CN101056173A - A RSA based joint electronic signature method - Google Patents

Abstract

The present invention relates to a united electronic signature method based on RSA, and the method includes the steps of: (1) the generation of key: A. the number of the united signature is N; B. finding two big prime numbers: p and q satisfying that p=2p' + 1 and q= 2q' + 1 wherein, p' and q' are prime; C. calculating n and phi(n), n=pq, and phi(n)=(p-1)(q-1); D. selecting ei<phi(n), i=0, 1, to, N, and ei and phi(n) are relatively prime; E. calculating di to form that diei=1 mod phi(n), i=0, 1, to, N; F. calculating that e= PIelmod phi(n); G. disclosing public key {n, e}; H. private key corresponding to said public key is calculated to be {n, d}, wherein d=PIdlmod Phi(n); (2)signing; (3)validating. The effective results of the present invention are: a plurality of private keys are used when signing, and each private key owner is unknown to the united private keys and the signing order is random, and the method in the present invention is simple and is compatible with the international popular RSA signing method when validating.

Description

A kind of associating electronic signature method based on RSA

Technical field

The present invention relates to the network security technology field, be specifically related to a kind of associating electronic signature method, be mainly used in network application fields such as E-Government, ecommerce based on RSA.

Background technology

Electronic signature is widely used in occasions such as network, communication, authentication, data integrity mark and check, particularly is applied in the digital certificates.Electronic signature is encrypted with the private key of signer a summary being signed data, and encrypted result becomes electronic signature, and the data that encrypted result and quilt are signed are sent to the verifier together.The verifier is that the PKI of used private key correspondence is decrypted electronic signature with signer in signature, and tries to achieve with identical digest algorithm and to be signed data and must make a summary.

But when being to use single private key to encrypt, be difficult to prevent that single private key owner from abusing private key unwarranted data are signed, and in present many private keys signature scheme, some is with to have the electronic signature that the single private key method of widely used RSA is produced in CA certificate now incompatible, and the method for some realization is very complicated.

Summary of the invention

The present invention has overcome the weak point of above-mentioned electronic signature method, and purpose is to provide the associating electronic signature method based on RSA, and this method is simple, and with existing CA certificate compatibility based on RSA.

The present invention achieves the above object by the following technical programs: a kind of associating electronic signature method based on RSA comprises the following steps:

(1) key generates:

A, the associating number of establishing joint signature are N;

B, searching two big prime number: p, q satisfy p=2p '+1, q=2q '+1, and wherein p ' and q ' they are prime numbers;

C, try to achieve n and φ (n), n=pq, φ (n)=(p-1) (q-1);

D, to i=0,1 ..., N selects the e of inequality _i＜φ (n), e _iCoprime with φ (n);

E, to i=0,1 ..., N asks d _i, make d _ie _i=1 mod φ (n);

F, calculation $e=\underset{i=1}{\overset{N}{\mathrm{\&Pi;}}}{e}_i\mathrm{mod}\mathrm{\&phi;}\left(n\right);$

G, announcement public key { n, e);

H, draw private key with the PKI correspondence be n, d), wherein $d=\underset{i=1}{\overset{N}{\mathrm{\&Pi;}}}{d}_i\mathrm{mod}\mathrm{\&phi;}\left(n\right);$

(2) signature:

With each private key summary info is signed successively, establish and treat that label information is M, its summary is m;

Make S ₀=m

$S_i={S_{i-1}}^{d_{k_i}}\mathrm{mod}n,i=\mathrm{1,2},...,N$

S＝S _N

S is electronic signature;

(3) checking:

S public key { n, e) checking:

$S^e={\left({({\left(m^{d_{k_1}}\right)}^{d_{k_2}}...)}^{d_{k_N}}\right)}^e={\left(m^{d_{k_1}{d}_{k_2}...d_{k_N}}\right)}^e=m^{\mathrm{de}}=m\mathrm{mod}n.$

As preferably, each private key owner is that { n is unknowable d) to private key.

As preferably, the order of each private key signature is arbitrarily

Beneficial effect of the present invention: this method is used a plurality of private keys when signature, each private key owner is unknowable to the private key of its associating, signature sequence is that this method is simple arbitrarily, and compatible mutually with at present popular in the world RSA signature method when checking.

Embodiment:

Embodiment 1: the present invention is further elaborated below by embodiment:

1, key generates

Get the associating number N=2 of joint signature.

1. seek two big prime number: p=107, q=167.

2. try to achieve n and φ (n), n=pq=17869, φ (n)=(p-1) (q-1)=17596.

3. select the e of inequality ₁=5, e ₁=7.

4. calculate $e=\underset{i=1}{\overset{N}{\mathrm{\&Pi;}}}{e}_i\mathrm{mod}\mathrm{\&phi;}\left(n\right)=35.$

5. seek d with the division algorithm of expansion ₁=14077, d ₂=10055; Checking d ₁e ₁=5 * 14077=70385=4 * 17596+1, and d ₂e ₂=7 * 10055=70385=4 * 17596+1.

6. with d ₁Write among the UKey 1 d ₂Write among the UKey 2.

7. abandon p, q, φ (n) and d ₁And d ₂(but keeping UKey).

8. announcement public key { n, e}={17869,35}.

2, signature

If wait to sign summary m=10341.

Sign successively with UKey 1 and 2 couples of m of UKey:

1.m＝10341＜n＝17869。

2. establishing signature sequence is 2,1, i.e. displacement { k ₁, k ₂}={ 2,1}.

3. make S ₀=m=10341.

4. calculate S ₁=10341 ¹⁰⁰⁵⁵Mod 17869=1400, S ₂=1400 ¹⁴⁰⁷⁷Mod 17869=7873.

5. make S=S ₂=7873.

3, checking

1. the verifier receives { m, S}={10341,7873}.Calculate V=S ^eMod n=7873 ³⁵Mod17869=10348=10341=m accepts signature.

The verifier receive { m, S ' }=10341,7872}.Calculate V=S ' ^eMod n=7872 ³⁵Mod17869=17684=/=10341=m, withhold one's signature.

Claims (3)

1, a kind of associating electronic signature method based on RSA is characterized in that, comprises the following steps:

(1) key generates:

A, the associating number of establishing joint signature are N;

B, searching two big prime number: p, q satisfy p=2p '+1, q=2q '+1, and wherein p ' and q ' they are prime numbers;

C, try to achieve n and φ (n), n=pq, φ (n)=(p-1) (q-1);

D, to i=0,1 ..., N, the e of selection inequality _i＜φ (n), e _iCoprime with φ (n);

E, to i=0,1 ..., N asks d _i, make d _ie _i=1mod φ (n);

F, calculation $e=\underset{i=1}{\overset{N}{\mathrm{\&Pi;}}}{e}_i\mathrm{mod}\mathrm{\&phi;}\left(n\right);$

G, announcement public key { n, e};

H, draw private key with the PKI correspondence be n, d}, wherein $d=\underset{i=1}{\overset{N}{\mathrm{\&Pi;}}}{d}_i\mathrm{mod}\mathrm{\&phi;}\left(n\right);$

(2) signature:

With each private key summary info is signed successively, establish and treat that label information is M, its summary is m;

Make S ₀=m

$S_i={S_{i-1}}^{d_{k_i}}\mathrm{mod}n,i=\mathrm{1,2},...,N$

S＝S _N

S is electronic signature;

(3) checking:

The S public key { n, the e} checking:

$S^e={\left({({\left(m^{d_{k_1}}\right)}^{d_{k_2}}...)}^{d_{k_N}}\right)}^e={\left(m^{d_{k_1}{d}_{k_2}...d_{k_N}}\right)}^e=m^{\mathrm{de}}=m\mathrm{mod}n.$

2, must ask 1 described associating electronic signature method according to power, it is characterized in that each private key owner is that { n, d} are unknowable to private key based on RSA.

3, must ask 1 described associating electronic signature method based on RSA according to power, it is characterized in that, the order of each private key signature is arbitrarily.