CN114785530B - Chip authentication method, device, equipment and storage medium - Google Patents
Chip authentication method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN114785530B CN114785530B CN202210708166.3A CN202210708166A CN114785530B CN 114785530 B CN114785530 B CN 114785530B CN 202210708166 A CN202210708166 A CN 202210708166A CN 114785530 B CN114785530 B CN 114785530B
- Authority
- CN
- China
- Prior art keywords
- value
- key value
- data
- signature
- digital signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 58
- 238000004364 calculation method Methods 0.000 claims abstract description 61
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 43
- 238000004891 communication Methods 0.000 claims abstract description 11
- 238000004590 computer program Methods 0.000 claims description 11
- 230000008569 process Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 6
- 238000013500 data storage Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000005336 cracking Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000003672 processing method Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3252—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a chip authentication method, device, equipment and storage medium, and belongs to the technical field of communication authentication. The method comprises the following steps: receiving data to be signed sent by an upper computer, wherein the data to be signed is random digital data with a fixed length; encrypting data to be signed based on an advanced encryption standard calculation model to obtain a first key value; performing signature processing on the first key value by adopting an elliptic curve digital signature algorithm to obtain a digital signature value; and sending the digital signature value to an upper computer for chip authentication. The method and the device can avoid generating repeated random numbers, so that the security of the signature can be improved.
Description
Technical Field
The present application relates to the field of communication authentication technologies, and in particular, to a chip authentication method, device, apparatus, and storage medium.
Background
When the chip communicates with the upper computer, corresponding communication authentication is usually required, and the specific authentication process is that the chip sends a digital signature to the upper computer and the upper computer performs signature authentication.
In the prior art, in the process of generating a Digital Signature, a random number generator is usually used to generate a random number, and then the random number is signed based on an Elliptic Curve Digital Signature Algorithm (ECDSA).
However, the random numbers generated randomly are easy to be cracked by external force, so that the generated random numbers are fixed numbers, and further, an attacker can acquire the same random numbers by grabbing packets for multiple times to perform corresponding cracking, so that the signature is decrypted, and the security of the signature is reduced.
Disclosure of Invention
The present application aims to provide a chip authentication method, device, apparatus, and storage medium, which can avoid generating repeated random numbers, thereby improving the security of signatures.
The embodiment of the application is realized as follows:
in one aspect of the embodiments of the present application, a chip authentication method is provided, where the method is applied to a working chip, and the working chip is in communication connection with an upper computer, and the method includes:
receiving data to be signed sent by an upper computer, wherein the data to be signed is random digital data with a fixed length;
encrypting data to be signed based on an advanced encryption standard calculation model to obtain a first key value;
performing signature processing on the first key value by adopting an elliptic curve digital signature algorithm to obtain a digital signature value;
and sending the digital signature value to an upper computer for chip authentication.
Optionally, encrypting the data to be signed based on an advanced encryption standard calculation model to obtain a first key value includes:
carrying out Hash calculation on data to be signed to obtain a target Hash value;
generating a second key value, wherein the second key value is a random number;
obtaining ciphertext data based on the target hash value, the second key value and the advanced encryption standard calculation model;
and taking the ciphertext data as a first key value.
Optionally, obtaining ciphertext data based on the target hash value, the second key value, and an advanced encryption standard calculation model, including:
and taking the target hash value as plaintext data, and taking the second key value as a key to input the key into an advanced encryption standard calculation model for advanced encryption calculation to obtain ciphertext data.
Optionally, the signing is performed on the first key value by using an elliptic curve digital signature algorithm to obtain a digital signature value, where the signing includes:
determining the coordinates of the target point based on the first key value and a preset subgroup base point;
determining a first signature value based on coordinates of the target point;
obtaining a second signature value according to the first signature value, a preset private key and a randomly generated hash value;
and taking the first signature value and the second signature value as digital signature values.
Optionally, the working chip comprises: a physical random number generation unit; generating a second key value, comprising:
the second key value is generated by a physical random number generation unit.
Optionally, the working chip comprises: a program storage unit; generating a second key value, comprising:
and operating the software program prestored in the program storage unit to generate a second key value.
Optionally, the working chip comprises: a hardware algorithm unit; adopting an elliptic curve digital signature algorithm to perform signature processing on the first key value to obtain a digital signature value, wherein the signature processing method comprises the following steps:
and signing the first key value by adopting an elliptic curve digital signature algorithm through a hardware algorithm unit to obtain a digital signature value.
On the other hand of this application embodiment provides an authentication device of chip, and the device is applied to the work chip, and the work chip is connected with host computer communication, and the device includes: the device comprises a receiving module, an encryption module, a signature module and a sending module;
the receiving module is used for receiving data to be signed sent by the upper computer, and the data to be signed is random digital data with a fixed length;
the encryption module is used for encrypting the data to be signed based on the advanced encryption standard calculation model to obtain a first key value;
the signature module is used for carrying out signature processing on the first key value by adopting an elliptic curve digital signature algorithm to obtain a digital signature value;
and the sending module is used for sending the digital signature value to an upper computer for chip authentication.
Optionally, the encryption module is specifically configured to perform hash calculation on the data to be signed to obtain a target hash value; generating a second key value, wherein the second key value is a random number; obtaining ciphertext data based on the target hash value, the second key value and the advanced encryption standard calculation model; and taking the ciphertext data as a first key value.
Optionally, the encryption module is specifically configured to use the target hash value as plaintext data, and use the second key value as a key to input the key to the advanced encryption standard calculation model for advanced encryption calculation, so as to obtain ciphertext data.
Optionally, the signature module is specifically configured to determine coordinates of the target point based on the first key value and a preset subgroup base point; determining a first signature value based on the coordinates of the target point; obtaining a second signature value according to the first signature value, a preset private key and a randomly generated hash value; and taking the first signature value and the second signature value as digital signature values.
Optionally, the signature module is specifically configured to generate the second key value by the physical random number generation unit.
Optionally, the signature module is specifically configured to run a software program pre-stored in the program storage unit to generate the second key value.
Optionally, the signature module is specifically configured to perform signature processing on the first key value by using an elliptic curve digital signature algorithm through the hardware algorithm unit to obtain a digital signature value.
In another aspect of the embodiments of the present application, there is provided a computer device, including: the chip authentication method comprises the steps of a memory and a processor, wherein a computer program capable of running on the processor is stored in the memory, and when the processor executes the computer program, the chip authentication method is realized.
In another aspect of the embodiments of the present application, a computer-readable storage medium is provided, on which a computer program is stored, and the computer program, when executed by a processor, implements the steps of the authentication method of the chip.
The beneficial effects of the embodiment of the application include:
in the chip authentication method, device, equipment and storage medium provided by the embodiment of the application, data to be signed sent by an upper computer can be received, and the data to be signed is random digital data with a fixed length; encrypting data to be signed based on an advanced encryption standard calculation model to obtain a first key value; performing signature processing on the first key value by adopting an elliptic curve digital signature algorithm to obtain a digital signature value; and sending the digital signature value to an upper computer for chip authentication. The randomness of the first key value can be increased through the first key value obtained by encrypting the data to be signed by the advanced encryption standard calculation model, the same first key value is prevented from being input when an elliptic curve digital signature algorithm is carried out, and the signature safety is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.
Fig. 1 is a schematic structural diagram of a working chip provided in an embodiment of the present application;
fig. 2 is a schematic flowchart of an authentication method for a chip according to an embodiment of the present disclosure;
fig. 3 is another schematic flowchart of an authentication method for a chip according to an embodiment of the present disclosure;
fig. 4 is another schematic flowchart of an authentication method for a chip according to an embodiment of the present disclosure;
fig. 5 is a schematic flowchart illustrating a flow sequence of a chip authentication method according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an authentication apparatus of a chip according to an embodiment of the present disclosure;
fig. 7 is a schematic structural diagram of a computer device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making any creative effort belong to the protection scope of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
In the description of the present application, it should be noted that the terms "first", "second", "third", etc. are used only for distinguishing the description, and are not intended to indicate or imply relative importance.
In the prior art, in the process of performing digital signature authentication, a randomly generated random number is usually signed directly based on an elliptic curve digital signature algorithm, however, in the random number generation in the prior art, one random number is usually randomly selected from a plurality of numbers within a certain range, and the situation of repeated generation is inevitable; also, the randomly generated numbers may be subject to external forces that can disrupt the random numbers, such as: the random number generator is physically damaged, so that the random number generator fixedly generates the same number, under the condition, an attacker can acquire the same random number by grabbing packets for multiple times to correspondingly crack, and thus the digital signature is cracked, and the specific cracking process is as follows:
and obtaining the communication of two times of packet grabbing, obtaining a hash value (z 1, z 2), and two times of signature results (r 1, s 1) and (r 2, s 2), if the random numbers k are the same, determining that the r1 and the r2 of the signature results are equal, further calculating s1 and s2 according to a preset formula, and calculating a private key according to the difference value of the s1 and the s2, thereby realizing the cracking of the digital signature.
In order to avoid the problem that the private key is cracked due to the occurrence of the above problems, the embodiment of the present application provides an authentication method for a chip to solve the deficiencies in the prior art.
The following specifically explains a specific structure of a working chip for implementing the chip authentication method provided in the embodiment of the present application.
Fig. 1 is a schematic structural diagram of a working chip provided in an embodiment of the present application, please refer to fig. 1, where the working chip includes: a control unit 110, a data storage unit 120, a program storage unit 130, a hardware algorithm unit 140, and a physical random number generation unit 150.
The control unit 110 may be connected to the data storage unit 120, the program storage unit 130, the hardware algorithm unit 140, and the physical random number generation unit 150 (connection relationships are not specifically shown in the figure), respectively, to implement control of these units.
The control Unit 110 may be any control Unit having a Processing function, such as an MCU (micro controller Unit) or a CPU (Central Processing Unit), and is not limited in particular.
The data storage unit 120 may be a unit for storing data, and specifically may be a Random Access Memory (RAM).
The program storage unit 130 may include a ROM (Read Only Memory) and a FLASH Memory (FLASH).
The hardware arithmetic unit 140 may be an arithmetic unit that performs data arithmetic, and specifically may be an arithmetic unit that performs high-speed processing.
The physical random number generation unit 150 may be a hardware circuit for implementing random number generation.
The following explains a specific implementation procedure of the chip authentication method provided in the embodiment of the present application based on the specific structure of the above-described working chip.
Fig. 2 is a schematic flowchart of an authentication method for a chip according to an embodiment of the present application, and please refer to fig. 2, where the method includes:
s210: and receiving data to be signed sent by the upper computer.
The data to be signed is random digital data with a fixed length.
Optionally, the execution main body of the method may be the above-mentioned working chip, and specifically may be a control unit in the working chip, the working chip may be in communication connection with an upper computer, and in the process of implementing chip authentication, the working chip may specifically send a digital signature to the upper computer to implement authentication.
Wherein, the host computer can be the equipment that links to each other with the work chip, for example: if the working chip is a chip in the earphone or the charging wire, the upper computer can be a terminal device such as a mobile phone connected with the earphone or the charging wire.
Optionally, the data to be signed may specifically be data sent by an upper computer, and specifically may be random digital data of a fixed length. The data may specifically be used to instruct the workchip to perform authentication. After the working chip receives the data to be signed, the data can be encrypted and then sent to an upper computer for corresponding authentication.
S220: and encrypting the data to be signed based on an advanced encryption standard calculation model to obtain a first key value.
Alternatively, the Advanced Encryption Standard calculation model may be an AES (Advanced Encryption Standard) calculation model. The calculation model may be an encryption mode in cryptography, and the data to be signed may be encrypted based on the encryption mode to obtain the first key value.
S230: and signing the first key value by adopting an elliptic curve digital signature algorithm to obtain a digital signature value.
Optionally, after the first key value is obtained based on the above manner, the first key value may be input by using an elliptic curve digital signature algorithm, and a digital signature value is obtained by performing signature processing.
The digital signature processing can be specifically completed by performing an elliptic curve digital signature algorithm through a hardware algorithm unit.
S240: and sending the digital signature value to an upper computer for chip authentication.
Optionally, after the digital signature value is obtained, the high digital signature value may be sent to the upper computer through the input/output interface of the working chip for chip authentication.
In the chip authentication method provided by the embodiment of the application, data to be signed sent by an upper computer can be received, wherein the data to be signed is random digital data with a fixed length; encrypting data to be signed based on an advanced encryption standard calculation model to obtain a first key value; performing signature processing on the first key value by adopting an elliptic curve digital signature algorithm to obtain a digital signature value; and sending the digital signature value to an upper computer for chip authentication. The first key value obtained by encrypting the data to be signed through the advanced encryption standard calculation model can increase the randomness of the first key value, and the input of the same first key value during the elliptic curve digital signature algorithm is avoided, so that the signature safety is improved.
The following specifically explains a specific implementation process for calculating the first key value in the chip authentication method provided in the embodiment of the present application.
Fig. 3 is another schematic flow chart of the chip authentication method according to the embodiment of the present application, and please refer to fig. 3, where encrypting data to be signed based on an advanced encryption standard calculation model to obtain a first key value includes:
s310: and carrying out Hash calculation on the data to be signed to obtain a target Hash value.
Optionally, hash calculation may be performed on the data to be signed, specifically, corresponding calculation may be performed through a hash function, so as to obtain a target hash value corresponding to the data to be signed.
S320: a second key value is generated.
Wherein the second key value is a random number.
Optionally, the second key value is a random number, and the specific generation method may be to manually input a random number or a randomly generated number, which is not specifically limited herein, and the second key value may be obtained.
S330: and obtaining ciphertext data based on the target hash value, the second key value and the advanced encryption standard calculation model.
Optionally, after the target hash value and the second key value are obtained respectively, the target hash value and the second key value may be input into an advanced encryption standard calculation model to perform AES operation, so as to obtain ciphertext data.
S340: and taking the ciphertext data as a first key value.
Optionally, the obtained ciphertext data may be used as the first key value to perform a subsequent elliptic curve digital signature algorithm.
In the authentication method of the chip provided by the embodiment of the application, hash calculation can be performed on data to be signed to obtain a target hash value; generating a second key value; obtaining ciphertext data based on the target hash value, the second key value and the advanced encryption standard calculation model; and taking the ciphertext data as a first key value. After the target hash value and the second key value are processed by the advanced encryption standard calculation model, the first key value with higher randomness can be obtained, so that the randomness of the first key value is increased, and even if the data to be signed is cracked, the first key value obtained by the advanced encryption standard calculation model cannot be the same due to the different second key values, and the signature safety is improved.
Optionally, obtaining ciphertext data based on the target hash value, the second key value, and the advanced encryption standard calculation model, includes: and taking the target hash value as plaintext data, and taking the second key value as a key to input the key into an advanced encryption standard calculation model for advanced encryption calculation to obtain ciphertext data.
The advanced encryption standard calculation model may include plaintext data and a secret key during the calculation, the input of the advanced encryption standard calculation model may be plaintext data and a secret key, and the output of the advanced encryption standard calculation model may be ciphertext data.
The target hash value can be used as plaintext data, and the second key value can be used as a key and input into the advanced encryption standard calculation model for calculation, so that corresponding ciphertext data can be obtained. The ciphertext data may be the first key value.
For example: and if the target hash value is z and the second key value is k, respectively inputting z and k into an advanced encryption standard calculation model to perform advanced encryption calculation to obtain ciphertext data c, wherein the ciphertext data c is the first key value.
The following explains a specific implementation process of the elliptic curve digital signature algorithm based on the first key value after the first key value is obtained.
Fig. 4 is another schematic flow chart of the chip authentication method according to the embodiment of the present application, and please refer to fig. 4, where the elliptic curve digital signature algorithm is adopted to perform signature processing on the first key value to obtain a digital signature value, where the signature processing includes:
s410: and determining the coordinates of the target point based on the first key value and a preset subgroup base point.
Optionally, after the ciphertext data c is obtained in the above manner, the ciphertext data c may be used as the first key value.
The coordinates of the target point may be determined based on the formula:
P=KG;
wherein K is a first key value; g is a preset subgroup base point, and the obtained P is marked as the coordinate of the target point.
S420: a first signature value is determined based on the coordinates of the target point.
Optionally, after obtaining the coordinates of the target point, the first signature value may be calculated based on the following formula:
r=x p ×modn;
where r is the first signature value, x p Mod n is a preset number, which is the abscissa of the point P.
S430: and obtaining a second signature value according to the first signature value, a preset private key and a randomly generated hash value.
After the first signature value is obtained, a second signature value can be obtained based on a preset formula, wherein the specific formula is as follows:
s=K -1 (Z+rd A )modn;
wherein Z is a randomly generated hash value, which may be the same as or different from the target hash value Z, and K is not limited herein -1 In particular, the multiplication inverse of K × modn, r is the first signature value, d A Is a pre-configured private key. s is the second signature value.
It should be noted that the preset subgroup base point G and the preset number modn are both parameters configured in the elliptic curve digital signature algorithm.
S440: and taking the first signature value and the second signature value as digital signature values.
Optionally, after the first signature value and the second signature value are obtained through the above algorithm, a digital signature value may be obtained, which may be specifically represented as (r, s).
Optionally, the working chip comprises: a physical random number generation unit; generating a second key value comprising: the second key value is generated by a physical random number generation unit.
The physical random number generating unit may be a digital circuit, and may randomly generate a fixed-length number through the digital circuit, where the fixed-length number is used as the second key value.
Optionally, the working chip comprises: a program storage unit; generating a second key value comprising: and operating the software program prestored in the program storage unit to generate a second key value.
The program storage unit may store a software program for generating random numbers in advance, and may generate random numbers of a fixed length in a software manner by rounding the software program, where the random numbers are used as the second key value.
Optionally, the working chip comprises: a hardware algorithm unit; adopting an elliptic curve digital signature algorithm to perform signature processing on the first key value to obtain a digital signature value, wherein the signature processing method comprises the following steps: and signing the first key value by adopting an elliptic curve digital signature algorithm through a hardware algorithm unit to obtain a digital signature value.
It should be noted that the hardware arithmetic unit may be an arithmetic unit with a high-speed arithmetic function, and the digital signature value can be obtained more quickly in the specific calculation process.
Fig. 5 is a schematic flowchart of a flow sequence of a chip authentication method according to an embodiment of the present application, please refer to fig. 5, and fig. 5 specifically explains a process of performing AES calculation and a process of calculating ECDSA, specifically as follows:
carrying out Hash processing on the data m to be signed to obtain a target Hash value z, and carrying out AES operation on the target Hash value z and a second key value kObtaining ciphertext data c, taking the ciphertext data c as a first key value K, and obtaining a random hash value Z and a preset private key d according to the first key value K A The ECDSA processing is performed to obtain a digital signature result (r, s).
The following describes apparatuses, devices, storage media, and the like corresponding to the chip authentication method provided in the present application, and specific implementation processes and technical effects thereof are referred to above, and will not be described again below.
Fig. 6 is a schematic structural diagram of an authentication device of a chip according to an embodiment of the present application, please refer to fig. 6, where the authentication device includes: a receiving module 610, an encrypting module 620, a signing module 630 and a sending module 640;
the receiving module 610 is configured to receive data to be signed sent by an upper computer, where the data to be signed is random digital data with a fixed length;
the encryption module 620 is configured to encrypt the data to be signed based on an advanced encryption standard calculation model to obtain a first key value;
the signature module 630 is configured to perform signature processing on the first key value by using an elliptic curve digital signature algorithm to obtain a digital signature value;
and the sending module 640 is used for sending the digital signature value to the upper computer for chip authentication.
Optionally, the encryption module 620 is specifically configured to perform hash calculation on the data to be signed to obtain a target hash value; generating a second key value, wherein the second key value is a random number; obtaining ciphertext data based on the target hash value, the second key value and the advanced encryption standard calculation model; and taking the ciphertext data as a first key value.
Optionally, the encryption module 620 is specifically configured to use the target hash value as plaintext data, and use the second key value as a key to input the key to the advanced encryption standard calculation model for advanced encryption calculation, so as to obtain ciphertext data.
Optionally, the signature module 630 is specifically configured to determine coordinates of the target point based on the first key value and a preset subgroup base point; determining a first signature value based on the coordinates of the target point; obtaining a second signature value according to the first signature value, a preconfigured private key and a randomly generated hash value; and taking the first signature value and the second signature value as digital signature values.
Optionally, the signature module 630 is specifically configured to generate the second key value through a physical random number generating unit.
Optionally, the signature module 630 is specifically configured to run a software program pre-stored in the program storage unit to generate the second key value.
Optionally, the signature module 630 is specifically configured to perform signature processing on the first key value by using an elliptic curve digital signature algorithm through a hardware algorithm unit to obtain a digital signature value.
In the chip authentication device provided by the embodiment of the application, data to be signed sent by an upper computer can be received, and the data to be signed is random digital data with a fixed length; encrypting data to be signed based on an advanced encryption standard calculation model to obtain a first key value; performing signature processing on the first key value by adopting an elliptic curve digital signature algorithm to obtain a digital signature value; and sending the digital signature value to an upper computer for chip authentication. The first key value obtained by encrypting the data to be signed through the advanced encryption standard calculation model can increase the randomness of the first key value, and the input of the same first key value during the elliptic curve digital signature algorithm is avoided, so that the signature safety is improved.
The above-mentioned apparatus is used for executing the method provided by the foregoing embodiment, and the implementation principle and technical effect are similar, which are not described herein again.
The above modules may be one or more integrated circuits configured to implement the above methods, such as: one or more Application Specific Integrated Circuits (ASICs), or one or more microprocessors, or one or more Field Programmable Gate Arrays (FPGAs), etc. For another example, when one of the above modules is implemented in the form of a Processing element scheduler code, the Processing element may be a general-purpose processor, such as a Central Processing Unit (CPU) or other processor capable of calling program code. As another example, these modules may be integrated together and implemented in the form of a system-on-a-chip (SOC).
Fig. 7 is a schematic structural diagram of a computer device according to an embodiment of the present application, and referring to fig. 7, the computer device includes: the chip authentication method includes a memory 710 and a processor 720, wherein a computer program operable on the processor 720 is stored in the memory 710, and when the computer program is executed by the processor 720, the steps of the chip authentication method are realized.
The computer device may be the above-mentioned operating chip, the processor 720 may be a control unit of the above-mentioned operating chip, and the memory 710 may specifically peek at the data storage unit 120 and the program storage unit 130 of the above-mentioned operating chip.
In another aspect of the embodiments of the present application, there is also provided a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the steps of the authentication method of the chip are implemented.
In the several embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, a division of a unit is merely a logical division, and an actual implementation may have another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network device) or a processor (in english: processor) to execute some steps of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (8)
1. The chip authentication method is applied to a working chip which is in communication connection with an upper computer, and comprises the following steps:
receiving data to be signed sent by the upper computer, wherein the data to be signed is random digital data with a fixed length;
encrypting the data to be signed based on an advanced encryption standard calculation model to obtain a first key value, wherein the first key value is ciphertext data;
adopting an elliptic curve digital signature algorithm to perform signature processing on the first key value to obtain a digital signature value;
sending the digital signature value to the upper computer for chip authentication;
the encrypting the data to be signed based on the advanced encryption standard calculation model to obtain a first key value comprises the following steps:
performing hash calculation on the data to be signed to obtain a target hash value;
generating a second key value, wherein the second key value is a random number;
obtaining ciphertext data based on the target hash value, the second key value and the advanced encryption standard calculation model;
taking the ciphertext data as the first key value;
the signing processing is performed on the first key value by adopting an elliptic curve digital signature algorithm to obtain a digital signature value, and the signing processing comprises the following steps:
determining coordinates of a target point based on the first key value and a preset subgroup base point;
determining a first signature value based on the coordinates of the target point;
obtaining a second signature value according to the first signature value, a preconfigured private key and a randomly generated hash value;
and taking the first signature value and the second signature value as the digital signature value.
2. The method for authenticating a chip according to claim 1, wherein the obtaining ciphertext data based on the target hash value, the second key value, and the advanced encryption standard calculation model comprises:
and taking the target hash value as plaintext data, and taking the second key value as a key to be input into the advanced encryption standard calculation model for advanced encryption calculation to obtain the ciphertext data.
3. The method for authenticating a chip according to claim 2, wherein the operating chip comprises: a physical random number generation unit; the generating a second key value comprises:
generating, by the physical random number generation unit, the second key value.
4. The method for authenticating a chip according to claim 2, wherein the operating chip comprises: a program storage unit; the generating a second key value comprises:
and operating a software program pre-stored in the program storage unit to generate the second key value.
5. The method for authenticating a chip according to claim 1, wherein the operating chip includes: a hardware algorithm unit; the signing processing is performed on the first key value by adopting an elliptic curve digital signature algorithm to obtain a digital signature value, and the signing processing comprises the following steps:
and signing the first key value by adopting an elliptic curve digital signature algorithm through the hardware algorithm unit to obtain a digital signature value.
6. The chip authentication device is characterized in that the device is applied to a working chip, the working chip is in communication connection with an upper computer, and the device comprises: the device comprises a receiving module, an encryption module, a signature module and a sending module;
the receiving module is used for receiving the data to be signed sent by the upper computer, and the data to be signed is random digital data with a fixed length;
the encryption module is used for encrypting the data to be signed based on an advanced encryption standard calculation model to obtain a first key value, and the first key value is ciphertext data;
the signature module is used for carrying out signature processing on the first key value by adopting an elliptic curve digital signature algorithm to obtain a digital signature value;
the sending module is used for sending the digital signature value to the upper computer for chip authentication;
the encryption module is specifically used for performing hash calculation on the data to be signed to obtain a target hash value; generating a second key value, wherein the second key value is a random number; obtaining ciphertext data based on the target hash value, the second key value and the advanced encryption standard calculation model; taking the ciphertext data as the first key value;
the signature module is specifically configured to determine coordinates of a target point based on the first key value and a preset subgroup base point; determining a first signature value based on coordinates of the target point; obtaining a second signature value according to the first signature value, a preset private key and a randomly generated hash value; taking the first signature value and the second signature value as the digital signature value.
7. A computer device, comprising: memory in which a computer program is stored that is executable on the processor, and a processor that, when executing the computer program, carries out the steps of the method according to any one of claims 1 to 5.
8. A computer-readable storage medium, characterized in that the storage medium has stored thereon a computer program which, when being executed by a processor, carries out the steps of the method of one of the claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210708166.3A CN114785530B (en) | 2022-06-22 | 2022-06-22 | Chip authentication method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210708166.3A CN114785530B (en) | 2022-06-22 | 2022-06-22 | Chip authentication method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114785530A CN114785530A (en) | 2022-07-22 |
| CN114785530B true CN114785530B (en) | 2022-10-04 |
Family
ID=82420941
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210708166.3A Active CN114785530B (en) | 2022-06-22 | 2022-06-22 | Chip authentication method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114785530B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104052606A (en) * | 2014-06-20 | 2014-09-17 | 北京邮电大学 | Digital signature, signature authentication device and digital signature method |
| US9800410B1 (en) * | 2006-08-14 | 2017-10-24 | Key Holdings, LLC | Data encryption system and method |
| CN110138772A (en) * | 2019-05-13 | 2019-08-16 | 上海英恒电子有限公司 | A kind of communication means, device, system, equipment and storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112511304A (en) * | 2020-11-26 | 2021-03-16 | 国网重庆市电力公司营销服务中心 | Power data privacy communication method based on hybrid encryption algorithm |
| CN114117548B (en) * | 2021-11-22 | 2024-10-29 | 闪捷信息科技有限公司 | Privacy-enhanced ECDSA collaborative signature method and device |
-
2022
- 2022-06-22 CN CN202210708166.3A patent/CN114785530B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9800410B1 (en) * | 2006-08-14 | 2017-10-24 | Key Holdings, LLC | Data encryption system and method |
| CN104052606A (en) * | 2014-06-20 | 2014-09-17 | 北京邮电大学 | Digital signature, signature authentication device and digital signature method |
| CN110138772A (en) * | 2019-05-13 | 2019-08-16 | 上海英恒电子有限公司 | A kind of communication means, device, system, equipment and storage medium |
Non-Patent Citations (3)
| Title |
|---|
| 《在区块链中基于混合算法的数字签名技术》;田道坤;《电子科技》;20180715;全文 * |
| 《基于改进ECC和AES算法的边缘数据保护技术研究》;房照东;《计算机与数字工程》;20220420;全文 * |
| AES与ECC混合加密算法的无线数据通信系统设计;闫茂德等;《微电子学与计算机》;20070705(第07期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114785530A (en) | 2022-07-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109309569B (en) | SM2 algorithm-based collaborative signature method and device and storage medium | |
| CN104243456B (en) | Suitable for signature of the cloud computing based on SM2 algorithms and decryption method and system | |
| US11824999B2 (en) | Chosen-plaintext secure cryptosystem and authentication | |
| CN109450640B (en) | SM 2-based two-party signature method and system | |
| US7218735B2 (en) | Cryptography method on elliptic curves | |
| CN109981285B (en) | Password protection method, password verification method and system | |
| US20150215117A1 (en) | White box encryption apparatus and method | |
| CN111404952B (en) | Transformer substation data encryption transmission method and device, computer equipment and storage medium | |
| CN109040060B (en) | Terminal matching method and system and computer equipment | |
| US20150188703A1 (en) | Key processing method and apparatus | |
| Bidmeshki et al. | Hardware-based attacks to compromise the cryptographic security of an election system | |
| CN114785530B (en) | Chip authentication method, device, equipment and storage medium | |
| CN110401524B (en) | Method and system for collaborative generation of secret-containing numbers by means of homomorphic encryption | |
| CN115664651B (en) | SM 9-based online and offline encryption and decryption method, system, equipment and medium | |
| CN117134900A (en) | Structure for realizing asymmetric encryption and control method | |
| CN113452508B (en) | Data encryption method, device, equipment and computer readable storage medium | |
| KR102067065B1 (en) | A matrix-vector multiplication apparatus based on message randomization which is safe for power analysis and electromagnetic analysis, and an encryption apparatus and method using the same | |
| Tsai et al. | High-efficient multi-key exchange protocol based on three-party authentication | |
| CN105515775B (en) | Efficient privacy protection signcryption method | |
| CN111131158A (en) | Single byte symmetric encryption and decryption method, device and readable medium | |
| CN117978388B (en) | Method, apparatus, device, medium and program product for key generation | |
| CN112131613B (en) | Mask operation method and device for SM2 algorithm | |
| US20220276841A1 (en) | Communication data text confusion encryption method | |
| CN112688909B (en) | Data transmission system, method, device, medium and equipment | |
| CN110601841B (en) | SM2 collaborative signature and decryption method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20220722 Assignee: SHENZHEN YUANAI ELECTRONIC TECHNOLOGY CO.,LTD. Assignor: Zhejiang core Gravity Technology Co.,Ltd. Contract record no.: X2023980053655 Denomination of invention: Certification methods, devices, devices, and storage media for chips Granted publication date: 20221004 License type: Common License Record date: 20231222 |
|
| EE01 | Entry into force of recordation of patent licensing contract |