[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN100440776C - Elliptic Curve Signature and Verification Signature Method and Device - Google Patents

Elliptic Curve Signature and Verification Signature Method and Device Download PDF

Info

Publication number
CN100440776C
CN100440776C CNB021547165A CN02154716A CN100440776C CN 100440776 C CN100440776 C CN 100440776C CN B021547165 A CNB021547165 A CN B021547165A CN 02154716 A CN02154716 A CN 02154716A CN 100440776 C CN100440776 C CN 100440776C
Authority
CN
China
Prior art keywords
signature
function
certifying
value
curve
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
CNB021547165A
Other languages
Chinese (zh)
Other versions
CN1505313A (en
Inventor
陈建华
汪朝晖
李莉
涂航
崔竞松
彭蓉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING HUADA INFOSEC TECHNOLOGY Ltd
Original Assignee
BEIJING HUADA INFOSEC TECHNOLOGY Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING HUADA INFOSEC TECHNOLOGY Ltd filed Critical BEIJING HUADA INFOSEC TECHNOLOGY Ltd
Priority to CNB021547165A priority Critical patent/CN100440776C/en
Publication of CN1505313A publication Critical patent/CN1505313A/en
Application granted granted Critical
Publication of CN100440776C publication Critical patent/CN100440776C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Landscapes

  • Computer And Data Communications (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本发明是一种椭圆曲线签名方法。其中发送方公开系统参数及其公钥YA,然后生成随机数k,将k与曲线的基点G进行椭圆曲线点乘运算,得到曲线上的点kG,使用函数d将得到的点kG和明文m进行运算,得到r=d(m,kG);函数f0,f1,g0,g1皆为r的函数,使用函数f0,f1,g0,g1和随机数以及私钥xA求解方程f0(r)+f1(r)s=k-xA(g0(r)+g1(r)s)解得s=(k-xAg0(r)-f0(r))(f1(r)+xAg1(r))-1;接收方接收使用发送方的公钥YA、椭圆曲线基点G以及函数f0,f1,g0,g1计算得到P=(f0(r)+f1(r)s)G+(g0(r)+g1(r)s)YA,使用函数d’计算m’=d’(r,P);将计算得到的m’和接收到的m进行比较;其中上述的函数d和函数d’必须具有以下性质:设函数d形为D=d(x,y),从函断d可以推得y=d’(x,D)。本发明可以缩短具有相同安全强度的签名的长度,加快签名速度。

Figure 02154716

The invention is an elliptic curve signature method. The sender discloses the system parameters and its public key Y A , then generates a random number k, and performs elliptic curve point multiplication operation on k and the base point G of the curve to obtain the point kG on the curve, and uses the function d to combine the obtained point kG with the plaintext m operation, get r=d(m, kG); function f 0 , f 1 , g 0 , g 1 are all functions of r, use function f 0 , f 1 , g 0 , g 1 and random number and private Key x A solves the equation f 0 (r)+f 1 (r)s=kx A (g 0 (r)+g 1 (r)s) to get s=(kx A g 0 (r)-f 0 ( r))(f 1 (r)+x A g 1 (r)) -1 ; the receiver uses the sender's public key Y A , elliptic curve base point G and functions f 0 , f 1 , g 0 , g 1 Calculate P=(f 0 (r)+f 1 (r)s)G+(g 0 (r)+g 1 (r)s)Y A , use the function d' to calculate m'=d'(r, P ); compare the calculated m' with the received m; wherein the above-mentioned function d and function d' must have the following properties: if the function d is D=d(x, y), it can be deduced from the function that d Obtain y=d'(x, D). The invention can shorten the length of the signature with the same security strength and speed up the signature speed.

Figure 02154716

Description

椭圆曲线签名和验证签名方法和装置 Elliptic Curve Signature and Verification Signature Method and Device

技术领域 technical field

本发明涉及数据签名和验证签名,是利用椭圆曲线离散对数问题的签名和验证签名方法。The invention relates to a data signature and a verification signature, which is a signature and a verification signature method using the discrete logarithm problem of an elliptic curve.

背景技术 Background technique

密码系统分为对称密码系统和非对称密码系统。Cryptographic systems are divided into symmetric cryptosystems and asymmetric cryptosystems.

对称密码有时也叫传统密码算法,就是加密密钥能够从解密密要中推算出来,反之也成立。在大多数算法中,加/解密密钥是相同的。这些算法也叫秘密密钥算法或单密钥算法,它要求发送者和接收者在安全通信之前,协商一个密钥。对称密码的安全性依赖于密钥,泄密密钥就意味着任何人都能对消息进行加/解密。所以,虽然对称密码的速度很快,但是如何将密钥安全分发给合法使用者却是一个问题。Symmetric ciphers are sometimes called traditional cipher algorithms, that is, the encryption key can be deduced from the decryption key, and vice versa. In most algorithms, the encryption/decryption key is the same. These algorithms, also called secret-key algorithms or single-key algorithms, require the sender and receiver to agree on a key before communicating securely. The security of symmetric cryptography depends on the key, and leaking the key means that anyone can encrypt/decrypt messages. Therefore, although the speed of symmetric encryption is very fast, how to securely distribute the key to legitimate users is a problem.

在专利“密码设备和方法”(“CRYPTOGRAPHIC APPARATUS METHOD”,专利号:US4200770)中给出了一个可以在公开信道中交换密钥的方法和设备,这个方法称为公开密钥交换或称为Diffie-Hellman密钥交换方法。该专利使得通信双方使用一个模幂函数协商和传递他们的秘密信息。攻击者要想获得传递的秘密信息,必须解决离散对数问题。如果使用的参数足够大,解离散对数问题是个难解的问题。In the patent "cryptographic equipment and method" ("CRYPTOGRAPHIC APPARATUS METHOD", patent number: US4200770), a method and equipment that can exchange keys in an open channel are given. This method is called public key exchange or Diffie- Hellman key exchange method. The patent enables communicating parties to negotiate and transfer their secret information using a modular exponentiation function. If an attacker wants to obtain the secret information passed, he must solve the discrete logarithm problem. Solving the discrete logarithm problem is an intractable problem if the parameters used are large enough.

公钥密码,又称非对称密码,则可以有效的解决上述身份验证的问题。公钥密码与只使用一个密钥的对称密码不同,公钥密码学是非对称的,它使用两个独立但有着某种数学联系的密钥:公钥和私钥。这样通信中的接收者保密其私钥,公开其公钥。公钥密码中的最重要的进展就是数字签名,通过公钥密码实现数字签名可以有效的解决上述身份验证的问题。用户A在向B发送信息之前,使用自己的私钥对该信息进行数字签名,用户B在接收到A发送的信息后,使用A公开的公钥验证A的签名,因为只有A拥有其私钥,这就保证了B所收到的信息确实来自于A,并且没有被篡改过,同时也证实了A的身份。Public key cryptography, also known as asymmetric cryptography, can effectively solve the above authentication problems. Public-key cryptography is different from symmetric cryptography that uses only one key. Public-key cryptography is asymmetric. It uses two independent but mathematically related keys: a public key and a private key. In this way, the receiver in the communication keeps its private key secret and discloses its public key. The most important progress in public key cryptography is digital signature, which can effectively solve the above-mentioned identity verification problems by implementing digital signature through public key cryptography. Before user A sends information to B, he uses his own private key to digitally sign the information. After receiving the information sent by A, user B uses A's public key to verify A's signature, because only A has its private key. , which ensures that the information received by B is indeed from A and has not been tampered with, and also confirms A's identity.

专利“密码通信系统和方法”(“CRYPTOGRAPHIC COMMUNICATIONSSYSTEM AND METHOD”,专利号:US4405829)提出了Rivest,Shamir和Adleman发明的一种公钥密码方法--RSA。RSA公钥密码方法的安全性基于大整数因子分解问题的难解性。但随着目前对安全性要求的不断提高,对RSA密钥长度的要求也越来也高。The patent "CRYPTOGRAPHIC COMMUNICATIONS SYSTEM AND METHOD" ("CRYPTOGRAPHIC COMMUNICATIONS SYSTEM AND METHOD", patent number: US4405829) proposes a public key encryption method invented by Rivest, Shamir and Adleman - RSA. The security of the RSA public key cryptography method is based on the intractability of the factorization problem of large integers. However, with the continuous improvement of the current security requirements, the requirements for the length of the RSA key are also getting higher and higher.

Taher ElGamal提出了一种基于欧拉算法的公钥数字签名机制。在这个机制中,发送方A使用模幂函数隐藏私钥x,计算y=gx mod p,并将公钥y公开。接收方B利用私钥进行签名,而B利用A的公钥来验证签名,具体算法如下:Taher ElGamal proposed a public key digital signature mechanism based on Euler's algorithm. In this mechanism, the sender A uses a modular exponentiation function to hide the private key x, calculates y=g x mod p, and makes the public key y public. Receiver B uses the private key to sign, and B uses A's public key to verify the signature. The specific algorithm is as follows:

1、预处理过程:获得签名所需要的各项参数1. Preprocessing process: obtaining the parameters required for the signature

1.1:确定有限域GF(p),即确定素数p;1.1: Determine the finite field GF(p), that is, determine the prime number p;

1.2:确定生成元g;1.2: Determine the generator g;

1.3:选取随机数xA,使得1≤xA≤p-1,将xA作为签名密钥,即私钥;1.3: Select a random number x A so that 1≤x A ≤p-1, and use x A as the signature key, that is, the private key;

1.4:计算 y A = g x A , yA作为公钥,用来验证签名;1.4: Calculation the y A = g x A , y A is used as the public key to verify the signature;

1.6:公开参数g,p,和公钥yA1.6: Public parameters g, p, and public key y A .

2、签名过程:2. Signature process:

2.1:发送方公开参数g,p,和公钥yA2.1: The sender publicizes parameters g, p, and public key y A ;

2.2:生成随机数k,其中1≤k≤p-1,利用模幂函数计算得到r=gk2.2: Generate a random number k, where 1≤k≤p-1, and use the modular exponentiation function to calculate r=g k ;

2.3:对于明文m计算:s=k-1(m-xr)mod p;2.3: Calculation for plaintext m: s=k -1 (m-xr) mod p;

2.4:上述获得的(r,s)即为发送方对明文m的签名,发送方将(r,s)以及明文m发送给接收方。2.4: The (r, s) obtained above is the signature of the sender on the plaintext m, and the sender sends (r, s) and the plaintext m to the receiver.

3、验证过程:3. Verification process:

3.1:接收方B接收到明文m以及其签名(r,s);3.1: Receiver B receives plaintext m and its signature (r, s);

3.2:根据已知参数p,g和A的公钥yA,判断yA rrsmod p是否等于gm mod p,如果是,则验证通过,否则,验证失败3.2: According to the known parameters p, g and the public key y A of A , judge whether y A r r s mod p is equal to g m mod p, if yes, the verification passes, otherwise, the verification fails

4、结束。4. End.

此方法随后被称之为数字签名算法(DSA)。This method is subsequently referred to as Digital Signature Algorithm (DSA).

与ElGamal数字签名机制相关的数学基础相当复杂,且签名长度相当长。美国专利“在数据交换系统中生成和验证电子签名以及识别签名的方法”(“Method for Identifying Subscribers and for Generatingand Verifying Electronic Signatures in a Data Exchange System”专利号US4,995,082)中,提出了一种安全的生成较短数字签名的方法,其基础是其它具有较低复杂度的数学方法。The mathematical basis related to the ElGamal digital signature mechanism is quite complicated, and the signature length is quite long. In the US patent "Method for Identifying Subscribers and for Generating and Verifying Electronic Signatures in a Data Exchange System" ("Method for Identifying Subscribers and for Generating and Verifying Electronic Signatures in a Data Exchange System" Patent No. US4,995,082), a security The method of generating shorter digital signatures is based on other mathematical methods with lower complexity.

在美国专利“数字签名算法”(“Digital Signature Algorithm”专利号US5,231,668)中,在保持相同数学复杂度的情况下,缩短了ElGamal数字签名的长度。In the US patent "Digital Signature Algorithm" ("Digital Signature Algorithm" Patent No. US5,231,668), the length of the ElGamal digital signature is shortened while maintaining the same mathematical complexity.

随后,瑞士的Rueppel和澳大利亚的Nyberg在美国获得了专利“数字签名方法和密钥交换方法”(“Digital Signature Method and KeyAgreement Method”专利号US5,600,725),该专利中的签名方法具有签名、验证速度快和消息恢复的功能。其具体的签名验证过程如下:Subsequently, Rueppel of Switzerland and Nyberg of Australia obtained the patent "Digital Signature Method and Key Agreement Method" ("Digital Signature Method and KeyAgreement Method" Patent No. US5,600,725) in the United States. Fast speed and message recovery function. The specific signature verification process is as follows:

1、预处理过程:获得签名所需要的各项参数1. Preprocessing process: obtaining the parameters required for the signature

1.1:确定有限域GF(p);1.1: Determine the finite field GF(p);

1.2:确定生成元g;1.2: Determine the generator g;

1.3:选取随机数xA,使得1≤xA≤p-1,将xA作为用户私钥;1.3: Select a random number x A so that 1≤x A ≤p-1, and use x A as the user's private key;

1.4:计算 y A = g x A mod p , yA作为用户公钥;1.4: Calculation the y A = g x A mod p , y A is used as the user public key;

1.6:公开g,p和公钥yA1.6: Publicly g, p and public key y A .

2、签名过程:2. Signature process:

2.1:获取签名消息m;2.1: Obtain the signature message m;

2.2:签名者生成随机数k,其中1≤k≤p-1,利用模幂函数计算r=mg-k mod p;2.2: The signer generates a random number k, where 1≤k≤p-1, and uses the modular exponentiation function to calculate r=mg -k mod p;

2.3:计算s=k-xr mod p;2.3: Calculate s=k-xr mod p;

2.4:签名者将消息m和其签名(r,s)发送给接收方。2.4: The signer sends the message m and its signature (r, s) to the receiver.

3、验证过程:3. Verification process:

3.1:接收方接收到消息m和其签名(r,s);3.1: The receiver receives the message m and its signature (r, s);

3.2:根据已知参数p,g,yA,判断gsyA rrmod p是否等于m(modp),如果相等,则验证通过,否则,验证失败;3.2: According to the known parameters p, g, y A , judge whether g s y A r mod p is equal to m(modp), if they are equal, the verification passes, otherwise, the verification fails;

4、结束。4. End.

1985年Neal Koblitz和Victor Miller分别提出将椭圆曲线用于公钥密码系统,并用椭圆曲线实现了已存在的公钥密码算法。基于椭圆曲线离散对数问题难解性的密码算法被称为椭圆曲线密码算法(Elliptic Curve Cryptography简称ECC),成为被国际密码界所广泛接受的公钥密码算法。In 1985, Neal Koblitz and Victor Miller respectively proposed the use of elliptic curves for public key cryptosystems, and implemented existing public key cryptographic algorithms with elliptic curves. The cryptographic algorithm based on the insolvability of the discrete logarithm problem of elliptic curves is called Elliptic Curve Cryptography (ECC for short), and has become a public key cryptographic algorithm widely accepted by the international cryptographic community.

随后,上文提及的DSA签名机制和NR签名机制陆续被移植到椭圆曲线上,成为ECDSA签名算法和ECNR签名算法,使得签名机制所基于的数学难题,从离散对数问题难解性提升为基于椭圆曲线离散对数问题难解性。Subsequently, the DSA signature mechanism and NR signature mechanism mentioned above were transplanted to the elliptic curve one after another, becoming the ECDSA signature algorithm and the ECNR signature algorithm, which made the mathematical problem on which the signature mechanism is based improved from the discrete logarithm problem to Intractability of discrete logarithm problems based on elliptic curves.

发明内容 Contents of the invention

本发明的目的在于提出一种新的椭圆曲线签名方法。该签名方法基于椭圆曲线离散对数问题,该问题在数学上具有更高的复杂性,因而具有单位安全强度更高的特点,即可以大大缩短具有相同安全强度的数字签名的长度,加快签名速度,从而更能够满足移动通讯等受限环境的需求;而且该签名算法能够通过参数的选择构造出比DSA数字签名算法在椭圆曲线上的应用ECDSA椭圆曲线数字签名算法更加高效的算法,还能使该算法具有消息恢复的功能,使得用户即使不传递被签名的消息也能进行签名验证。The purpose of the present invention is to propose a new elliptic curve signature method. The signature method is based on the elliptic curve discrete logarithm problem, which has higher complexity in mathematics, so it has the characteristics of higher unit security strength, that is, it can greatly shorten the length of digital signatures with the same security strength and speed up the signature. , so that it can better meet the needs of restricted environments such as mobile communications; and the signature algorithm can construct a more efficient algorithm than the application of the DSA digital signature algorithm on the elliptic curve through the selection of parameters. ECDSA elliptic curve digital signature algorithm can also make This algorithm has the function of message recovery, so that users can perform signature verification even if they do not deliver signed messages.

本发明提供了一种签名和验证签名方法,系统首先确定有限域GF(q),选取椭圆曲线方程E;选取椭圆曲线的基点G,并计算有限域上椭圆曲线点群的阶N。发送方A作为签名者,利用这些系统参数生成自己的私钥xA,其中1≤xA≤N-1,然后利用基点G计算点乘得到椭圆曲线上的点YA=xAG作为公钥。发送者A对于明文m的签名过程步骤以下:The invention provides a method for signature and signature verification. The system first determines the finite field GF(q), selects the elliptic curve equation E; selects the base point G of the elliptic curve, and calculates the order N of the elliptic curve point group on the finite field. The sender A, as the signer, uses these system parameters to generate its own private key x A , where 1≤x A ≤N-1, and then uses the base point G to calculate the point product to obtain the point Y A = x A G on the elliptic curve as the public key key. The steps of sender A’s signature process for plaintext m are as follows:

首先,发送方A公开系统参数及其公钥YA,然后生成随机数k,使得k落在区间[1,N-1]上,将k与曲线的基点G进行椭圆曲线点乘运算,得到曲线上的点kG;使用函数d将得到的点kG和明文m进行运算,其中保证无法从d中获取k的值,得到r=d(m,kG)。函数f0,f1,g0,g1皆为r的函数,使用函数f0,f1,g0,g1和随机数以及私钥xA求解方程f0(r)+f1(r)s=k-xA(g0(r)+g1(r)s)解得s=(k-xAg0(r)-f0(r))(f1(r)+xAg1(r))-1,这样得到的(r,s)即为A对明文m的签名。发送者A将明文m和其签名(r,s)发送给B。First, the sender A discloses the system parameters and its public key Y A , and then generates a random number k so that k falls on the interval [1, N-1], and performs elliptic curve point multiplication between k and the base point G of the curve to obtain The point kG on the curve; use the function d to calculate the obtained point kG and the plaintext m, where it is guaranteed that the value of k cannot be obtained from d, and r=d(m, kG) is obtained. Functions f 0 , f 1 , g 0 , g 1 are all functions of r, use functions f 0 , f 1 , g 0 , g 1 and random numbers and private key x A to solve equation f 0 (r)+f 1 ( r)s=kx A (g 0 (r)+g 1 (r)s) to solve s=(kx A g 0 (r)-f 0 (r))(f 1 (r)+x A g 1 (r)) -1 , the obtained (r, s) is A's signature on the plaintext m. Sender A sends plaintext m and its signature (r, s) to B.

接收方B接收到明文m和其签名(r,s),首先使用公钥YA、椭圆曲线基点G以及函数f0,f1,g0,g1计算得到P=(f0(r)+f1(r)s)G+(g0(r)+g1(r)s)YA,使用函数d’计算m’=d’(r,P)。将计算得到的m’和接收到的m进行比较,如果相同则签名合法,同时m’是从签名结果中恢复得到的明文,如果不同则签名非法。Receiver B receives the plaintext m and its signature (r, s), first uses the public key Y A , the elliptic curve base point G and the functions f 0 , f 1 , g 0 , g 1 to calculate P=(f 0 (r) +f 1 (r)s)G+(g 0 (r)+g 1 (r)s)Y A , using function d' to calculate m'=d'(r,P). Compare the calculated m' with the received m. If they are the same, the signature is legal. At the same time, m' is the plaintext recovered from the signature result. If they are different, the signature is illegal.

其中上述的函数d和函数d’必须具有以下性质:设函数d形为D=d(x,y),从函数d可以推得y=d’(x,D),这样得到的函数d可以在上述签名和验证过程中有效的隐藏明文信息和随机数信息;函数d’可以在上述验证过程中恢复得到隐藏的明文信息。Wherein the above-mentioned function d and function d' must have the following properties: let the function d form be D=d(x, y), can deduce y=d'(x, D) from function d, the function d obtained like this can be Effectively hide the plaintext information and random number information in the above-mentioned signature and verification process; the function d' can recover the hidden plaintext information in the above-mentioned verification process.

根据本发明的另一个方面,提供一种采用所述椭圆曲线签名和验证签名方法的签名和验证签名的装置,;According to another aspect of the present invention, there is provided a device for signing and verifying signatures using the elliptic curve signature and verifying signature method;

附图说明 Description of drawings

图1是本发明签名过程的流程图。Fig. 1 is a flowchart of the signature process of the present invention.

图2是本发明验证签名过程的流程图。Fig. 2 is a flow chart of the verification signature process of the present invention.

图3是本发明的签名和验证签名装置的方框图。Fig. 3 is a block diagram of the signing and verifying signature apparatus of the present invention.

具体实施方式 Detailed ways

图1示出本发明的签名过程的流程图。Fig. 1 shows a flowchart of the signature process of the present invention.

在步骤101,接收方A公开其公钥YA和系统参数:曲线E、椭圆曲线点群的基点G、椭圆曲线点群的阶N;In step 101, receiver A discloses its public key Y A and system parameters: curve E, base point G of elliptic curve point group, order N of elliptic curve point group;

在步骤102,接收方A生成随机数k,其中1≤k≤N-1,其中N为椭圆曲线的点群的阶;In step 102, receiver A generates a random number k, where 1≤k≤N-1, where N is the order of the point group of the elliptic curve;

在步骤103,将k与基点G作椭圆曲线的点乘运算,得到曲线上的点kG;In step 103, k and the base point G are used for the point product operation of the elliptic curve to obtain the point kG on the curve;

在步骤104,获取明文m。当实际消息的长度比可以签名的消息长度长时,消息m可以用Hash函数h(m)的结果替换,即使用私钥对消息m的Hash值h(m)进行签名;在验证时,将接收的消息m先Hash得到h(m),再使用h(m)验证签名;In step 104, the plaintext m is obtained. When the length of the actual message is longer than the length of the message that can be signed, the message m can be replaced by the result of the Hash function h(m), that is, the private key is used to sign the Hash value h(m) of the message m; during verification, the The received message m first Hash to get h(m), and then use h(m) to verify the signature;

在步骤105,使用函数d对步骤104中获取的明文m和kG进行运算,得到r=d(m,kG)。其中函数d必须具有以下性质:设d函数形为D=d(x,y),从函数d可以推得函数d’,有y=d’(x,D),这样得到的d函数可以在上述签名和验证过程中有效的隐藏明文信息和随机数信息;d’函数可以在下述验证过程步骤204中恢复得到隐藏的明文信息;In step 105, the plaintext m and kG acquired in step 104 are calculated by using the function d to obtain r=d(m, kG). Among them, the function d must have the following properties: let the d function form be D=d(x, y), the function d' can be deduced from the function d, and there is y=d'(x, D), and the d function obtained in this way can be obtained in Effectively hide plaintext information and random number information in the above-mentioned signature and verification process; the d' function can recover and obtain hidden plaintext information in the following verification process step 204;

在步骤106,使用函数d对步骤104中获取的明文m和P进行运算,得到r=d(m,P)。使用r的函数f0,f1,g0,g1和随机数以及私钥xA求解方程f0(r)+f1(r)s=k-xA(g0(r)+g1(r)s)解得s=(k-xAg0(r)-f0(r))In step 106, the plaintext m and P acquired in step 104 are calculated by using the function d to obtain r=d(m, P). Use r's functions f 0 , f 1 , g 0 , g 1 and random numbers and private key x A to solve the equation f 0 (r)+f 1 (r)s=kx A (g 0 (r)+g 1 ( r)s) get s=(kx A g 0 (r)-f 0 (r))

(f1(r)+xAg1(r))-1(f 1 (r)+x A g 1 (r)) -1 ,

在步骤107,在发送签名结果之前,必须判断得到的签名r和s是否为零,如果为零,则必须跳至步骤102,重新选择随机数k,重新对明文m进行签名;In step 107, before sending the signature result, it must be judged whether the obtained signature r and s are zero, if they are zero, then it is necessary to skip to step 102, re-select the random number k, and re-sign the plaintext m;

在步骤108,当步骤107中得到的r和s不为零,则得到了A对明文m的签名结果(r,s)。发送者A将明文m和其签名(r,s)发送给B。In step 108, when the r and s obtained in step 107 are not zero, then the signature result (r, s) of A on the plaintext m is obtained. Sender A sends plaintext m and its signature (r, s) to B.

至此,签名过程结束。At this point, the signing process is over.

图2示出本发明的验证签名过程的流程图。Fig. 2 shows a flowchart of the verification signature process of the present invention.

在步骤201,接收方B接收到A发送的明文m和签名(r,s);In step 201, receiver B receives plaintext m and signature (r, s) sent by A;

在步骤202,B获取系统参数和A的公钥YAIn step 202, B obtains system parameters and A's public key Y A ;

在步骤203,B使用公钥YA、椭圆曲线基点G以及函数f0,f1,g0,g1计算得到P=(f0(r)+f1(r)s)G+(g0(r)+g1(r)s)YAIn step 203, B calculates P=(f 0 ( r ) +f 1 ( r)s)G+( g 0 (r)+g 1 (r)s) Y A ;

在步骤204,B使用函数d’计算m’=d’(r,P);In step 204, B uses the function d' to calculate m'=d'(r, P);

在步骤205,B将步骤204中得到的m’和接收到的m进行比较,如果相等,则至步骤206,如果不相等,则至步骤207;In step 205, B compares the m' obtained in step 204 with the received m, if they are equal, then go to step 206, if not equal, then go to step 207;

在步骤206,m’和接收到的m相等,验证通过,签名合法;In step 206, m' is equal to the received m, the verification is passed, and the signature is legal;

在步骤206,m’和接收到的m不相等,签名非法。In step 206, m' is not equal to the received m, and the signature is invalid.

至此,验证签名过程结束。At this point, the signature verification process is over.

在步骤104,当实际消息的长度比可以签名的消息长度长时,消息m可以用Hash函数h(m)的结果替换,即对消息m的Hash值h(m)进行签名;在验证步骤201中,将接收的消息m先使用Hash函数处理得到h(m),再对h(m)验证签名。In step 104, when the length of the actual message is longer than the length of the message that can be signed, the message m can be replaced with the result of the Hash function h (m), that is, the Hash value h (m) of the message m is signed; in the verification step 201 In this method, the received message m is first processed using the Hash function to obtain h(m), and then the signature is verified for h(m).

如果在签名的消息m中嵌入填充(Padding)信息,则在发送签名时可以不发送消息m,而只发送签名(r,s);在验证时,利用签名(r,s)恢复出消息m,然后利用填充(Padding)信息验证签名的真实性和完整性。If the padding information is embedded in the signed message m, the message m may not be sent when the signature is sent, but only the signature (r, s) is sent; during verification, the message m is recovered using the signature (r, s) , and then use the padding (Padding) information to verify the authenticity and integrity of the signature.

在步骤105中的函数d和步骤204的函数d’必须具有以下性质:设d函数形为D=d(x,y),从函数d可以推得y=d’(x,D),这样得到的d函数可以在上述签名和验证过程中有效的隐藏明文信息和随机数信息;d’函数可以在上述验证过程中恢复得到隐藏的明文信息。d和d’可以包含如下形式:Function d in step 105 and the function d' of step 204 must have the following properties: let d function shape be D=d(x, y), can deduce y=d'(x, D) from function d, like this The obtained d function can effectively hide plaintext information and random number information in the above-mentioned signature and verification process; the d' function can recover and obtain hidden plaintext information in the above-mentioned verification process. d and d' can contain the following forms:

a)d(m,kG)可以取值为:d(m,kG)=m(kG)x=r,则 d , ( r , P ) = r P x - 1 = m , 其中(kG)X和PX分别指的是取点kG和P的横坐标;a) d(m, kG) can be taken as: d(m, kG)=m(kG) x =r, then d , ( r , P ) = r P x - 1 = m , Wherein (kG) X and P X refer to the abscissas of points kG and P respectively;

b)d(m,kG)可以取值为:d(m,kG)=m(kG)y=r,则 d , ( r , P ) = r P y - 1 = m , 其中(kG)x和Px分别指的是取点kG和P的纵坐标;b) d(m, kG) can take the value: d(m, kG) = m(kG) y = r, then d , ( r , P ) = r P the y - 1 = m , Wherein (kG) x and P x refer to the vertical coordinates of points kG and P respectively;

c)d(m,kG)可以取值为: d ( m , kG ) = m ⊕ ( kG ) x = r , d , ( r , P ) = m , 其中

Figure C0215471600138
运算也可以使用
Figure C0215471600139
运算来代替;c)d(m, kG) can take the following values: d ( m , kG ) = m ⊕ ( kG ) x = r , but d , ( r , P ) = m , in
Figure C0215471600138
Operations can also use
Figure C0215471600139
operation instead of

d)d(m,kG)可以取值为: d ( m , kG ) = m ⊕ ( kG ) y = r , d , ( r , P ) = r ⊕ P y = m , 其中

Figure C02154716001313
运算也可以使用
Figure C02154716001314
运算来代替;d) d(m, kG) can take the following values: d ( m , kG ) = m ⊕ ( kG ) the y = r , but d , ( r , P ) = r ⊕ P the y = m , in
Figure C02154716001313
Operations can also use
Figure C02154716001314
operation instead of

e)d(m,kG)可以取值为:d(m,kG)=(m+(kG)x)mod N=r,则d’(r,P)=(r-Px)mod N=m,其中N为点G在椭圆曲线点群的阶;e) d(m, kG) can be taken as: d(m, kG)=(m+(kG) x ) mod N=r, then d'(r, P)=(rP x ) mod N=m, Where N is the order of point G in the elliptic curve point group;

f)d(m,kG)可以取值为以m为明文,kG为密钥的对称加密函数,而d’(r,P)可以取值为相应的以r为密文,P为密钥的对称解密函数;f) d(m, kG) can take the value of a symmetric encryption function with m as the plaintext and kG as the key, and d'(r, P) can take the value of the corresponding r as the ciphertext and P as the key The symmetric decryption function;

g)等等。g) and so on.

步骤106和步骤203中的函数f0,f1,g0,g1均为r的线性函数,为了取得较高的计算效率,可以取如下一些r的简单函数:The functions f 0 , f 1 , g 0 , and g 1 in step 106 and step 203 are all linear functions of r. In order to obtain higher calculation efficiency, the following simple functions of r can be taken:

h)函数f0,f1,g0,g1可以分别取值为f0(r)=c0*r、f1(r)=c1、g0(r)=c2、g1(r)=c0*r,其中c0、c1、c2为常数且函数f0,f1,g0,g1可以互换;h) The functions f 0 , f 1 , g 0 , and g 1 can respectively take the values of f 0 (r)=c 0 *r, f 1 (r)=c 1 , g 0 (r)=c 2 , g 1 (r)=c 0 *r, where c 0 , c 1 , and c 2 are constants and the functions f 0 , f 1 , g 0 , and g 1 are interchangeable;

i)函数f0,f1,g0,g1可以分别取值为f0(r)=c1、f1(r)=c2、g0(r)=c0*r、g1(r)=c3,其中c0、c1、c2、c3为常数且函数f0,f1,g0,g1可以互换;i) The functions f 0 , f 1 , g 0 , and g 1 can take the values of f 0 (r)=c 1 , f 1 (r)=c 2 , g 0 (r)=c 0 *r, g 1 (r)=c 3 , where c 0 , c 1 , c 2 , and c 3 are constants and the functions f 0 , f 1 , g 0 , and g 1 are interchangeable;

j)等等。j) and so on.

图3示出本发明的签名和验证签名装置。发送方A和接收方B在一个通信信道上通信时,发送方A使用密钥生成装置340生成密钥对:公钥YA和私钥xA,公布其公钥和系统参数。A使用签名器320,结合图1说明的签名过程对明文m进行签名,并将明文m和签名结果S发送给B。Fig. 3 shows the signing and verifying signature apparatus of the present invention. When the sender A and the receiver B communicate on a communication channel, the sender A uses the key generation device 340 to generate a key pair: public key Y A and private key x A , and publish its public key and system parameters. A uses the signer 320 to sign the plaintext m in conjunction with the signature process described in FIG. 1 , and sends the plaintext m and the signature result S to B.

接收方B接收到明文m和签名结果S,获取系统参数和A的公钥YA,使用验证签名器350,通过结合图2说明的验证对明文m的签名结果S,得到验证结果。The recipient B receives the plaintext m and the signature result S, obtains the system parameters and the public key Y A of A, uses the verification signer 350, and obtains the verification result by verifying the signature result S of the plaintext m as described in Fig. 2 .

以上结合本发明的最佳实施例对本发明进行了描述,本领域的普通技术人员可以在不偏离本发明的范围的情况下可对其作各种修改和改变。The present invention has been described above in conjunction with the preferred embodiments of the present invention, and those skilled in the art can make various modifications and changes to it without departing from the scope of the present invention.

Claims (32)

1. ellipse curve signature and certifying signature method, it is right that wherein transmit leg has oneself key: private key x AWith PKI Y A, and public address system parameter and PKI Y A, transmit leg uses the private key x of oneself APlaintext m is realized digital signature, and plaintext m and signature are sent to the recipient, the recipient uses the PKI Y of transmit leg AVerify that whether transmit leg is legal to the signature of plaintext m, comprises following steps:
Open system parameters of transmit leg and PKI Y thereof A, generate random number k then, make k drop on the interval [1, N-1], wherein N is the some order of a group of elliptic curve, and the basic point G of k and curve is carried out the elliptic curve point multiplication operation, obtains the some kG on the curve; Use some kG that function d will obtain and expressly m carry out computing, wherein guarantee from d, to obtain the value of k, obtain r=d (m, kG); Function f 0, f 1, g 0, g 1Be all the function of r, use function f 0, f 1, g 0, g 1With random number and private key x ASolving equation f 0(r)+f 1(r) s=k-x A(g 0(r)+g 1(r) s) solve s=(k-x Ag 0(r)-f 0(r)) (f 1(r)+x Ag 1(r)) -1, obtain like this (r s) is the signature of transmit leg to plaintext m; (r s) sends to the recipient to transmit leg with its signature with plaintext m;
The recipient receives expressly m and transmit leg, and (r s), at first uses the PKI Y of transmit leg to the signature of m A, elliptic curve basic point G and function f 0, f 1, g 0, g 1Calculate P=(f 0(r)+f 1(r) G+ (g s) 0(r)+g 1(r) Y s) A, use function d ' and calculating m '=d ' (r, P); M ' that calculates and the m that receives are compared, if identical then sign legally, simultaneously m ' recovers the plaintext that obtains from the signature result, if difference then sign illegal;
Wherein above-mentioned function d and function d ' must have following character: establish function d shape and be D=d (x, y), from function d push away y=d ' (x, D).
2. ellipse curve signature as claimed in claim 1 and certifying signature method, wherein when the length of real messages m was longer than the message-length that can sign, message m was replaced with the result of Hash function h (m), promptly used private key that the hash value h (m) of message m is signed; When checking, the Hash of message m elder generation that receives is obtained h (m), re-use h (m) certifying signature.
3. ellipse curve signature as claimed in claim 1 and certifying signature method wherein, if embed filling information in the message m of signature, then do not send message m when sending signature, and only send signature (r, s); When checking, (r s) recovers message m, utilizes the authenticity and integrity of filling information certifying signature then to utilize signature.
4. ellipse curve signature as claimed in claim 1 and certifying signature method, wherein function d and function d ' must have following character: establishing d function shape is D=d (x, y), from function d push away y=d ' (x, D), the d function that obtains is so effectively hidden cleartext information and random number information in above-mentioned signature and proof procedure; D ' function recovers the cleartext information that obtains hiding in above-mentioned proof procedure.
5. ellipse curve signature as claimed in claim 1 and certifying signature method, wherein function d and function d ' be taken as: when d (m, kG) value be d (m, kG)=m (kG) xDuring=r, then d , ( r , P ) = r P x - 1 = m , Wherein (kG) xAnd P xRefer to the abscissa of getting a kG and P respectively.
6. ellipse curve signature as claimed in claim 1 and certifying signature method, wherein function d and function d ' be taken as: when d (m, kG) value be d (m, kG)=m (kG) yDuring=r, then d , ( r , P ) = r P y - 1 = m , Wherein (kG) xAnd P xRefer to the ordinate of getting a kG and P respectively.
7. ellipse curve signature as claimed in claim 1 and certifying signature method, wherein function d and function d ' be taken as: (m, kG) value is as d d ( m , kG ) = m ⊕ ( kG ) x = r The time, then d , ( r , P ) = r ⊕ P x = m .
8. ellipse curve signature as claimed in claim 1 and certifying signature method, wherein function d and function d ' be taken as: (m, kG) value is as d d ( m , kG ) = m ⊗ ( kG ) x = r The time, then d , ( r , P ) = r ⊗ P x = m .
9. ellipse curve signature as claimed in claim 1 and certifying signature method, wherein function d and function d ' be taken as: (m, kG) value is as d d ( m , kG ) = m ⊕ ( kG ) y = r The time, then d , ( r , P ) = r ⊕ P v = m .
10. ellipse curve signature as claimed in claim 1 and certifying signature method, wherein function d and function d ' be taken as: (m, kG) value is as d d ( m , kG ) = m ⊗ ( kG ) y = r The time, then d , ( r , P ) = r ⊗ P y = m .
11. ellipse curve signature as claimed in claim 1 and certifying signature method, wherein function d and function d ' be taken as: when d (m, kG) value is for being expressly with m, when kG is the symmetric cryptography function of key, d ' (r, P) value is for being ciphertext accordingly with r, P is the symmetrical decryption function of key.
12. ellipse curve signature as claimed in claim 1 and certifying signature method, wherein function f 0, f 1, g 0, g 1Be the linear function of r.
13. ellipse curve signature as claimed in claim 1 and certifying signature method, wherein function f 0, f 1, g 0, g 1Be taken as: f 0(r)=c 0* r, f 1(r)=c 1, g 0(r)=c 2, g 1(r)=c 0* r, wherein c 0, c 1, c 2Be constant.
14. ellipse curve signature as claimed in claim 1 and certifying signature method, wherein function f 0, f 1, g 0, g 1Be taken as: f 1(r)=c 0* r, f 0(r)=c 1, g 1(r)=c 2, g 0(r)=c 0* r, wherein c 0, c 1, c 2Be constant.
15. ellipse curve signature as claimed in claim 1 and certifying signature method, wherein function f 0, f 1, g 0, g 1Value is f respectively 0(r)=c 1, f 1(r)=c 2, g 0(r)=c 0* r, g 1(r)=c 3, c wherein 0, c 1, c 2, c 3Be constant.
16. ellipse curve signature as claimed in claim 1 and certifying signature method, wherein function f 0, f 1, g 0, g 1Value is f respectively 1(r)=c 1, f 0(r)=c 2, g 1(r)=c 0* r, g 0(r)=c 3, c wherein 0, c 1, c 2, c 3Be constant.
17. ellipse curve signature and certifying signature system comprise key generating device (340), signature device (320) and certifying signature device (350), and it is right that wherein the transmit leg of this system uses described key generating device (340) generation key: private key x AWith PKI Y A, and public address system parameter and PKI Y A, and use described signature device (320) to utilize the private key x of oneself APlaintext m is realized digital signature, and wherein said signature device (320) is carried out:
Open system parameters and PKI Y thereof A, generate random number k then, make k drop on the interval [1, N-1], wherein N is the some order of a group of elliptic curve, and the basic point G of k and curve is carried out the elliptic curve point multiplication operation, obtains the some kG on the curve; Use some kG that function d will obtain and expressly m carry out computing, wherein guarantee from d, to obtain the value of k, obtain r=d (m, kG); Function f 0, f 1, g 0, g 1Be all the function of r, use function f 0, f 1, g 0, g 1With random number and private key x ASolving equation f 0(r)+f 1(r) s=k-x A(g 0(r)+g 1(r) s) solve s=(k-x Ag 0(r)-f 0(r)) (f 1(r)+x Ag 1(r)) -1, obtain like this (r s) is the signature of transmit leg to plaintext m; (r s) sends to the recipient to transmit leg with its signature with plaintext m;
Described certifying signature device (350) is carried out:
(r s), at first uses the PKI Y of transmit leg to the signature of m to receive expressly m and transmit leg A, elliptic curve basic point G and function f 0, f 1, g 0, g 1Calculate P=(f 0(r)+f 1(r) G+ (g s) 0(r)+g 1(r) Y s) A, use function d ' and calculating m '=d ' (r, P); M ' that calculates and the m that receives are compared, if identical then sign legally, simultaneously m ' recovers the plaintext that obtains from the signature result, if difference then sign illegal;
Wherein above-mentioned function d and function d ' must have following character: establish function d shape and be D=d (x, y), from function d push away y=d ' (x, D).
18. ellipse curve signature and certifying signature system as claim 17, wherein when the length of real messages m is grown than the message-length that can sign, the signature device replaces with the result of Hash function h (m) with message m, promptly uses private key that the hash value h (m) of message m is signed; When checking, the certifying signature device obtains h (m) with the Hash of message m elder generation that receives, and re-uses h (m) certifying signature.
19. as the ellipse curve signature and the certifying signature system of claim 17, wherein,, then when sending signature, do not send message m if in the message m of signature, embed filling information, and only send signature (r, s); When checking, (r s) recovers message m, utilizes the authenticity and integrity of filling information certifying signature then to utilize signature.
20. ellipse curve signature and certifying signature system as claim 17, wherein function d and function d ' must have following character: establishing d function shape is D=d (x, y), from function d push away y=d ' (x, D), the d function that obtains is so effectively hidden cleartext information and random number information in above-mentioned signature and proof procedure; D ' function recovers the cleartext information that obtains hiding in above-mentioned proof procedure.
21. as the ellipse curve signature and the certifying signature system of claim 17, wherein function d and function d ' be taken as: when d (m, kG) value be d (m, kG)=m (kG) xDuring=r, then d , ( r , P ) = r P x - 1 = m , Wherein (kG) xAnd P xRefer to the abscissa of getting a kG and P respectively.
22. as the ellipse curve signature and the certifying signature system of claim 17, wherein function d and function d ' be taken as: when d (m, kG) value be d (m, kG)=m (kG) yDuring=r, then d , ( r , P ) = r P y - 1 = m , Wherein (kG) xAnd P xRefer to the ordinate of getting a kG and P respectively.
23. as the ellipse curve signature and the certifying signature system of claim 17, wherein function d and function d ' be taken as: (m, kG) value is as d d ( m , kG ) = m ⊕ ( kG ) x = r The time, then d , ( r , P ) = r ⊕ P x = m .
24. as the ellipse curve signature and the certifying signature system of claim 17, wherein function d and function d ' be taken as: (m, kG) value is as d d ( m , kG ) = m ⊗ ( kG ) x = r The time, then d , ( r , P ) = r ⊗ P x = m .
25. as the ellipse curve signature and the certifying signature system of claim 17, wherein function d and function d ' be taken as: (m, kG) value is as d d ( m , kG ) = m ⊕ ( kG ) y = r The time, then d , ( r , P ) = r ⊕ P y = m .
26. as the ellipse curve signature and the certifying signature system of claim 17, wherein function d and function d ' be taken as: (m, kG) value is as d d ( m , kG ) = m ⊗ ( kG ) y = r The time, then d , ( r , P ) = r ⊗ P y = m .
27. as the ellipse curve signature and the certifying signature system of claim 17, wherein function d and function d ' be taken as: when d (m, kG) value is for being expressly with m, when kG is the symmetric cryptography function of key, d ' (r, P) value is for being ciphertext accordingly with r, P is the symmetrical decryption function of key.
28. ellipse curve signature and certifying signature system, wherein function f as claim 17 0, f 1, g 0, g 1Be the linear function of r.
29. ellipse curve signature and certifying signature system, wherein function f as claim 17 0, f 1, g 0, g 1Be taken as: f 0(r)=c 0* r, f 1(r)=c 1, g 0(r)=c 2, g 1(r)=c 0* r, wherein c 0, c 1, c 2Be constant.
30. ellipse curve signature and certifying signature system, wherein function f as claim 17 0, f 1, g 0, g 1Be taken as: f 1(r)=c 0* r, f 0(r)=c 1, g 1(r)=c 2, g 0(r)=c 0* r, wherein c 0, c 1, c 2Be constant.
31. ellipse curve signature and certifying signature system, wherein function f as claim 17 0, f 1, g 0, g 1Value is f respectively 0(r)=c 1, f 1(r)=c 2, g 0(r)=c 0* r, g 1(r)=c 3, c wherein 0, c 1, c 2, c 3Be constant.
32. ellipse curve signature and certifying signature system, wherein function f as claim 17 0, f 1, g 0, g 1Value is f respectively 1(r)=c 1, f 0(r)=c 2, g 1(r)=c 0* r, g 0(r)=c 3, c wherein 0, c 1, c 2, c 3Be constant.
CNB021547165A 2002-11-29 2002-11-29 Elliptic Curve Signature and Verification Signature Method and Device Expired - Lifetime CN100440776C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB021547165A CN100440776C (en) 2002-11-29 2002-11-29 Elliptic Curve Signature and Verification Signature Method and Device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB021547165A CN100440776C (en) 2002-11-29 2002-11-29 Elliptic Curve Signature and Verification Signature Method and Device

Publications (2)

Publication Number Publication Date
CN1505313A CN1505313A (en) 2004-06-16
CN100440776C true CN100440776C (en) 2008-12-03

Family

ID=34235561

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB021547165A Expired - Lifetime CN100440776C (en) 2002-11-29 2002-11-29 Elliptic Curve Signature and Verification Signature Method and Device

Country Status (1)

Country Link
CN (1) CN100440776C (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109889341A (en) * 2019-01-15 2019-06-14 思力科(深圳)电子科技有限公司 Data processing method, electronic tag and radio-frequency card reader

Families Citing this family (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1262087C (en) * 2005-01-14 2006-06-28 南相浩 Method and apparatus for cipher key generation based on identification
US7602907B2 (en) * 2005-07-01 2009-10-13 Microsoft Corporation Elliptic curve point multiplication
DE102006004237A1 (en) * 2006-01-30 2007-08-16 Siemens Ag Method and device for agreeing a common key between a first communication device and a second communication device
US8311214B2 (en) * 2006-04-24 2012-11-13 Motorola Mobility Llc Method for elliptic curve public key cryptographic validation
CN101079701B (en) * 2006-05-22 2011-02-02 北京华大信安科技有限公司 Highly secure ellipse curve encryption and decryption method and device
CN101296075B (en) * 2007-04-29 2012-03-21 四川虹微技术有限公司 Identity authentication system based on elliptic curve
CN101488958B (en) * 2009-02-20 2011-09-07 东南大学 Large cluster safe real-time communication method executed by using elliptical curve
CN101547099B (en) * 2009-05-07 2011-08-03 张键红 Elliptical curve-based method and elliptical curve-based device for self-authenticating signature
CN102487321B (en) * 2010-12-03 2014-07-02 航天信息股份有限公司 Signcryption method and system
CN104660399B (en) * 2013-11-25 2018-02-23 上海复旦微电子集团股份有限公司 A kind of RSA modular exponentiation operation method and device
CN103701598B (en) * 2013-12-05 2017-07-11 武汉信安珞珈科技有限公司 It is a kind of that endorsement method and digital signature device are checked based on SM2 signature algorithms
CN104866779B (en) * 2015-04-07 2018-05-11 福建师范大学 It is a kind of to control e-file life cycle and the method and system of safety deleting
CN105933338A (en) * 2016-06-24 2016-09-07 收付宝科技有限公司 Method and device for performing virtual card transaction
CN106685651A (en) * 2016-12-22 2017-05-17 北京信安世纪科技有限公司 Method for creating digital signatures by cooperation of client and server
CN107395370B (en) * 2017-09-05 2020-07-14 深圳奥联信息安全技术有限公司 Identification-based digital signature method and device
CN107612934A (en) * 2017-10-24 2018-01-19 济南浪潮高新科技投资发展有限公司 A kind of block chain mobile terminal computing system and method based on Secret splitting
CN109104712B (en) * 2018-07-17 2021-04-30 北京神州安付科技股份有限公司 Wireless recharging encryption system based on NFC function and encryption method thereof
CN110022210B (en) * 2019-03-28 2022-03-15 思力科(深圳)电子科技有限公司 Signature verification method based on elliptic curve password, signature end and signature verification end
CN111125782B (en) * 2019-12-24 2022-12-09 兴唐通信科技有限公司 Method and system for verifying ID of unclonable chip
CN111475856B (en) * 2020-04-03 2023-12-22 数据通信科学技术研究所 Digital signature method and method for verifying digital signature
CN113225190B (en) * 2021-02-08 2024-05-03 数字兵符(福州)科技有限公司 Quantum security digital signature method using new difficult problem
CN113810195B (en) * 2021-06-04 2023-08-15 国网山东省电力公司 Safe transmission method and device for electric power training simulation assessment data
CN114065171B (en) * 2021-11-11 2022-07-08 北京海泰方圆科技股份有限公司 Identity authentication method, device, system, equipment and medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0874307A1 (en) * 1997-03-25 1998-10-28 Certicom Corp. Accelerated finite field operations on an elliptic curve
EP0892520A2 (en) * 1997-07-17 1999-01-20 Matsushita Electric Industrial Co., Ltd. Elliptic curve calculation apparatus capable of calculating multiples at high speed
JPH11231779A (en) * 1998-02-19 1999-08-27 Nippon Telegr & Teleph Corp <Ntt> Blind signature method using elliptic curve, apparatus and program recording medium
US6049610A (en) * 1991-09-17 2000-04-11 Next Software, Inc. Method and apparatus for digital signature authentication
US6088798A (en) * 1996-09-27 2000-07-11 Kabushiki Kaisha Toshiba Digital signature method using an elliptic curve, a digital signature system, and a program storage medium having the digital signature method stored therein
CN1264974A (en) * 1999-12-01 2000-08-30 陈永川 Digital signature method using elliptic curve encryption algorithm
CN1280726A (en) * 1997-12-05 2001-01-17 保密信息技术公司 Transformation methods for optimizing elliptic curve cryptographic computations

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6049610A (en) * 1991-09-17 2000-04-11 Next Software, Inc. Method and apparatus for digital signature authentication
US6088798A (en) * 1996-09-27 2000-07-11 Kabushiki Kaisha Toshiba Digital signature method using an elliptic curve, a digital signature system, and a program storage medium having the digital signature method stored therein
EP0874307A1 (en) * 1997-03-25 1998-10-28 Certicom Corp. Accelerated finite field operations on an elliptic curve
EP0892520A2 (en) * 1997-07-17 1999-01-20 Matsushita Electric Industrial Co., Ltd. Elliptic curve calculation apparatus capable of calculating multiples at high speed
CN1280726A (en) * 1997-12-05 2001-01-17 保密信息技术公司 Transformation methods for optimizing elliptic curve cryptographic computations
JPH11231779A (en) * 1998-02-19 1999-08-27 Nippon Telegr & Teleph Corp <Ntt> Blind signature method using elliptic curve, apparatus and program recording medium
CN1264974A (en) * 1999-12-01 2000-08-30 陈永川 Digital signature method using elliptic curve encryption algorithm

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109889341A (en) * 2019-01-15 2019-06-14 思力科(深圳)电子科技有限公司 Data processing method, electronic tag and radio-frequency card reader

Also Published As

Publication number Publication date
CN1505313A (en) 2004-06-16

Similar Documents

Publication Publication Date Title
CN100440776C (en) Elliptic Curve Signature and Verification Signature Method and Device
JP4588874B2 (en) Inherent certificate method
US7308097B2 (en) Digital signature and authentication method and apparatus
US7779259B2 (en) Key agreement and transport protocol with implicit signatures
CN1902853B (en) Method and apparatus for verifiable generation of public keys
CN101079701B (en) Highly secure ellipse curve encryption and decryption method and device
US7221758B2 (en) Practical non-malleable public-key cryptosystem
Boyd et al. Elliptic curve based password authenticated key exchange protocols
EP1496644A2 (en) Method for signature and session key generation
US20140344576A1 (en) Key validation scheme
CA2305896C (en) Key validation scheme
CN100452695C (en) Elliptic curve encryption and decryption method and apparatus
US20150006900A1 (en) Signature protocol
Kuppuswamy et al. A new efficient digital signature scheme algorithm based on block cipher
JP2004534971A (en) Public key cryptosystem using finite non-commutative group
US6724893B1 (en) Method of passing a cryptographic key that allows third party access to the key
Tahat et al. A new digital signature scheme with message recovery using hybrid problems
JPH11174957A (en) Authentication protocol
US20050240762A1 (en) Cryptographic method and apparatus
Chandrasekar et al. Improved authentication and key agreement protocol using elliptic curve cryptography
Zhang et al. A novel authenticated encryption scheme and its extension
Reddi et al. Identity-based signcryption groupkey agreement protocol using bilinear pairing
EP1768300A1 (en) Key agreement and transport protocol with implicit signatures
Constantinescu Authentication protocol based on ellipitc curve cryptography
Lee et al. A 2-pass authentication and key agreement protocol for mobile communications

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CX01 Expiry of patent term

Granted publication date: 20081203

CX01 Expiry of patent term