[go: up one dir, main page]

CN108667623B - An SM2 Elliptic Curve Signature Verification Algorithm - Google Patents

An SM2 Elliptic Curve Signature Verification Algorithm Download PDF

Info

Publication number
CN108667623B
CN108667623B CN201810524715.5A CN201810524715A CN108667623B CN 108667623 B CN108667623 B CN 108667623B CN 201810524715 A CN201810524715 A CN 201810524715A CN 108667623 B CN108667623 B CN 108667623B
Authority
CN
China
Prior art keywords
algorithm
elliptic curve
point
bit string
signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810524715.5A
Other languages
Chinese (zh)
Other versions
CN108667623A (en
Inventor
王丽雪
熊晓明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong University of Technology
Original Assignee
Guangdong University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong University of Technology filed Critical Guangdong University of Technology
Priority to CN201810524715.5A priority Critical patent/CN108667623B/en
Publication of CN108667623A publication Critical patent/CN108667623A/en
Application granted granted Critical
Publication of CN108667623B publication Critical patent/CN108667623B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Complex Calculations (AREA)

Abstract

本发明公开了一种SM2椭圆曲线签名验证算法,包括下述步骤:数字签名生成算法:输入签名方A的原始数据,包括椭圆曲线的系统参数(基点G、阶n),杂凑值ZA,签名方A的私钥dA,待签名的消息M;获取随机比特串W;本发明在数字签名生成的过程中,首先获取一段随机比特串,然后将待签名的消息与随机比特串异或操作后再与杂凑值进行与非运算,若签名信息在传输的过程中被不法分子截获,不法分子在不知道签名过程中的异或操作和与非操作的情况下,不能完全破解和伪造,从而提高了签名信息的安全性,防止不法分子截获签名信息后进行破解和伪造。

Figure 201810524715

The invention discloses an SM2 elliptic curve signature verification algorithm, comprising the following steps: a digital signature generation algorithm: inputting the original data of the signer A, including system parameters of the elliptic curve (base point G, order n), hash value ZA, signature Private key d A of party A, message M to be signed; obtain random bit string W; in the process of digital signature generation, the present invention first obtains a random bit string, and then XOR the message to be signed with the random bit string Then perform NAND operation with the hash value. If the signature information is intercepted by criminals during the transmission process, the criminals cannot completely crack and forge without knowing the XOR operation and NAND operation in the signature process. The security of the signature information is improved, preventing criminals from cracking and forging after intercepting the signature information.

Figure 201810524715

Description

SM2 elliptic curve signature verification algorithm
Technical Field
The invention relates to the technical field of information security, in particular to an SM2 elliptic curve signature verification algorithm.
Background
The identity authentication technology is the leading strength for ensuring information security, and the design and implementation of the authentication system become important. Only through the high-reliability identity authentication system, the information safety of both communication parties can be effectively guaranteed, and the information is prevented from being intercepted by lawbreakers in the transmission process. The SM2 is an elliptic curve public key cryptographic algorithm issued by the State crypto administration in 12, month and 17 of 2010, and the digital signature technology is an important application of the elliptic curve public key cryptographic algorithm, and plays an important role in modern electronic commerce and government affairs, so that the integrity of the message in the transmission process can be ensured, the identity of the sender can be authenticated, and the repudiation in the transaction can be prevented.
In the existing SM2 signature verification algorithm, in the process of signature generation (signature verification), the head-to-tail splicing operation is mostly directly performed on a message to be signed (a message to be verified) and a hash value, and the head-to-tail splicing mode is too simple, is easily attacked by lawbreakers and has low safety.
In the SM2 elliptic curve public key cryptographic algorithm, the most time consuming is the point multiplication algorithm, in the point multiplication algorithm, the most time consuming is the modular inverse operation, the required time is more than ten times of the modular multiplication operation, because the times of the modular inverse operation required to be carried out by completing one point multiplication operation under different coordinates are different, in the Montgomery point multiplication algorithm under an affine coordinate system, the modular inverse operation is required to be carried out once for each point operation (point addition and point multiplication), the multiple modular inverse operations consume a large amount of time, in the Montgomery point multiplication algorithm under a standard projection coordinate, the point operation (point addition and point multiplication) does not need to be carried out with the modular inverse operation, but the times of the modular multiplication operation are greatly increased, and a large amount of time is also consumed. The traditional Montgomery point multiplication algorithm usually only carries out point multiplication operation under one coordinate system, only uses one modular multiplication unit and adopts a serial calculation method, so that the point multiplication operation speed is low, and further, the whole signature verification process is slow in operation speed and consumes a large amount of time.
Disclosure of Invention
The invention aims to overcome the defects in the prior art and provide the SM2 elliptic curve signature verification algorithm with higher operation speed and higher safety.
The purpose of the invention is realized by the following technical scheme:
an SM2 elliptic curve signature verification algorithm, comprising the following steps:
s1, digital signature generation algorithm:
s1.1, inputting original data of a signing party A, including system parameters (base points G and order n) of an elliptic curve, a hash value ZA and a private key d of the signing party AAMessage M to be signed;
s1.2, acquiring a random bit string W;
s1.3, carrying out XOR operation on the message M and the random bit string W to obtain Mw
S1.4, hash values ZA and MwPerforming NAND operation to obtain Me
S1.5, adopting SM3 algorithm to pair MeCarrying out cipher hash operation to obtain a hash value e;
s1.6, generating a random number k belonging to [1, n-1 ];
s1.7, calculating elliptic curve points (x) by using a point multiplication algorithm1,y1)=[k]G;
S1.8, calculate r ═ e + x1)mod n;
S1.9, checking whether r is 0 or r + k is n, if yes, returning to S1.6, and if not, executing S1.10;
s1.10, calculate S ═ ((1+ d)A)-1*(k-r*dA))mod n;
S1.11, checking whether S is equal to 0, if yes, returning to S1.6, and if not, executing S1.12;
s1.12, outputting a random bit string W, a message M and a digital signature (r, S) thereof;
s2, digital signature verification algorithm:
s2.1, inputting the original data of the verifier B, including elliptic curve system parameters (base point G, order n) and the public key P of the signature party AARandom bit string W, hash value ZA, message M ' needing signature verification and digital signature (r ', s ') thereof;
s2.2, checking whether r' belongs to [1, n-1] or not, if yes, executing S2.3, and if not, outputting verification failure;
s2.3, checking whether S' belongs to [1, n-1] or not, if yes, executing S2.4, and if not, outputting verification failure;
s2.4, carrying out XOR operation on the message M' and the random bit string W to obtain Mw';
S2.5, hashing values ZA and Mw' conducting NAND operation to obtain Me';
S2.6, adopting SM3 algorithm to pair MePerforming cryptographic hash operation to obtain a hash value e';
s2.7, calculate t ═ r '+ S') mod n;
s2.8, checking whether t is 0, if yes, outputting the verification failure, and if not, executing S2.9;
s2.9, calculating elliptic curve points (x) by using a point multiplication algorithm1',y1')=[s']G+[t]PA
S2.10, calculate R ═ e' + x1')mod n;
And S2.11, checking whether R is satisfied or not, if so, outputting verification successfully, and if not, outputting verification failure.
Preferably, the point multiplication algorithm is a Montgomery point multiplication algorithm under standard projection coordinates, wherein C1、C2、C3Is three multiplication units, C1(XM,ZN) Is just a modular multiplication unit C1To XMAnd ZNPerforming modular multiplication operation; the dot multiplication algorithm comprises the following steps:
step one, input point G ═ xG,yG)∈E(F2m),k=(km-1,…k1,k0)2Wherein k isiIs belonged to {0,1}, and a positive integer i is belonged to [0, m-1 ]];
Converting the affine coordinates into standard projection coordinates, and performing the operation of the second step and the third step under the standard projection coordinates;
step two, let XM=1,ZM=0,XN=xG,ZN=1;
Calculating xG -1=1/xG
Step three, for i from m-1 to 0, repeatedly executing the following dot addition operation and multiple dot operation:
3.1,W1=C1(XM,ZN),W2=C2(XN,ZM);
in 3.1, the modular multiplication unit C1And C2The parallel operation can accelerate the operation speed and reduce the operation time;
3.2 if kiWhen the value is 0, then ZN=(W1+W2)2,XM=(XM+ZM)4
W1=C1(XM,ZM),W2=C2(W1,W2),W3=C3(xG,ZN),
XN=W2+W3,ZM=W1 2
In 3.2, the modular multiplication unit C1、C2、C3In parallelThe operation can be accelerated, and the operation time is reduced;
3.3 if ki1, then ZM=(W1+W2)2,XN=(XN+ZN)4
W1=C1(XN,ZN),W2=C2(W1,W2),W3=C3(xG,ZM),
XM=W2+W3,ZN=W1 2
In 3.3, the modular multiplication unit C1、C2、C3The parallel operation can accelerate the operation speed and reduce the operation time;
step four, if ZNWhen the value is 0, then XM=xG,ZM=xG+yG(ii) a Converting points under the standard projective coordinates into points under affine coordinates;
step five, if ZNNot equal to 0, then XM=XM/ZM,XN=XN/ZN
W2=C2(XM+xG,XN+xG),
W3=C3(XM+xG,xG -1),W4=W2+xG 2+yG
W2=C2(W3,W4),ZM=W2+yG(ii) a Converting points under the standard projective coordinates into points under affine coordinates;
step six, x1=XM,y1=ZM
Step seven, outputting [ k]G=(x1,y1)。
Compared with the prior art, the invention has the following beneficial effects:
(1) in the process of generating the digital signature, firstly, a section of random bit string is obtained, then, the message to be signed is subjected to XOR operation with the random bit string and then subjected to NAND operation with the hash value, if the signature information is intercepted by a lawbreaker in the transmission process, the lawbreaker cannot completely crack and forge under the condition that the XOR operation and the NAND operation in the signature process are unknown, so that the safety of the signature information is improved, and the lawbreaker is prevented from cracking and forging after intercepting the signature information;
(2) in the process of digital signature verification, the information to be verified is subjected to XOR operation with the random bit string and then subjected to NAND operation with the hash value, if the signature information to be verified is falsified by a lawbreaker in the transmission process, the falsified signature information cannot be verified successfully under the condition that the lawbreaker does not know the XOR operation and the NAND operation in the signature verification process, and therefore the safety of a verification system is improved;
(3) the point multiplication algorithm in the signature generation and signature verification processes adopts an improved Montgomery point multiplication algorithm to carry out point multiplication operation, converts affine coordinates into standard projection coordinates, eliminates the modular inverse operation in the point multiplication operation midpoint operation (point addition and point multiplication) process, carries out modular multiplication operation in a parallel calculation mode of three modular multiplication units, and simultaneously carries out the modular inverse operation required when converting the standard projection coordinates into the affine coordinates, greatly accelerates the speed of the point multiplication operation and reduces the operation time.
Drawings
FIG. 1 is a flow chart of a digital signature generation algorithm of the present invention;
FIG. 2 is a flow chart of a digital signature verification algorithm of the present invention;
FIG. 3 is a flowchart of the Montgomery dot product algorithm of the present invention.
Detailed Description
The present invention will be described in further detail with reference to examples and drawings, but the present invention is not limited thereto.
The invention aims to solve the technical problem of providing an SM2 elliptic curve signature verification algorithm, which improves an SM2 signature generation algorithm (signature verification algorithm), firstly, a section of random bit string is obtained, then, the message to be signed (the message to be verified) is subjected to XOR operation with the random bit string and then subjected to NAND operation with a hash value, the safety of a signature verification system is improved, a point multiplication algorithm in the processes of signature generation and signature verification adopts an improved Montgomery point multiplication algorithm to carry out point multiplication operation, affine coordinates are converted into standard projection coordinates, the modular inverse operation in the process of point multiplication operation (point addition and point multiplication) is eliminated, the modular multiplication operation is carried out in a mode of parallel calculation of three modular multiplication units, and the modular inverse operation required when the standard projection coordinates are converted into the affine coordinates is carried out simultaneously when the point operation (point addition and point multiplication) is carried out, the speed of dot product operation is greatly increased, and the operation time is reduced.
The SM2 elliptic curve and algorithm involved in the invention are defined in the binary field F2mThe equation of the elliptic curve is a non-super-singular curve y2+xy=x3+ax2+ b, where a, b ∈ F2mAnd b ≠ 0. Elliptic curve E (F)2m)={(x,y)|x,y∈F2mAnd satisfies the equation y2+xy=x3+ax2+ b } - [ O ], where O is an infinity point; will binary field F2mEquation y of non-super-singular elliptic curve2+xy=x3+ax2+ b conversion to equation Y in standard projection coordinates2Z+XYZ=X3+aX2Z+bZ3The projection point (X: Y: Z), Z ≠ 0 corresponds to the pseudo-spot (X/Z, Y/Z), and the infinity point ∞ corresponds to (0:1: 0).
As shown in fig. 1 to 3, an SM2 elliptic curve signature verification algorithm includes the following steps:
s1, as shown in fig. 1, the digital signature generation algorithm:
s1.1, inputting original data of a signing party A, including system parameters (base points G and order n) of an elliptic curve, a hash value ZA and a private key d of the signing party AAMessage M to be signed;
s1.2, acquiring a random bit string W;
s1.3, messagePerforming XOR operation on M and the random bit string W to obtain Mw
S1.4, hash values ZA and MwPerforming NAND operation to obtain Me
S1.5, adopting SM3 algorithm to pair MeCarrying out cipher hash operation to obtain a hash value e;
s1.6, generating a random number k belonging to [1, n-1 ];
s1.7, calculating elliptic curve points (x) by using a point multiplication algorithm1,y1)=[k]G;
S1.8, calculate r ═ e + x1)mod n;
S1.9, checking whether r is 0 or r + k is n, if yes, returning to S1.6, and if not, executing S1.10;
s1.10, calculate S ═ ((1+ d)A)-1*(k-r*dA))mod n;
S1.11, checking whether S is equal to 0, if yes, returning to S1.6, and if not, executing S1.12;
s1.12, outputting a random bit string W, a message M and a digital signature (r, S) thereof;
s2, as shown in fig. 2, the digital signature verification algorithm:
s2.1, inputting the original data of the verifier B, including elliptic curve system parameters (base point G, order n) and the public key P of the signature party AARandom bit string W, hash value ZA, message M ' needing signature verification and digital signature (r ', s ') thereof;
s2.2, checking whether r' belongs to [1, n-1] or not, if yes, executing S2.3, and if not, outputting verification failure;
s2.3, checking whether S' belongs to [1, n-1] or not, if yes, executing S2.4, and if not, outputting verification failure;
s2.4, carrying out XOR operation on the message M' and the random bit string W to obtain Mw';
S2.5, hashing values ZA and Mw' conducting NAND operation to obtain Me';
S2.6, adopting SM3 algorithm to pair MePerforming cryptographic hash operation to obtain a hash value e';
s2.7, calculate t ═ r '+ S') mod n;
s2.8, checking whether t is 0, if yes, outputting the verification failure, and if not, executing S2.9;
s2.9, calculating elliptic curve points (x) by using a point multiplication algorithm1',y1')=[s']G+[t]PA
S2.10, calculate R ═ e' + x1')mod n;
And S2.11, checking whether R is satisfied or not, if so, outputting verification successfully, and if not, outputting verification failure.
As shown in FIG. 3, the point multiplication algorithm is a Montgomery point multiplication algorithm under standard projection coordinates, wherein C1、C2、C3Is three multiplication units, C1(XM,ZN) Is just a modular multiplication unit C1To XMAnd ZNPerforming modular multiplication operation; the dot multiplication algorithm comprises the following steps:
step one, input point G ═ xG,yG)∈E(F2m),k=(km-1,…k1,k0)2Where ki is in the range of {0,1}, and the positive integer i is in the range of [0, m-1 }];
Converting the affine coordinates into standard projection coordinates, and performing the operation of the second step and the third step under the standard projection coordinates;
step two, let XM=1,ZM=0,XN=xG,ZN=1;
Calculating xG -1=1/xG
Step three, for i from m-1 to 0, repeatedly executing the following dot addition operation and multiple dot operation:
3.1,W1=C1(XM,ZN),W2=C2(XN,ZM);
in 3.1, the modular multiplication unit C1And C2The parallel operation can accelerate the operation speed and reduce the operation time;
3.2 if kiWhen the value is 0, then ZN=(W1+W2)2,XM=(XM+ZM)4
W1=C1(XM,ZM),W2=C2(W1,W2),W3=C3(xG,ZN),
XN=W2+W3,ZM=W1 2
In 3.2, the modular multiplication unit C1、C2、C3The parallel operation can accelerate the operation speed and reduce the operation time;
3.3 if k i1, then ZM=(W1+W2)2,XN=(XN+ZN)4
W1=C1(XN,ZN),W2=C2(W1,W2),W3=C3(xG,ZM),
XM=W2+W3,ZN=W1 2
In 3.3, the modular multiplication unit C1、C2、C3The parallel operation can accelerate the operation speed and reduce the operation time;
step four, if ZNWhen the value is 0, then XM=xG,ZM=xG+yG(ii) a Converting points under the standard projective coordinates into points under affine coordinates;
step five, if ZNNot equal to 0, then XM=XM/ZM,XN=XN/ZN
W2=C2(XM+xG,XN+xG),
W3=C3(XM+xG,xG -1),W4=W2+xG 2+yG
W2=C2(W3,W4),ZM=W2+yG(ii) a Converting points under the standard projective coordinates into points under affine coordinates;
step six, x1=XM,y1=ZM
Step seven, outputting [ k]G=(x1,y1)。
In the process of generating the digital signature, firstly, a section of random bit string is obtained, then, the message to be signed is subjected to XOR operation with the random bit string and then subjected to NAND operation with the hash value, if the signature information is intercepted by a lawbreaker in the transmission process, the lawbreaker cannot completely crack and forge under the condition that the XOR operation and the NAND operation in the signature process are unknown, so that the safety of the signature information is improved, and the lawbreaker is prevented from cracking and forging after intercepting the signature information; in the process of digital signature verification, the information to be verified is subjected to XOR operation with the random bit string and then subjected to NAND operation with the hash value, if the signature information to be verified is tampered by a lawbreaker in the transmission process, the tampered signature information cannot be verified successfully under the condition that the lawbreaker does not know the XOR operation and the NAND operation in the signature verification process, and therefore the safety of a verification system is improved; the point multiplication algorithm in the signature generation and signature verification processes adopts an improved Montgomery point multiplication algorithm to carry out point multiplication operation, affine coordinates are converted into standard projection coordinates, the modular inverse operation in the point multiplication operation midpoint operation (point addition and point multiplication) process is eliminated, the modular multiplication operation is carried out in a parallel calculation mode of three modular multiplication units, and the modular inverse operation required when the standard projection coordinates are converted into the affine coordinates is carried out simultaneously when the point operation (point addition and point multiplication) is carried out, so that the speed of the point multiplication operation is greatly accelerated, and the operation time is reduced; the integrity of the message in the transmission process can be ensured, the identity of the sender is authenticated, and the repudiation in the transaction is prevented.
The present invention is not limited to the above embodiments, and any other changes, modifications, substitutions, combinations, and simplifications which do not depart from the spirit and principle of the present invention should be construed as equivalents and are included in the scope of the present invention.

Claims (1)

1. An SM2 elliptic curve signature verification method is characterized by comprising the following steps:
s1, digital signature generation algorithm:
s1.1, inputting original data of a signing party A, including system parameters of an elliptic curve: base point G, order n, hash value ZA, private key d of signer AAMessage M to be signed;
s1.2, acquiring a random bit string W;
s1.3, carrying out XOR operation on the message M and the random bit string W to obtain Mw
S1.4, hash values ZA and Mw Performing NAND operation to obtain Me
S1.5, adopting SM3 algorithm to pair Me Carrying out cipher hash operation to obtain a hash value e;
s1.6, generating a random number k belonging to [1, n-1 ];
s1.7, calculating elliptic curve points (x) by using a point multiplication algorithm1,y1)=[k]G;
S1.8, calculate r = (e + x)1)mod n;
S1.9, checking whether r =0 or r + k = n is true, if true, returning to S1.6, and if not, executing S1.10;
s1.10, calculate S = ((1+ d)A)-1*(k-r*dA))mod n;
S1.11, checking whether S =0 is established, if yes, returning to S1.6, and if not, executing S1.12;
s1.12, outputting a random bit string W, a message M and a digital signature (r, S) thereof;
s2, digital signature verification algorithm:
s2.1, inputting original data of a verifier B, wherein the original data comprises elliptic curve system parameters: base point G, order n, public key P of signer AARandom bit string W, hash value ZA, message M ' needing signature verification and digital signature (r ', s ') thereof;
s2.2, checking whether r' belongs to [1, n-1] or not, if yes, executing S2.3, and if not, outputting verification failure;
s2.3, checking whether S' belongs to [1, n-1] or not, if yes, executing S2.4, and if not, outputting verification failure;
s2.4, carrying out XOR operation on the message M' and the random bit string W to obtain Mw';
S2.5, hashing values ZA and Mw' conducting NAND operation to obtain Me';
S2.6, adopting SM3 algorithm to pair MePerforming cryptographic hash operation to obtain a hash value e';
s2.7, calculate t = (r '+ S') mod n;
s2.8, checking whether t =0 is true, if true, outputting verification failure, and if false, executing S2.9;
s2.9, calculating elliptic curve points (x) by using a point multiplication algorithm1',y1')=[s']G+[t]PA
S2.10, calculate R = (e' + x)1')mod n;
S2.11, checking whether R = R' is true, if true, outputting verification successfully, and if false, outputting verification failure;
the point multiplication algorithm is a Montgomery point multiplication algorithm under standard projection coordinates, wherein C1、C2、C3 Is three multiplication units, C1(XM,ZN) Namely, the modular multiplication unit C1 To XM And ZN Performing modular multiplication operation; the dot multiplication algorithm comprises the following steps:
step one, input point G = (x)G,yG)∈E(F2m),k=(km-1,…k1,k0)2
Wherein k isiIs belonged to {0,1}, and a positive integer i is belonged to [0, m-1 ]];
Converting affine coordinates into standard projection coordinates and performing affine transformation under the standard projection coordinates
Carrying out the operation of the second step and the third step;
step two, let XM=1,ZM=0,XN=xG,ZN=1;
Calculating xG -1=1/xG
Step three, for i from m-1 to 0, repeatedly executing the following dot-addition operation sum
And (3) point doubling operation:
3.1,W1=C1(XM,ZN),W2=C2(XN,ZM);
in 3.1, the modular multiplication unit C1 And C2 Parallel operation, the operation speed can be accelerated
The calculation time is reduced;
3.2 if ki=0, then ZN=(W1+W2)2,XM=(XM+ZM)4
W1=C1(XM,ZM),W2=C2(W1,W2),W3=C3(xG,ZN), XN=W2+W3,ZM=W12
In 3.2, the modular multiplication unit C1、C2、C3 The parallel operation can accelerate the operation speed and reduce the operation time;
3.3 if ki=1, then ZM=(W1+W2)2,XN=(XN+ZN)4
W1=C1(XN,ZN),W2=C2(W1,W2),W3=C3(xG,ZM), XM=W2+W3,ZN= W12
In 3.3, the modular multiplication unit C1、C2、C3 The parallel operation can accelerate the operation speed and reduce the operation time;
step four, if ZN=0, then XM=xG,ZM=xG+yG(ii) a Converting points under the standard projective coordinates into points under affine coordinates;
step five, if ZNNot equal to 0, then XM=XM/ZM,XN=XN/ZN
W2=C2(XM+xG,XN+xG),
W3=C3(XM+xG,xG-1),W4=W2+xG2+yG,
W2=C2(W3,W4),ZM=W2+yG(ii) a Converting points under the standard projective coordinates into points under affine coordinates;
step six, x1=XM,y1=ZM
Step seven, outputting [ k]G=(x1,y1);
Wherein, E (F)2m) To comprise 2m Binary field F of individual elements2m All rational points of the elliptic curve E above: a set comprising points at infinity; e is an elliptic curve in a binary domain; f2m To comprise 2m A binary field of elements; m is a binary field F2m With respect to finite field F2 The number of expansions of (c); f2 Is a finite field containing 2 elements; xM,ZN,XN,ZM Are auxiliary variables defined for convenient operation in the dot product operation process.
CN201810524715.5A 2018-05-28 2018-05-28 An SM2 Elliptic Curve Signature Verification Algorithm Active CN108667623B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810524715.5A CN108667623B (en) 2018-05-28 2018-05-28 An SM2 Elliptic Curve Signature Verification Algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810524715.5A CN108667623B (en) 2018-05-28 2018-05-28 An SM2 Elliptic Curve Signature Verification Algorithm

Publications (2)

Publication Number Publication Date
CN108667623A CN108667623A (en) 2018-10-16
CN108667623B true CN108667623B (en) 2021-10-19

Family

ID=63777937

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810524715.5A Active CN108667623B (en) 2018-05-28 2018-05-28 An SM2 Elliptic Curve Signature Verification Algorithm

Country Status (1)

Country Link
CN (1) CN108667623B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109547199B (en) * 2018-11-19 2021-07-02 武汉大学 A method for multi-party joint generation of SM2 digital signature
CN110022210B (en) * 2019-03-28 2022-03-15 思力科(深圳)电子科技有限公司 Signature verification method based on elliptic curve password, signature end and signature verification end
CN110336674B (en) * 2019-06-21 2022-06-24 矩阵元技术(深圳)有限公司 Scope proof method, apparatus, computer equipment and storage medium
CN110365481A (en) * 2019-07-04 2019-10-22 上海交通大学 Optimal implementation system and method for accelerating state secret SM2 algorithm
CN111147250B (en) * 2019-12-18 2022-08-02 北京江南天安科技有限公司 Digital signature method, device, sending end, receiving end and system
CN112134704B (en) * 2020-09-21 2022-04-01 中国电子科技网络信息安全有限公司 Sm2 performance optimization implementing method
CN112491560A (en) * 2020-12-11 2021-03-12 武汉大学 SM2 digital signature method and medium supporting batch verification
CN112632475B (en) * 2020-12-30 2024-03-29 郑州轻工业大学 A picture copyright protection system and protection method based on national secrets and picture steganography
CN113158176B (en) * 2021-06-02 2022-08-02 工业信息安全(四川)创新中心有限公司 Public key analysis method, device, equipment and storage medium based on SM2 signature
CN113055189B (en) * 2021-06-02 2021-08-10 工业信息安全(四川)创新中心有限公司 SM2 digital signature verification failure reason judgment method, device, equipment and medium
CN114205085A (en) * 2021-12-03 2022-03-18 东北大学 Optimization processing method of SM2 and transformation method of super book fabric platform

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1700637A (en) * 2005-05-18 2005-11-23 上海迪申电子科技有限责任公司 A novel elliptic curve password coprocessor
CN101782845A (en) * 2009-01-20 2010-07-21 北京华大信安科技有限公司 High speed arithmetic device and method of elliptic curve code
CN105099672A (en) * 2015-08-04 2015-11-25 东南大学 Hybrid encryption method and device for realizing the same
CN105574269A (en) * 2015-12-16 2016-05-11 青岛大学 Design verification method of special instruction processor
EP3099003A1 (en) * 2015-05-28 2016-11-30 Nxp B.V. Efficient key derivation with forward secrecy
CN107425968A (en) * 2017-06-22 2017-12-01 广东工业大学 A kind of SM2 elliptic curve public key cryptographic algorithms under binary field F2m realize system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108964899B (en) * 2018-07-01 2021-03-12 深圳市有传科技有限公司 Method and device for timing encryption of dynamic formula and multiple synchronous dynamic passwords

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1700637A (en) * 2005-05-18 2005-11-23 上海迪申电子科技有限责任公司 A novel elliptic curve password coprocessor
CN101782845A (en) * 2009-01-20 2010-07-21 北京华大信安科技有限公司 High speed arithmetic device and method of elliptic curve code
EP3099003A1 (en) * 2015-05-28 2016-11-30 Nxp B.V. Efficient key derivation with forward secrecy
CN105099672A (en) * 2015-08-04 2015-11-25 东南大学 Hybrid encryption method and device for realizing the same
CN105574269A (en) * 2015-12-16 2016-05-11 青岛大学 Design verification method of special instruction processor
CN107425968A (en) * 2017-06-22 2017-12-01 广东工业大学 A kind of SM2 elliptic curve public key cryptographic algorithms under binary field F2m realize system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
谈谈异或加密;lazying_bird;《https://blog.csdn.net/a_flying_bird/article/details/38443945》;20140808;第5页 *

Also Published As

Publication number Publication date
CN108667623A (en) 2018-10-16

Similar Documents

Publication Publication Date Title
CN108667623B (en) An SM2 Elliptic Curve Signature Verification Algorithm
CN108989047B (en) A method and system for co-signature between two communication parties based on SM2 algorithm
CN112422288B (en) SM2 algorithm-based two-party collaborative signature method for resisting energy analysis attack
CN108667627B (en) SM2 Digital Signature Method Based on Two-Party Collaboration
CN115473635B (en) A method and device for generating SM2 two-party adapter signature against malicious adversaries
WO2020181822A1 (en) Method and apparatus for checking consistency of encrypted data, and computer device and storage medium
CN109743166B (en) Multiparty signature generation method and security information verification system
CN110535635B (en) Cooperative signature method and system supporting information hiding
CN114567448B (en) Collaborative signature method and collaborative signature system
CN107171788B (en) Identity-based online and offline aggregated signature method with constant signature length
CN110535636B (en) Lightweight cooperative signature method and device based on SM2 algorithm
CN107911217B (en) Method and device for cooperatively generating signature based on ECDSA algorithm and data processing system
CN111447065B (en) An active and secure two-party generation method of SM2 digital signature
CN109639439A (en) A kind of ECDSA digital signature method based on two sides collaboration
CN115174058B (en) Two-party adapter signature generation method and system based on SM2 algorithm
CN118555077B (en) Adapter signature generation method and device
CN110932866B (en) A Ring Signature Generation Method Based on SM2 Digital Signature Algorithm
CN115378615A (en) Collaborative signature method, device, electronic device and storage medium
CN116232578A (en) A multi-party cooperative signature system, method and device integrating quantum key distribution
CN118784227A (en) An efficient cloud auditing method based on binary tree key structure
TW202443380A (en) Business parameter comparison method, device, system and storage medium
CN116015679B (en) Government cloud multi-cloud management authentication system based on SM2 digital signature
CN117478335A (en) Certificateless collaborative signature method, device, medium and electronic equipment
CN110035065A (en) Data processing method, relevant apparatus and computer storage medium
CN116405221A (en) Post-quantum identity signature generation and verification method and system based on symmetric cryptographic primitives

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant