N-1],作为签名主私钥;计算G2中的元素Ppub-s=[ks]P2作为签名主公钥;1) KGC generates a random number ks∈[1,N-1] as the signature master private key; calculates the element P pub-s = [ks]P 2 in G 2 as the signature master public key;

2)KGC选择并公开用一个字节标识的签名私钥生成函数识别符hid;2) KGC selects and discloses the signature private key generation function identifier hid identified by one byte;

3)KGC在有限域FN上计算t1=H1(IDA||hid,N)+ks,若t1=0,则重新产生签名主私钥,计算和公开签名主公钥,并更新已有用户的签名私钥;否则,计算然后计算dsA=[t2]P1,作为用户签名私钥。3) KGC calculates t 1 =H 1 (ID A ||hid,N)+ks on the finite field F N , if t 1 =0, regenerates the signature master private key, calculates and discloses the signature master public key, and Update the signature private key of an existing user; otherwise, calculate Then calculate ds A =[t 2 ]P 1 as the user signature private key.

●签名阶段●Signature stage

4)计算群GT中的元素g=e(P1,Ppub-s);4) Calculate the element g=e(P 1 ,P pub-s ) in the group GT ;

5)产生随机数r∈[1,N-1];5) Generate a random number r∈[1,N-1];

6)计算群GT中的元素ω=gr6) Calculate the element ω=g r in the group GT ;

7)计算整数h=H2(M||ω,N);7) Calculate the integer h=H 2 (M||ω,N);

8)计算整数l=(r-h)modN,若l=0则返回5);8) Calculate the integer l=(r-h)modN, if l=0 then return 5);

9)计算群G1中的元素S=[l]dsA9) Calculate the element S=[l]ds A in the group G1 ;

10)消息M的签名为(h,S)。10) The signature of message M is (h, S).

注1:Hi(Z,n),i=1,2,是SM9(GM/T 0044.2-2016)中给出的一个密码函数,输入为比特串Z和整数n,输出为一个整数h∈[1,N-1]。Note 1: H i (Z,n), i=1,2, is a cryptographic function given in SM9 (GM/T 0044.2-2016), the input is a bit string Z and an integer n, and the output is an integer h∈ [1,N-1].

注2:[u]P指加法群G1、G2中元素P的u倍。Note 2: [u]P refers to u times of element P in additive groups G 1 and G 2 .

2.两方合作签名2. Signature of cooperation between the two parties

在网络环境中,需要存储、传递大量的信息,数字签名技术便是一种为保证信息传递的有效性、解决通信方之间的矛盾而产生的信息安全技术。两方合作签名是指,针对某一种签名算法,将其私钥拆分成两部分,分别由两个签名者秘密保管,每个签名者单独只能生成部分签名,必须通过交互才可以生成被原签名算法的公钥验证通过的完整签名。因此,两方合作签名是(t,n)-门限签名中t=2,n=2的一种特例。In the network environment, a large amount of information needs to be stored and transmitted. Digital signature technology is an information security technology to ensure the validity of information transmission and solve the contradictions between communicating parties. Two-party cooperative signature means that for a certain signature algorithm, its private key is split into two parts, which are kept secretly by two signers. Each signer can only generate part of the signature, which must be generated through interaction. The complete signature verified by the public key of the original signature algorithm. Therefore, the two-party cooperative signature is a special case of t=2, n=2 in the (t,n)-threshold signature.

门限签名作为门限密码学的重要研究内容,最早由Desmedt等人提出。之后基于RSA、ElGamal、Schnorr签名,DSA等的门限签名算法相继被提出。从签名的计算结构上来看,可以将签名分成两大类,一类是,随机数和私钥之间只存在加法运算。另一类是,计算过程涉及到随机数的求逆运算,以及随机数与私钥之间的乘积运算。如MacKenzie和Reiter在论文“Two-party generation of DSA Signatures”中给出的例子,分别选取Harn在论文“Group-oriented(t,n)threshold digital signature scheme and digitalmultisignature”中提出的算法(简称为Harn算法)和DSA算法作为这两类签名算法的代表进行说明。设签名算法的公共参数为<g,p,q>,公私钥对为<y=gxmodp,x>,随机数为k,待签名的消息为m。在Harn签名中,需计算s←x(hash(m))-krmodq,其中r=gkmodp,最终的签名为:(r,s)。在DSA签名中,需计算s←k-1(hash(m)+xr)modq,其中,r=gkmodp,最终的签名为:(rmodq,s)。从目前国内外的研究情况来看,基于第一类签名算法的门限签名技术比较成熟,而基于第二类签名算法的门限签名设计比较困难。As an important research content of threshold cryptography, threshold signature was first proposed by Desmedt et al. Afterwards, threshold signature algorithms based on RSA, ElGamal, Schnorr signature, DSA, etc. were proposed one after another. From the calculation structure of the signature, the signature can be divided into two categories, one is that there is only an addition operation between the random number and the private key. The other type is that the calculation process involves the inverse operation of the random number and the product operation between the random number and the private key. For example, in the examples given by MacKenzie and Reiter in the paper "Two-party generation of DSA Signatures", the algorithm proposed by Harn in the paper "Group-oriented(t,n) threshold digital signature scheme and digital multisignature" (referred to as Harn Algorithm) and DSA algorithm are described as representatives of these two types of signature algorithms. Assume that the public parameters of the signature algorithm are <g, p, q>, the public-private key pair is <y=g x modp, x>, the random number is k, and the message to be signed is m. In the Harn signature, it is necessary to calculate s←x(hash(m))-krmodq, where r=g k modp, and the final signature is: (r,s). In the DSA signature, it is necessary to calculate s←k -1 (hash(m)+xr)modq, where r=g k modp, and the final signature is: (rmodq,s). Judging from the current research situation at home and abroad, the threshold signature technology based on the first type of signature algorithm is relatively mature, but the threshold signature design based on the second type of signature algorithm is relatively difficult.

对两方合作签名的研究,有两方面的原因,一是由于上述的困难性,即基于第二类签名算法的门限签名设计比较困难,因此先研究门限签名中t=2,n=2这种特例;二是,两方合作签名适用于移动网络环境下的私钥保护,通过服务器辅助存储一部分秘密信息,并和移动终端共同完成数字签名,可以极大减小移动终端被攻破所带来的风险,t=n=2的两方合作签名算法可以兼顾移动网络环境对可用性及私钥保密的要求。There are two reasons for the research on two-party cooperative signatures. One is due to the above-mentioned difficulties, that is, the design of threshold signatures based on the second type of signature algorithm is relatively difficult. Second, the two-party cooperative signature is suitable for private key protection in the mobile network environment. The server assists in storing part of the secret information and completes the digital signature with the mobile terminal, which can greatly reduce the damage caused by the mobile terminal being compromised. risk, the two-party cooperative signature algorithm with t=n=2 can take into account the requirements of mobile network environment on usability and private key confidentiality.

Lindell在论文“Fast secure two-party ECDSA signing”中提出了可证安全且高效的基于ECDSA的两方合作签名。假设ECDSA签名中椭圆曲线点循环群的阶为q,G为其生成元,公私钥对为:(Q=x·G,x),则ECDSA签名过程如下:Lindell proposed a provably secure and efficient ECDSA-based two-party cooperative signature in the paper "Fast secure two-party ECDSA signing". Assuming that the order of the elliptic curve point cyclic group in ECDSA signature is q, G is its generator, and the public-private key pair is: (Q=x·G,x), the ECDSA signature process is as follows:

1)选择随机数k←Zq1) Select random number k←Z q ;

2)计算R=k·G;2) Calculate R=k·G;

3)计算r=rxmodq,其中,R=(rx,ry);3) Calculate r=r x modq, wherein, R=(r x , r y );

4)计算s=k-1(hash(m)+rx)modq;4) Calculate s=k -1 (hash(m)+rx) modq;

5)输出(r,s)。5) Output (r, s).

可以看出,ECDSA的签名算法虽然在步骤2)中涉及到了椭圆曲线上的倍点运算,但其最终签名本质上还是对于数的运算,即在步骤4)计算签名时,用到的r为步骤3)中取的椭圆曲线上点的横坐标;而SM9签名算法在步骤9)计算最终签名时,用到的dsA为椭圆曲线上的点,进行的是椭圆曲线上的倍点运算。对于像SM9这样,签名形式为上述第二类,且最终签名涉及到椭圆曲线上倍点运算的签名算法,因此目前已知方法中还没有对应的门限签名,甚至两方合作签名算法。本发明旨在给出基于SM9签名算法的两方合作签名方法。It can be seen that although the ECDSA signature algorithm involves the doubling operation on the elliptic curve in step 2), its final signature is essentially an arithmetic operation, that is, when calculating the signature in step 4), the r used is The abscissa of the point on the elliptic curve taken in step 3); and when the SM9 signature algorithm calculates the final signature in step 9), the ds A used is the point on the elliptic curve, and the point multiplication operation on the elliptic curve is performed. For SM9, the signature form is the second type above, and the final signature involves the signature algorithm of doubling points on the elliptic curve. Therefore, there is no corresponding threshold signature or even two-party cooperative signature algorithm in the known methods. The present invention aims to provide a two-party cooperative signature method based on the SM9 signature algorithm.

发明内容Contents of the invention

针对现有技术中存在的技术问题,本发明的目的在于提供一种基于SM9签名算法的两方合作签名方法。本算法中,用户A的私钥dsA被拆分成两部分,分别交由签名者A1和A2保管,A1和A2通过交互,可以代表用户A完成SM9签名。为了突出本发明的关键点,以及描述的简洁性,假设本算法中两个签名者都是半诚实的(本发明所述“半诚实”是指参与方诚实地执行协议,可以记录中间结果并推导有用的信息,但不能修改中间结果)。在恶意模型下,可以通过“承诺输入”、“认证计算”、“零知识证明”等手段迫使签名者按照协议要求执行,因为当其不按照协议要求执行时,将会被对方发现,从而对方可以提前中止协议。Aiming at the technical problems existing in the prior art, the purpose of the present invention is to provide a two-party cooperative signature method based on the SM9 signature algorithm. In this algorithm, user A’s private key ds A is split into two parts, which are kept by signers A 1 and A 2 respectively. Through interaction, A 1 and A 2 can complete the SM9 signature on behalf of user A. In order to highlight the key points of the present invention and the brevity of description, it is assumed that the two signers in this algorithm are semi-honest ("semi-honest" in the present invention means that the participating parties implement the agreement honestly, can record intermediate results and derive useful information, but cannot modify intermediate results). Under the malicious model, the signer can be forced to perform according to the agreement by means of "commitment input", "authenticated calculation", "zero-knowledge proof", because when it does not perform according to the agreement, it will be discovered by the other party, so that the other party The agreement may be terminated early.

假设待签名消息为M,一种安全高效的SM9两方合作签名算法,其步骤包括:Assuming that the message to be signed is M, a safe and efficient SM9 two-party cooperative signature algorithm, the steps include:

●密钥生成阶段● Key generation phase

1)密钥生成中心KGC产生一随机数ks∈[1,N-1],作为签名主私钥;计算G2中的元素Ppub-s=[ks]P2作为签名主公钥;1) The key generation center KGC generates a random number ks∈[1,N-1] as the signature master private key; calculates the element P pub-s in G 2 =[ks]P 2 as the signature master public key;

2)KGC选择并公开用一个字节标识的签名私钥生成函数识别符hid;2) KGC selects and discloses the signature private key generation function identifier hid identified by one byte;

3)KGC在有限域FN上计算t1=H1(IDA||hid,N)+ks,若t1=0,则重新产生签名主私钥,计算和公开签名主公钥,并更新已有用户的签名私钥(即用新生成的签名主私钥重新生成已有用户的签名私钥,并发送给他们);否则,计算 3) KGC calculates t 1 =H 1 (ID A ||hid,N)+ks on the finite field F N , if t 1 =0, regenerates the signature master private key, calculates and discloses the signature master public key, and Update the signature private key of the existing user (that is, use the newly generated signature master private key to regenerate the signature private key of the existing user and send it to them); otherwise, calculate

4)KGC选择随机数a∈[1,N-1],计算并将其发送给A1,计算并将其发送给A24) KGC selects a random number a∈[1,N-1], calculates and send it to A 1 , computing and send it to A 2 .

●签名阶段●Signature stage

5)A1和A2分别计算群GT中的元素g=e(P1,Ppub-s);5) A 1 and A 2 respectively calculate the element g=e(P 1 ,P pub-s ) in the group GT ;

6)A1产生随机数r1∈[1,N-1],并计算群GT中的元素 6) A 1 generates a random number r 1 ∈ [1,N-1], and calculates the elements in the group G T

7)A1选取一个公私钥对为(pk,sk)的加法同态加密算法,利用该加密算法对随机数r1进行加密得到c1,即计算c1=Encpk(r1),并将g1和c1发送给A27) A 1 selects an additive homomorphic encryption algorithm whose public-private key pair is (pk,sk), uses this encryption algorithm to encrypt the random number r 1 to obtain c 1 , that is, calculate c 1 =Enc pk (r 1 ), and send g 1 and c 1 to A 2 ;

8)A2产生随机数r2,r3∈[1,N-1],计算群GT中的元素并将g2发送给A18) A 2 generates random numbers r 2 , r 3 ∈ [1, N-1], and calculates the elements in the group G T and send g 2 to A 1 ;

9)A1计算群GT中的元素A2计算群GT中的元素 9) A 1 calculates the elements in the group G T A 2 computes the elements in the group G T

10)A1和A2分别计算整数h=H2(M||ω,N);10) A 1 and A 2 respectively calculate the integer h=H 2 (M||ω,N);

11)A2利用7)中A1选取的加法同态加密算法,对整数h进行加密得到c2,即计算c2=Encpk(h);对r3(r1r2-h)进行加密得到c3,即c3=Encpk(r3(r1r2-h))=r3(r2c1-c2)。并且,计算将c3和c4发送给A1;(注:这里的c4并不是密文,而是为了保持符号的一致性)。11) A 2 uses the additive homomorphic encryption algorithm selected by A 1 in 7) to encrypt the integer h to obtain c 2 , that is, calculate c 2 =Enc pk (h); perform r 3 (r 1 r 2 -h) Encrypt to obtain c 3 , that is, c 3 =Enc pk (r 3 (r 1 r 2 -h))=r 3 (r 2 c 1 -c 2 ). And, calculate Send c 3 and c 4 to A 1 ; (Note: c 4 here is not the ciphertext, but to maintain the consistency of symbols).

12)A1利用7)中选取的加法同态加密算法的私钥sk对c3进行解密得到:12) A 1 uses the private key sk of the additive homomorphic encryption algorithm selected in 7) to decrypt c 3 to obtain:

s1=Decsk(c3)=DecskEncpk(r3(r1r2-h))=r3(r1r2-h),s 1 = Dec sk (c 3 ) = Dec sk Enc pk (r 3 (r 1 r 2 -h)) = r 3 (r 1 r 2 -h),

然后计算 then calculate

13)A1用SM9验证算法验证(h,S)是否为合法签名,若是,则公布签名;否则,中止协议。13) A 1 uses the SM9 verification algorithm to verify whether (h, S) is a legal signature, and if so, publish the signature; otherwise, terminate the agreement.

本发明中的两方合作签名算法,从协议的执行过程可以看出,结果是正确的;并且,用基于模拟的方法可以证明该算法是安全的(协议执行过程中不泄露双方的私密信息)。在实际应用中,密钥生成阶段只需要执行一次,之后两个签名者就可以根据签名阶段的协议对任何需要签名的消息进行签名。The two-party cooperative signature algorithm in the present invention can be seen from the execution process of the agreement, and the result is correct; and the method based on simulation can prove that the algorithm is safe (the private information of both parties is not disclosed during the agreement execution process) . In practical applications, the key generation stage only needs to be executed once, and then the two signers can sign any message that needs to be signed according to the agreement in the signature stage.

与现有技术相比,本发明的积极效果为:Compared with prior art, positive effect of the present invention is:

本发明针对签名形式为上述第二类,且最终签名涉及到椭圆曲线上倍点运算的签名算法,首次给出了两方合作签名方法。其创新点在于:Aiming at the signature algorithm whose signature form is the above-mentioned second type, and the final signature involves point doubling operation on the elliptic curve, the present invention provides a two-party cooperative signature method for the first time. Its innovations are:

(1)密钥生成阶段的步骤4),将用户A的私钥通过乘法拆分,分成两部分。拆分时的技巧为,对原算法中用户A私钥dsA的系数t2进行乘法拆分,即t2=(a-1)·(at2);而保持椭圆曲线上的点P1不变。并且将a-1作为签名者A1的私钥[at2]P1作为签名者A2的私钥 (1) In step 4) of the key generation stage, the private key of user A is divided into two parts by multiplication. The splitting technique is to multiply and split the coefficient t 2 of user A’s private key ds A in the original algorithm, that is, t 2 =(a -1 )·(at 2 ); and keep the point P 1 on the elliptic curve constant. And take a -1 as the private key of signer A 1 [at 2 ]P 1 as the private key of signer A 2

(2)签名阶段的步骤7)和步骤11),A1将加密后的r1,即c1发送给A2,A2利用加法同态加密的性质,在不知道r1的情况下,可以对r3(r1r2-h)进行加密,并将加密后的结果c2发送给A1,A1通过解密可以得到r3(r1r2-h),但是得不到r2和r3。也就是说,利用加法同态加密,在保护协议双方私密信息的同时,完成了必需的计算。(2) In step 7) and step 11) of the signature phase, A 1 sends the encrypted r 1 , that is, c 1 to A 2 , and A 2 utilizes the property of additive homomorphic encryption, without knowing r 1 , It is possible to encrypt r 3 (r 1 r 2 -h), and send the encrypted result c 2 to A 1 , and A 1 can get r 3 (r 1 r 2 -h) through decryption, but not r 2 and r 3 . That is to say, using additive homomorphic encryption, the necessary calculations are completed while protecting the private information of both parties in the protocol.

(3)签名阶段的步骤11),通过计算利用椭圆曲线离散对数这一困难问题,保护了的私密性。(3) Step 11) of the signature stage, by calculating Using the difficult problem of elliptic curve discrete logarithms, the protection privacy.

本发明给出的两方合作签名算法,与原SM9签名算法相比,在签名阶段多了一个加法同态加密方案的选取,三次加、解密运算和三次乘法运算。与Lindell的基于ECDSA的两方合作签名相比,每次签名只多了一次加密运算,但是,需要注意的是,SM9签名算法本身涉及的运算要比ECDSA复杂。Compared with the original SM9 signature algorithm, the two-party cooperative signature algorithm provided by the present invention has an additional selection of an additive homomorphic encryption scheme, three addition and decryption operations and three multiplication operations in the signature stage. Compared with Lindell's ECDSA-based two-party cooperative signature, there is only one more encryption operation for each signature. However, it should be noted that the SM9 signature algorithm itself involves more complex operations than ECDSA.

附图说明Description of drawings

图1是本发明的签名阶段实例示意图。Fig. 1 is a schematic diagram of an example of the signature phase of the present invention.

具体实施方式Detailed ways

为使本发明的上述目的、特征和优点能够更加明显易懂,下面通过具体实施例和附图,对本发明做进一步说明。In order to make the above objects, features and advantages of the present invention more obvious and understandable, the present invention will be further described below through specific embodiments and accompanying drawings.

本发明的应用方式可以分为两大类。一类是用于权力分布,这时,用户标识指公司、团体或组织的标识。以公司、团体或组织名义发布的签名,需有两个签名者合作完成,即用户标识对应的用户私钥被拆分成两部分,分别由两个签名者持有,避免权力集中可能导致的腐败等问题。另一类是用于私钥保护,这时,用户标识就是指单个用户的标识,但其私钥被拆分成两部分,存储在不同的设备中,需两个设备同时在线才可以完成签名操作。下面以第一类应用方式为例进行说明。The application modes of the present invention can be divided into two categories. One type is used for power distribution, at this time, the user ID refers to the ID of a company, group or organization. The signature issued in the name of a company, group or organization requires the cooperation of two signers, that is, the user's private key corresponding to the user ID is split into two parts, which are held by the two signers respectively, to avoid potential problems caused by power concentration. corruption etc. The other type is used for private key protection. At this time, the user ID refers to the ID of a single user, but the private key is split into two parts and stored in different devices. Both devices need to be online at the same time to complete the signature operate. The following uses the first type of application mode as an example for description.

在实际应用过程中,假设公司A的标识为IDA,以该公司名义发布的签名需有两个签名者A1和A2共同完成,假设A1和A2已经拥有了各自的私钥则签名过程如下:In the actual application process, assuming that the identity of company A is ID A , the signature issued in the name of the company needs to be completed by two signers A 1 and A 2 , assuming that A 1 and A 2 already have their own private keys and Then the signing process is as follows:

1)A1和A2分别计算群GT中的元素g=e(P1,Ppub-s);1) A 1 and A 2 respectively calculate the element g=e(P 1 ,P pub-s ) in the group GT ;

2)A1产生随机数r1∈[1,N-1],并计算群GT中的元素 2) A 1 generates a random number r 1 ∈ [1,N-1], and calculates the elements in the group G T

3)A1选取Paillier加密方案(NPE,pPE,qPE),公钥为pk=NPE,私钥为sk=(pPE,qPE),计算c1=Encpk(r1),并将g1和c1发送给A23) A 1 selects the Paillier encryption scheme (N PE , p PE , q PE ), the public key is pk=N PE , the private key is sk=(p PE ,q PE ), and the calculation c 1 =Enc pk (r 1 ) , and send g 1 and c 1 to A 2 ;

4)A2产生随机数r2,r3∈[1,N-1],计算群GT中的元素并将g2发送给A14) A 2 generates random numbers r 2 , r 3 ∈ [1, N-1], and calculates the elements in the group G T and send g 2 to A 1 ;

5)A1计算群GT中的元素A2计算群GT中的元素 5) A 1 calculates the elements in the group G T A 2 computes the elements in the group G T

6)A1和A2分别计算整数h=H2(M||ω,N);6) A 1 and A 2 respectively calculate the integer h=H 2 (M||ω,N);

7)A2计算c2=Encpk(h),c3=Encpk(r3(r1r2-h))=r3(r2c1-c2),并将c3和c4发送给A17) A 2 calculates c 2 =Enc pk (h), c 3 =Enc pk (r 3 (r 1 r 2 -h)) = r 3 (r 2 c 1 -c 2 ), and send c3 and c4 to A1 ;

8)A1对c3进行解密得到s1=Decsk(c3)=DecskEncpk(r3(r1r2-h))=r3(r1r2-h),计算8) A 1 decrypts c 3 to get s 1 = Dec sk (c 3 ) = Dec sk Enc pk (r 3 (r 1 r 2 -h)) = r 3 (r 1 r 2 -h), calculate

9)A1用SM9验证算法验证(h,S)是否为合法签名,若是,则公布签名;否则,中止协议。9) A 1 uses the SM9 verification algorithm to verify whether (h, S) is a legal signature, and if so, publish the signature; otherwise, terminate the agreement.

该算法中,签名阶段比原SM9签名算法多了一个Paillier同态加密方案的选取,三次加解密运算和三次乘法运算。该算法与Lindell的基于ECDSA的两方合作签名相比,每次签名只多了一次加密运算,但是,因为SM9签名算法本身涉及的运算要比ECDSA复杂,因此,在只多一次加密运算,且该加密运算是可以快速实现的情况下,实现同等安全的两方合作签名,可以认为本发明中的算法与ECDSA两方合作签名是同等安全高效的。In this algorithm, compared with the original SM9 signature algorithm, the signature stage has one more selection of Paillier homomorphic encryption scheme, three encryption and decryption operations and three multiplication operations. Compared with Lindell's two-party cooperative signature based on ECDSA, this algorithm only needs one more encryption operation for each signature. However, because the SM9 signature algorithm itself involves more complex operations than ECDSA, there is only one more encryption operation, and Under the condition that the encryption operation can be implemented quickly, the two-party cooperative signature with the same security can be realized. It can be considered that the algorithm in the present invention and the ECDSA two-party cooperative signature are equally safe and efficient.

以上实施例仅用以说明本发明的技术方案而非对其进行限制,本领域的普通技术人员可以对本发明的技术方案进行修改或者等同替换,而不脱离本发明的精神和范围,本发明的保护范围应以权利要求书所述为准。The above embodiments are only used to illustrate the technical solution of the present invention and not to limit it. Those of ordinary skill in the art can modify or equivalently replace the technical solution of the present invention without departing from the spirit and scope of the present invention. The scope of protection should be determined by the claims.

Claims (7)

1.一种基于SM9签名算法的两方合作签名方法,其特征在于:1. A two-party cooperative signature method based on the SM9 signature algorithm, characterized in that: 1)密钥生成阶段1) Key generation phase 密钥生成中心KGC生成签名主私钥ks和签名主公钥Ppub-s;然后选择并公开签名私钥生成函数识别符hid;The key generation center KGC generates the signature master private key ks and the signature master public key P pub-s ; then selects and discloses the signature private key generation function identifier hid; 密钥生成中心KGC在有限域FN上计算t1=H1(IDA||hid,N)+ks,其中,IDA表示用户A的身份标识,N为SM9数字签名算法中椭圆曲线阶的素因子,Hi(Z,n)是SM9签名算法中给出的一个密码函数,i=1或2,输入为比特串Z和整数n;The key generation center KGC calculates t 1 =H 1 (ID A ||hid,N)+ks on the finite field F N , Among them, ID A represents the identity of user A, N is the prime factor of the elliptic curve order in the SM9 digital signature algorithm, H i (Z, n) is a cryptographic function given in the SM9 signature algorithm, i=1 or 2, The input is a bit string Z and an integer n; 密钥生成中心KGC选择随机数a,计算并将其发送给签名者A1,计算并将其发送给签名者A2;P1为N阶循环子群G1的生成元,P2为N阶循环子群G2的生成元;The key generation center KGC selects a random number a, and calculates and send it to signer A 1 , computing And send it to the signer A 2 ; P 1 is the generator of the N-order cyclic subgroup G 1 , and P 2 is the generator of the N-order cyclic subgroup G 2 ; 2)签名阶段2) Signature stage 签名者A1和签名者A2分别计算群GT中的元素g=e(P1,Ppub-s);GT为双线性对e的值域,为一N阶乘法循环群;The signer A 1 and the signer A 2 respectively calculate the element g=e(P 1 ,P pub-s ) in the group G T ; G T is the value range of the bilinear pair e, which is a cyclic group of N factorial method; 签名者A1产生随机数r1,并计算群GT中的元素然后签名者A1对r1进行加密得到c1,并将g1和c1发送给签名者A2The signer A 1 generates a random number r 1 and calculates the elements in the group G T Then signer A 1 encrypts r 1 to get c 1 , and sends g 1 and c 1 to signer A 2 ; 签名者A2产生随机数r2、r3;计算群GT中的元素并将g2发送给签名者A1Signer A 2 generates random numbers r 2 , r 3 ; calculates the elements in group G T and send g 2 to signer A 1 ; 签名者A1计算群GT中的元素签名者A2计算群GT中的元素签名者A1和A2分别计算整数h=H2(M||ω,N);Signer A 1 computes elements in group G T Signer A 2 computes elements in group G T Signers A 1 and A 2 respectively calculate the integer h=H 2 (M||ω,N); 签名者A2对r3(r1r2-h)进行加密得到c3,计算并将c3和c4发送给A1Signer A 2 encrypts r 3 (r 1 r 2 -h) to obtain c 3 , and calculates and send c3 and c4 to A1 ; 签名者A1对c3进行解密得到s1=r3(r1r2-h),计算Signer A 1 decrypts c 3 to get s 1 =r 3 (r 1 r 2 -h), calculate 签名者A1用SM9验证算法验证(h,S)是否为合法签名,若是,则签名者A1和签名者A2合作签名成功;否则,中止签名。Signer A 1 uses the SM9 verification algorithm to verify whether (h, S) is a legal signature, and if so, signer A 1 and signer A 2 cooperate to sign successfully; otherwise, abort the signature. 2.如权利要求1所述的方法,其特征在于,所述签名主私钥ks∈[1,N-1],所述签名主公钥Ppub-s=[ks]P22. The method according to claim 1, characterized in that, the signature master private key ks∈[1,N-1], the signature master public key P pub-s =[ks]P 2 . 3.如权利要求1所述的方法,其特征在于,P1为椭圆曲线的N阶循环子群G1的生成元,d1整除k;P2为椭圆曲线的N阶循环子群G2的生成元,d2整除k;k为椭圆曲线E(Fq)相对于N的嵌入次数。3. The method according to claim 1, characterized in that P 1 is an elliptic curve The generator of the N-th order cyclic subgroup G 1 , d 1 divides k; P 2 is an elliptic curve The generator of the N-order cyclic subgroup G 2 of , d 2 divides k; k is the embedding number of the elliptic curve E(F q ) relative to N. 4.如权利要求1所述的方法,其特征在于,密钥生成阶段,密钥生成中心KGC在有限域FN上计算t1=H1(IDA||hid,N)+ks;若t1=0,则重新产生签名主私钥,计算和公开签名主公钥,并更新已有签名者的签名私钥;否则,计算 4. The method according to claim 1, wherein, in the key generation stage, the key generation center KGC calculates t 1 =H 1 (ID A ||hid, N)+ks on the finite field F N ; if t 1 = 0, then regenerate the signature master private key, calculate and publish the signature master public key, and update the signature private key of the existing signer; otherwise, calculate 5.如权利要求1所述的方法,其特征在于,所述加密算法为公私钥对为(pk,sk)的加法同态加密算法。5. The method according to claim 1, wherein the encryption algorithm is an additive homomorphic encryption algorithm in which a public-private key pair is (pk, sk). 6.如权利要求1或5所述的方法,其特征在于,所述加密算法为Paillier加密算法。6. The method according to claim 1 or 5, wherein the encryption algorithm is a Paillier encryption algorithm. 7.如权利要求1所述的方法,其特征在于,随机数r1∈[1,N-1],随机数r2、r3∈[1,N-1],随机数a∈[1,N-1]。7. The method according to claim 1, characterized in that, random number r 1 ∈ [1, N-1], random number r 2 , r 3 ∈ [1, N-1], random number a ∈ [1 ,N-1].
CN201810060113.9A 2018-01-22 2018-01-22 A Two-Party Cooperative Signature Method Based on SM9 Signature Algorithm Expired - Fee Related CN108173639B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810060113.9A CN108173639B (en) 2018-01-22 2018-01-22 A Two-Party Cooperative Signature Method Based on SM9 Signature Algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810060113.9A CN108173639B (en) 2018-01-22 2018-01-22 A Two-Party Cooperative Signature Method Based on SM9 Signature Algorithm

Publications (2)

Publication Number Publication Date
CN108173639A true CN108173639A (en) 2018-06-15
CN108173639B CN108173639B (en) 2020-10-27

Family

ID=62515131

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810060113.9A Expired - Fee Related CN108173639B (en) 2018-01-22 2018-01-22 A Two-Party Cooperative Signature Method Based on SM9 Signature Algorithm

Country Status (1)

Country Link
CN (1) CN108173639B (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108667626A (en) * 2018-07-20 2018-10-16 陕西师范大学 A Secure Two-Party Collaborative SM2 Signature Method
CN109462481A (en) * 2018-11-23 2019-03-12 上海扈民区块链科技有限公司 It is a kind of that decryption method is signed based on hideing for asymmetric Bilinear map
CN109547212A (en) * 2018-12-04 2019-03-29 中国电子科技集团公司第三十研究所 A kind of Threshold Signature method based on SM2 signature algorithm
CN109728910A (en) * 2018-12-27 2019-05-07 北京永恒纪元科技有限公司 A kind of efficient thresholding distribution elliptic curve key generates and endorsement method and system
CN109981269A (en) * 2019-03-29 2019-07-05 武汉大学 A kind of safe and efficient SM9 multi-party key distribution method and device
CN110061847A (en) * 2019-04-04 2019-07-26 西安电子科技大学 The digital signature method that key distribution generates
CN110138567A (en) * 2019-05-22 2019-08-16 广州安研信息科技有限公司 A kind of collaboration endorsement method based on ECDSA
CN110166239A (en) * 2019-06-04 2019-08-23 成都卫士通信息产业股份有限公司 Private key for user generation method, system, readable storage medium storing program for executing and electronic equipment
CN110505061A (en) * 2019-09-06 2019-11-26 北京天诚安信科技股份有限公司 A kind of Digital Signature Algorithm and system
CN110798313A (en) * 2019-10-31 2020-02-14 武汉理工大学 Secret dynamic sharing-based collaborative generation method and system for number containing secret
CN110995412A (en) * 2019-12-02 2020-04-10 西安邮电大学 Certificateless Ring Signcryption Method Based on Multiplicative Group
CN111224783A (en) * 2019-11-26 2020-06-02 复旦大学 A Two-Party Elliptic Curve Digital Signature Algorithm Supporting Key Refresh
CN111740837A (en) * 2020-05-18 2020-10-02 北京三未信安科技发展有限公司 Distributed signature method and system based on SM9
CN112003698A (en) * 2020-09-07 2020-11-27 北京三未信安科技发展有限公司 SM9 collaborative digital signature method and system
CN112069547A (en) * 2020-07-29 2020-12-11 北京农业信息技术研究中心 Supply chain responsibility main body identity authentication method and system
CN112332970A (en) * 2019-08-05 2021-02-05 上海复旦微电子集团股份有限公司 Side channel analysis method, device, medium and equipment for attacking SM9 signature algorithm
CN112436938A (en) * 2020-12-04 2021-03-02 矩阵元技术(深圳)有限公司 Digital signature generation method and device and server
CN114301585A (en) * 2021-11-17 2022-04-08 北京智芯微电子科技有限公司 The use method, generation method and management system of the identification private key
CN116318738A (en) * 2023-05-18 2023-06-23 北京信安世纪科技股份有限公司 Signature method, signature system, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160294493A2 (en) * 2014-06-10 2016-10-06 PB, Inc System Architectures and Methods for Radiobeacon Data Sharing
CN107395368A (en) * 2017-08-18 2017-11-24 北京无字天书科技有限公司 Without the digital signature method in media environment and solution encapsulating method and decryption method
CN107566128A (en) * 2017-10-10 2018-01-09 武汉大学 A kind of two side's distribution SM9 digital signature generation methods and system
CN107579819A (en) * 2017-09-13 2018-01-12 何德彪 A kind of SM9 digital signature generation method and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160294493A2 (en) * 2014-06-10 2016-10-06 PB, Inc System Architectures and Methods for Radiobeacon Data Sharing
CN107395368A (en) * 2017-08-18 2017-11-24 北京无字天书科技有限公司 Without the digital signature method in media environment and solution encapsulating method and decryption method
CN107579819A (en) * 2017-09-13 2018-01-12 何德彪 A kind of SM9 digital signature generation method and system
CN107566128A (en) * 2017-10-10 2018-01-09 武汉大学 A kind of two side's distribution SM9 digital signature generation methods and system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
RASHI DHAGAT: "《New Approach of User Authentication Using Digital Signature》", 《2016 SYMPOSIUM ON COLOSSAL DATA ANALYSIS AND NETWORKING (CDAN)》 *
张秋余: "《一种基于椭圆曲线的强可验证门限阈下信道方案》", 《兰州理工大学学报》 *

Cited By (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108667626A (en) * 2018-07-20 2018-10-16 陕西师范大学 A Secure Two-Party Collaborative SM2 Signature Method
CN109462481A (en) * 2018-11-23 2019-03-12 上海扈民区块链科技有限公司 It is a kind of that decryption method is signed based on hideing for asymmetric Bilinear map
CN109547212A (en) * 2018-12-04 2019-03-29 中国电子科技集团公司第三十研究所 A kind of Threshold Signature method based on SM2 signature algorithm
CN109547212B (en) * 2018-12-04 2021-06-18 中国电子科技集团公司第三十研究所 Threshold signature method based on SM2 signature algorithm
CN109728910A (en) * 2018-12-27 2019-05-07 北京永恒纪元科技有限公司 A kind of efficient thresholding distribution elliptic curve key generates and endorsement method and system
CN109981269A (en) * 2019-03-29 2019-07-05 武汉大学 A kind of safe and efficient SM9 multi-party key distribution method and device
CN110061847B (en) * 2019-04-04 2021-05-04 西安电子科技大学 Digital Signature Method Based on Distributed Generation of Keys
CN110061847A (en) * 2019-04-04 2019-07-26 西安电子科技大学 The digital signature method that key distribution generates
CN110138567A (en) * 2019-05-22 2019-08-16 广州安研信息科技有限公司 A kind of collaboration endorsement method based on ECDSA
CN110138567B (en) * 2019-05-22 2021-11-26 广州安研信息科技有限公司 ECDSA (electronic signature system) based collaborative signature method
CN110166239B (en) * 2019-06-04 2023-01-06 成都卫士通信息产业股份有限公司 User private key generation method and system, readable storage medium and electronic device
CN110166239A (en) * 2019-06-04 2019-08-23 成都卫士通信息产业股份有限公司 Private key for user generation method, system, readable storage medium storing program for executing and electronic equipment
CN112332970A (en) * 2019-08-05 2021-02-05 上海复旦微电子集团股份有限公司 Side channel analysis method, device, medium and equipment for attacking SM9 signature algorithm
CN110505061A (en) * 2019-09-06 2019-11-26 北京天诚安信科技股份有限公司 A kind of Digital Signature Algorithm and system
CN110505061B (en) * 2019-09-06 2022-05-03 北京天诚安信科技股份有限公司 Digital signature algorithm and system
CN110798313A (en) * 2019-10-31 2020-02-14 武汉理工大学 Secret dynamic sharing-based collaborative generation method and system for number containing secret
CN111224783A (en) * 2019-11-26 2020-06-02 复旦大学 A Two-Party Elliptic Curve Digital Signature Algorithm Supporting Key Refresh
CN110995412A (en) * 2019-12-02 2020-04-10 西安邮电大学 Certificateless Ring Signcryption Method Based on Multiplicative Group
CN110995412B (en) * 2019-12-02 2020-11-10 西安邮电大学 Certificateless ring signcryption method based on multiplicative group
CN111740837B (en) * 2020-05-18 2023-07-07 三未信安科技股份有限公司 SM 9-based distributed signature method and system
CN111740837A (en) * 2020-05-18 2020-10-02 北京三未信安科技发展有限公司 Distributed signature method and system based on SM9
CN112069547B (en) * 2020-07-29 2023-12-08 北京农业信息技术研究中心 Identity authentication method and system for supply chain responsibility main body
CN112069547A (en) * 2020-07-29 2020-12-11 北京农业信息技术研究中心 Supply chain responsibility main body identity authentication method and system
CN112003698A (en) * 2020-09-07 2020-11-27 北京三未信安科技发展有限公司 SM9 collaborative digital signature method and system
CN112003698B (en) * 2020-09-07 2024-04-19 三未信安科技股份有限公司 SM9 collaborative digital signature method and system
CN112436938B (en) * 2020-12-04 2022-12-13 矩阵元技术(深圳)有限公司 Method, device and server for generating digital signature
CN112436938A (en) * 2020-12-04 2021-03-02 矩阵元技术(深圳)有限公司 Digital signature generation method and device and server
CN114301585A (en) * 2021-11-17 2022-04-08 北京智芯微电子科技有限公司 The use method, generation method and management system of the identification private key
CN114301585B (en) * 2021-11-17 2024-01-05 北京智芯微电子科技有限公司 Identification private key using method, generation method and management system
CN116318738A (en) * 2023-05-18 2023-06-23 北京信安世纪科技股份有限公司 Signature method, signature system, electronic equipment and storage medium
CN116318738B (en) * 2023-05-18 2023-09-05 北京信安世纪科技股份有限公司 Signature method, signature system, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN108173639B (en) 2020-10-27

Similar Documents

Publication Publication Date Title
CN108173639B (en) A Two-Party Cooperative Signature Method Based on SM9 Signature Algorithm
CN108989053B (en) Method for realizing certificateless public key cryptosystem based on elliptic curve
CN111106936B (en) SM 9-based attribute encryption method and system
Baek et al. Identity-based threshold decryption
Wu et al. A new efficient certificateless signcryption scheme
CN110830236B (en) Identity-based encryption method based on global hash
Chow et al. Identity-based online/offline key encapsulation and encryption
Shim Breaking the short certificateless signature scheme
CN109873699B (en) Revocable identity public key encryption method
CN103746811B (en) Anonymous signcryption method from identity public key system to certificate public key system
CN104168114A (en) Distributed type (k, n) threshold certificate-based encrypting method and system
CN104868993A (en) Two-side authentication key negotiation method and system based on certificate
Yao et al. A light-weight certificate-less public key cryptography scheme based on ECC
CN110113150A (en) The encryption method and system of deniable authentication based on no certificate environment
Liu et al. Short and efficient certificate-based signature
CN104767611A (en) A Signcryption Method from Public Key Infrastructure Environment to Certificateless Environment
Li et al. Practical identity-based signature for wireless sensor networks
CN107682158B (en) A Managed Authenticated Encryption Method
Swapna et al. Efficient identity based aggregate signcryption scheme using bilinear pairings over elliptic curves
Mokhtarnameh et al. An enhanced certificateless authenticated key agreement protocol
CN103269272A (en) A key encapsulation method based on short-term certificate
Oh et al. How to solve key escrow and identity revocation in identity-based encryption schemes
Xu et al. An ID-based blind signature from bilinear pairing with unlinkability
Verma et al. An efficient signcryption algorithm using bilinear mapping
Islam Identity-based encryption and digital signature schemes using extended chaotic maps

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20201027

Termination date: 20220122

CF01 Termination of patent right due to non-payment of annual fee