[go: up one dir, main page]

CN116192396B - Signature rapid generation method and device, electronic equipment and computer storage medium - Google Patents

Signature rapid generation method and device, electronic equipment and computer storage medium

Info

Publication number
CN116192396B
CN116192396B CN202211546358.5A CN202211546358A CN116192396B CN 116192396 B CN116192396 B CN 116192396B CN 202211546358 A CN202211546358 A CN 202211546358A CN 116192396 B CN116192396 B CN 116192396B
Authority
CN
China
Prior art keywords
private key
matrix
digital signature
signature
public key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211546358.5A
Other languages
Chinese (zh)
Other versions
CN116192396A (en
Inventor
郑杰骞
钟源
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aisino Corp
Original Assignee
Aisino Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aisino Corp filed Critical Aisino Corp
Priority to CN202211546358.5A priority Critical patent/CN116192396B/en
Publication of CN116192396A publication Critical patent/CN116192396A/en
Application granted granted Critical
Publication of CN116192396B publication Critical patent/CN116192396B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

本申请实施例提供了一种签名快速生成方法、装置、电子设备及计算机存储介质,该签名快速生成方法包括:生成第一随机数;根据所述第一随机数从预先生成的私钥矩阵中抽取m个第一矩阵元素,其中,m为大于等于2的正整数;从预先生成且与所述私钥矩阵相对应的公钥矩阵中抽取m个与所述第一矩阵元素坐标相同的第二矩阵元素;将所述m个第一矩阵元素相加获得第一私钥,并将所述m个第二矩阵元素相加获得第一公钥;根据所述第一私钥、所述第一公钥、和预先生成的散列值生成数字签名。本申请提供的签名快速生成方法计算量较低,可适用于国密SM2签名、ECDSA签名等,因此具有较高的适用性。

The embodiment of the present application provides a method, device, electronic device and computer storage medium for rapid signature generation, which includes: generating a first random number; extracting m first matrix elements from a pre-generated private key matrix according to the first random number, wherein m is a positive integer greater than or equal to 2; extracting m second matrix elements with the same coordinates as the first matrix elements from a pre-generated public key matrix corresponding to the private key matrix; adding the m first matrix elements to obtain a first private key, and adding the m second matrix elements to obtain a first public key; generating a digital signature according to the first private key, the first public key, and a pre-generated hash value. The rapid signature generation method provided by the present application has a low computational complexity and can be applied to national secret SM2 signatures, ECDSA signatures, etc., and therefore has high applicability.

Description

Signature rapid generation method and device, electronic equipment and computer storage medium
Technical Field
The embodiment of the application relates to the technical field of information security, in particular to a method and a device for rapidly generating a signature, electronic equipment and a computer storage medium.
Background
With the development of technologies such as cloud platform, big data, blockchain and the like, the security of data becomes a critical problem, so that corresponding security technical measures need to be adopted for the data. The digital signature mechanism is used as one of means for guaranteeing the network information security, so that the problems of counterfeiting, repudiation, impersonation, data falsification and the like can be solved, and the data security is improved.
At present, cryptographic equipment adopts a national secret SM2 elliptic curve algorithm to generate a digital signature, or ECDSA signature and the like.
However, when the digital signature is generated by using the national secret SM2 elliptic curve algorithm, ECDSA or the like, the calculation amount is large by performing dot product operation on fixed base points on the elliptic curve, and the requirement on the performance of the password equipment is high, so that the applicability of the existing signature generation method is low. The signature performance of the same cipher equipment in unit time can be improved by reducing the operation amount of the signature.
Disclosure of Invention
In view of the above, embodiments of the present application provide a method, an apparatus, an electronic device and a computer storage medium for generating a signature, so as to at least partially solve the above-mentioned problems.
According to a first aspect of the embodiment of the application, a signature rapid generation method is provided, and the method comprises the steps of generating a first random number, extracting m first matrix elements from a pre-generated private key matrix according to the first random number, wherein m is a positive integer greater than or equal to 2, extracting m second matrix elements with the same coordinates as the first matrix elements from a pre-generated public key matrix corresponding to the private key matrix, adding the m first matrix elements to obtain a first private key, adding the m second matrix elements to obtain a first public key, and generating a digital signature according to the first private key, the first public key and a pre-generated hash value.
In one possible implementation manner, the extracting M first matrix elements from a pre-generated private key matrix according to the first random number includes determining M bytes from M bytes included in the first random number, where M is a positive integer greater than or equal to M, determining M matrix coordinates according to content corresponding to the M bytes in the first random number, and extracting M first matrix elements corresponding to the matrix coordinates from the private key matrix according to the M matrix coordinates.
In one possible implementation, extracting m second matrix elements from a public key matrix that is pre-generated and corresponds to the private key matrix includes extracting m second matrix elements from the public key matrix that correspond to the matrix coordinates according to the m matrix coordinates.
In one possible implementation manner, the generating the digital signature according to the first private key, the first public key and the pre-generated hash value comprises the steps of obtaining a second private key and a second public key for generating the digital signature last time, adding the first private key and the second private key for generating the digital signature last time to obtain the second private key for generating the digital signature last time, adding the first public key and the second public key for generating the digital signature last time to obtain the second public key for generating the digital signature last time, and generating the digital signature last time according to the second private key for generating the digital signature last time, the second public key for generating the digital signature last time and the hash value.
In one possible implementation manner, before the generating of the digital signature of the current time according to the second private key for generating the digital signature of the current time, the second public key for generating the digital signature of the current time and the hash value, the method further comprises judging whether the second private key is equal to 0, and if the second private key is equal to 0, executing the generating of the first random number to regenerate the second private key.
In one possible implementation manner, the method for generating the digital signature of the current time according to the second private key for generating the digital signature of the current time, the second public key for generating the digital signature of the current time and the hash value comprises the steps of generating a first signature part according to the hash value and/or the second public key for generating the digital signature of the current time, generating a second signature part according to the hash value and/or the second private key for generating the digital signature of the current time, and combining the first signature part and the second signature part to generate the digital signature.
In one possible implementation, before the combining the first signature part and the second signature part to generate the digital signature, the method further includes determining whether the first signature part and the second signature part are equal to 0, and if the first signature part and/or the second signature part are equal to 0, performing the generating of the first random number to regenerate the digital signature.
According to a second aspect of the embodiment of the application, a signature rapid generation device is provided, and the device comprises a first generation module, a first extraction module, a second extraction module and a calculation module, wherein the first generation module is used for generating a first random number, the first extraction module is used for extracting m first matrix elements from a pre-generated private key matrix according to the first random number, wherein m is a positive integer greater than or equal to 2, the second extraction module is used for extracting m second matrix elements with the same coordinates as the first matrix elements from a pre-generated public key matrix corresponding to the private key matrix, the calculation module is used for adding the m first matrix elements to obtain a first private key and adding the m second matrix elements to obtain a first public key, and the second generation module is used for generating a digital signature according to the first private key, the first public key and a pre-generated hash value.
According to a third aspect of the embodiment of the present application, there is provided an electronic device, including a processor, a memory, a communication interface, and a communication bus, where the processor, the memory, and the communication interface complete communication with each other through the communication bus, and the memory is configured to store at least one executable instruction, where the executable instruction causes the processor to perform an operation corresponding to the method according to the first aspect.
According to a fourth aspect of embodiments of the present application, there is provided a computer storage medium having stored thereon a computer program which, when executed by a processor, implements the method according to the first aspect.
According to the signature rapid generation method provided by the embodiment of the application, the first matrix element and the second matrix element are extracted through the generated random number, the extracted first matrix element is added to obtain the first private key, and the second matrix element is added to obtain the first public key, so that the digital signature is generated according to the first private key, the first public key and the hash value, the first public key generated by adopting the first private key generated by finite field addition operation and the first public key generated by elliptic curve point addition operation replaces the result of the point multiplication operation of generating the random number k and calculating k and the base point G in the existing signature generation method, the generation process of the digital signature is free from the point multiplication operation, the operation amount of a small amount of finite field addition operation and a small amount of elliptic curve point addition operation is far smaller than that of one point multiplication operation, therefore, the operation amount of the signature rapid generation method is lower, only 1/10 of the elliptic curve point multiplication operation amount is needed, the performance requirement on the cryptographic equipment is lower, and the signature rapid generation method is suitable for the cryptographic equipment with poor performance and has higher applicability. The signature performance of the same cipher device in unit time can be improved by reducing the operation amount of the signature.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the embodiments of the present application, and other drawings may be obtained according to these drawings for a person having ordinary skill in the art.
FIG. 1 is a flow chart of a method for quickly generating a signature provided by an embodiment of the application;
FIG. 2 is a flow chart of another method for rapid signature generation provided by an embodiment of the present application;
FIG. 3 is a schematic diagram of a signature rapid generation device according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to better understand the technical solutions in the embodiments of the present application, the following description will clearly and completely describe the technical solutions in the embodiments of the present application with reference to the accompanying drawings in the embodiments of the present application, and it is obvious that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which are derived by a person skilled in the art based on the embodiments of the present application, shall fall within the scope of protection of the embodiments of the present application.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any or all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the application. The term "if" as used herein may be interpreted as "at..once" or "when..once" or "in response to a determination", depending on the context.
Fig. 1 is a flowchart of a method for quickly generating a signature according to an embodiment of the present application, as shown in fig. 1, the method includes steps 101 to 105 as follows:
Step 101, a first random number is generated.
The first random number is generated, which may be generated according to the user's ID, or may be a randomly generated array, a randomly generated number, or the like.
Step 102, extracting m first matrix elements from a pre-generated private key matrix according to a first random number, wherein m is a positive integer greater than or equal to 2.
According to the first random number, m first matrix elements are randomly extracted from the private key matrix, m is a preset positive integer greater than or equal to 2, and in order to balance the calculation amount and the security requirement, the value range of m is generally 3-5, for example, m is 5, and then 5 first matrix elements are extracted from the private key matrix.
It should be understood that when the signing device is initialized, a private key matrix is automatically generated, after the private key matrix is generated, a public key matrix corresponding to the private key matrix is automatically generated according to a conversion relationship between the private key matrix and the public key matrix, for example, a 16×16 private key matrix and a corresponding 16×16 public key matrix are respectively generated, and the specific generating methods of the private key matrix and the public key matrix are not limited in the present application.
Step 103, extracting m second matrix elements with the same coordinates as the first matrix elements from a public key matrix which is generated in advance and corresponds to the private key matrix.
And randomly extracting m second matrix elements with the same coordinates as the first matrix elements from the public key matrix according to the first random number.
Step 104, adding m first matrix elements to obtain a first private key, and adding m second matrix elements to obtain a first public key.
The extracted m first matrix elements are added to obtain a first private key sk m, the extracted m second matrix elements are added to obtain a first public key PK m, and the public key corresponding to the first private key sk m is the first public key PK m according to the combined public key.
Since the matrix elements in the private key matrix and the public key matrix are different, the m first matrix elements extracted from the private key matrix are added to form a finite field addition operation, and the m second matrix elements extracted from the public key matrix are added to form a point addition operation of an elliptic curve.
Step 105, generating a digital signature according to the first private key, the first public key and a pre-generated hash value.
A digital signature is generated from the first private key sk m, the first public key PK m, and a pre-generated hash value.
In the embodiment of the application, the first matrix element and the second matrix element are extracted through the generated random number, the first private key is obtained by adding the extracted first matrix element, and the first public key is obtained by adding the second matrix element, so that the digital signature is generated according to the first private key, the first public key and the hash value, the first public key generated by adopting the first private key generated by finite field addition operation and the first public key generated by elliptic curve point addition operation replaces the result of the dot multiplication operation of the generated random number k, the calculation k and the base point G in the existing signature generation method, the dot multiplication operation is not needed in the generation process of the digital signature, and the operation amount of a small amount of finite field addition operation and a small amount of elliptic curve point addition operation is far smaller than that of one dot multiplication operation. The signature performance of the same cipher device in unit time can be improved by reducing the operation amount of the signature.
In one possible implementation manner, when M first matrix elements are extracted from a pre-generated private key matrix according to a first random number, M bytes may be determined from M bytes included in the first random number, where M is a positive integer greater than or equal to M, then M matrix coordinates are determined according to content corresponding to the M bytes in the first random number, and then M first matrix elements corresponding to the matrix coordinates are extracted from the private key matrix according to the M matrix coordinates.
The m bytes are randomly determined from all bytes included in the first random number, for example, m bytes before the first random number, m bytes after the first random number, m bytes in random order of random positions, and the like. And determining m matrix coordinates according to the determined m bytes, and extracting m first matrix elements corresponding to the coordinates from the private key matrix according to the m matrix coordinates.
It should be noted that, the positions of the elements in the private key matrix and the public key matrix may be represented by bytes, so that the matrix coordinates may be determined by the bytes, and thus, the matrix element located at the current position may be extracted according to the position corresponding to the matrix coordinates in the matrix.
In the embodiment of the application, m first matrix elements are randomly extracted according to a plurality of bytes included in the first random number, so that a random extraction function is realized, and the randomness of the first private key is ensured, thereby enabling the generated digital signature to have randomness. To ensure the security of the quick generation of the signature, the first private key sk m needs to be able to cover the entire range of [1, n-1 ].
In one possible implementation, m second matrix elements identical to the first matrix element coordinates are extracted from a public key matrix that is generated in advance and corresponds to the private key matrix, and m second matrix elements corresponding to the matrix coordinates may be extracted from the public key matrix according to the m matrix coordinates.
The extraction rule of the second matrix element is similar to that of the first matrix element, and is not described here again.
The public key corresponding to the first private key sk m generated by combining the m first matrix elements according to the combined public key is the first public key PK m generated by combining the m second matrix elements with the same coordinates as the first matrix elements.
In one possible implementation, when generating the hash information, the preprocessing information may be generated according to the relevant parameters of the elliptic curve and the identity of the signer, and the hash value may be generated according to the preprocessing information.
Initializing elliptic curve related parameters, calculating preprocessing information through a formula ZA=H256(ENTLA||IDA||a||b||xG||yG||xA||yA), wherein Z A is used for representing the preprocessing information, H 256 () is used for representing a hash function, ID A is used for representing a signer identity, ENTL A is two bytes converted by the bit length of ID A, a and b are used for representing two elements in a prime field Fp and satisfy y 2=x3+ax+b,(xG,yG) is used for representing coordinates of a base point G on the elliptic curve, n is an order of the base point G, (x A,yA) is used for representing a signature public key held by the signer, and a corresponding signature private key is d A, namely (x A,yA)=dA) G.
After the preprocessing information Z A is calculated, a hash value is calculated according to the preprocessing information Z A by the following formula e=h v(ZA ||m), where H v () is used to characterize the hash function, M is used to characterize the encoding of the information to be transmitted, and e is used to characterize the hash value. So that generation of a hash value can be achieved.
It should be appreciated that H 256 () and H v () are used to characterize a hash function, typically the cryptographic SM3 hash algorithm, by which a hash value can be generated.
In the embodiment of the application, the preprocessing information is generated through the relevant parameters of the elliptic curve and the identity of the signer, so that the hash value can be generated according to the preprocessing information, the preprocessing process in the rapid signature generation process is completed, and the normal operation of the rapid signature generation process is ensured.
Fig. 2 is a flowchart of another signature quick generation method according to an embodiment of the present application, as shown in fig. 2, the method includes the following steps 201 to 208:
step 201, a first random number is generated.
Step 202, extracting m first matrix elements from a pre-generated private key matrix according to a first random number, wherein m is a positive integer greater than or equal to 2.
Step 203, extracting m second matrix elements with the same coordinates as the first matrix elements from a public key matrix which is generated in advance and corresponds to the private key matrix.
Step 204, adding m first matrix elements to obtain a first private key, and adding m second matrix elements to obtain a first public key.
The first private key corresponds to a combination of m first matrix elements and the first public key corresponds to a combination of m second matrix operations.
It should be noted that, the steps 201 to 204 are similar to the steps 101 to 104 in other embodiments of the present application, and detailed descriptions thereof are omitted herein, and detailed descriptions of the steps 101 to 104 in other embodiments of the present application are omitted.
Step 205, obtain the second private key and the second public key used for last generation of the digital signature.
The second private key and the second public key used last time the digital signature was generated are obtained.
It should be appreciated that different digital signature devices may generate digital signatures multiple times depending on the signer's difference or data, e.g., two data of signer a may run a two-time digital signature method to generate two digital signatures, and then signer B may generate one digital signature for a total of 3 digital signatures. Thus, the second private key and the second public key used when the digital signature device performs the second digital signature are obtained for the first digital signature, the second private key and the second public key used for the second signature are obtained for the third signature, and so on.
Step 206, adding the first private key and the second private key used for generating the digital signature last time to obtain the second private key used for generating the digital signature last time.
Adding the first private key generated this time and the second private key used for generating the digital signature last time to obtain a second private key used for generating the digital signature this time, that is, sk i=ski-1+skm,ski is used for representing the second private key used for generating the digital signature this time, sk i-1 is used for representing the second private key used for generating the digital signature last time, and sk m is used for representing the first private key. The second private key of the ith signature thus corresponds to a combination of i x m first matrix elements.
Step 207, adding the first public key to the second public key used for generating the digital signature last time, and obtaining the second public key used for generating the digital signature currently.
And adding the first public key generated at this time and the second public key used for generating the digital signature last time to obtain the second public key used for generating the digital signature at this time, namely PK i=PKi-1+PKm,PKi is used for representing the second public key used for generating the digital signature at this time, PK i-1 is used for representing the second public key used for generating the digital signature last time, and PK m is used for representing the first public key. The second public key of the ith signature thus corresponds to a combination of i x m second matrix elements.
It should be understood that, since the private key matrix and the public key matrix are usually not too large, and are generally 16×16 matrices, only 256 elements, or j×j matrices, and only j 2 elements, 3-5 elements are randomly selected and added, and the first private key cannot cover the whole range of the finite field [1, n-1], so that the combination of the private key and the public key can be infinitely many by always accumulating in the generation process of the private key and the public key, the second private key can cover the whole range of [1, n-1], the range [1, n-1] of generating the random number k in the original signature step is satisfied, and the second public key is the public key corresponding to the second private key, so that the result of generating the random number k and calculating the dot product of k and the base point G in the original signature step can be replaced. And the first/second private key and the first/second public key are intermediate values of signature operation and are not disclosed, and the first matrix and the second matrix are not disclosed, so that linear collusion attack of the combined public keys can be avoided.
Step 208, generating the digital signature of the current time according to the second private key for generating the digital signature of the current time, the second public key for generating the digital signature of the current time and the hash value.
The current digital signature is generated from the current second private key sk i that generated the digital signature, the current second public key PK i that generated the digital signature, and the hash value.
In the embodiment of the application, a plurality of first matrix elements and second matrix elements are randomly selected, and the second private key and the second public key are always respectively accumulated to generate the digital signature according to the second private key and the second public key, so that the generation of the digital signature is realized, the second private key and the second public key used by accumulating the last digital signature when the second private key and the second public key are generated are accumulated, the generation range of the second private key and the second public key is larger, the generation range of the random number k of the original signature is met, the related matrix and the result are not disclosed as the intermediate value of the signature, the situation that the digital signature is cracked due to collusion attack is avoided, and the safety of the rapid signature generation method is improved.
In one possible implementation, before generating the digital signature of the current time according to the second private key used for generating the digital signature of the current time, the second public key used for generating the digital signature of the current time and the hash value, whether the second private key is equal to 0 may be further determined, and if the second private key is equal to 0, the generation of the first random number is performed to regenerate the second private key.
Since the value range of the random number k in the original signature generation method is [1, n-1], and the range of the second private key finite field is [0, n-1], if the value of the second private key is 0, the process of generating the random number is re-executed, so that a new first private key can be generated according to the generated new random number, and a new second private key can be generated.
In the embodiment of the application, whether the second private key is equal to 0 is judged, if the second private key is equal to 0, the random number is regenerated, and then the second private key can be regenerated, so that the second private key generated according to the method meets the value of the random number in the original signature process, and the process of generating the random number in the original signature method can be replaced.
In one possible implementation, when the digital signature of the current time is generated according to the second private key used for generating the digital signature of the current time, the second public key used for generating the digital signature of the current time and the hash value, the first signature part can be generated according to the hash value and/or the second public key used for generating the digital signature of the current time, the second signature part is generated according to the hash value and/or the second private key used for generating the digital signature of the current time, the signature private key and the first signature part are generated, and then the first signature part and the second signature part are combined to generate the digital signature.
The first signature part r is calculated from the second public key and the hash value of the digital signature currently generated by the following formula r= (e+x 1) mod n, where e is the hash value of the signed message, x 1 is used to characterize the x-axis coordinates of the second public key PK i and n is used to characterize the order of the base point G.
Or the first signature part r in the ECDSA signature process may be calculated from the second public key that is currently generated into a digital signature by the following formula r=x 1 mod n.
It should be appreciated that since the generation process of the public key is a point-plus-operation of the elliptic curve, the final value of the second public key is a point (x 1,y1) on the elliptic curve.
The second signature part s is generated from the second private key and the first signature part for the current generation of the digital signature by the following formula s= ((1+d A)-1*(ski-r*dA)) mod n, where d A is used to characterize the signature private key held by the signing user, sk i is used to characterize the second private key. The above is a signing procedure of the alternative national cipher SM 2.
The ECDSA signing process can also be replaced by calculating r=x 1 mod n by the x-axis coordinate x 1 of the second public key PK i, and calculating s= (sk i -1*(e+r*dA)) mod n, where sk i is used to characterize the second private key, e is the hash value of the signed message, d A is used to characterize the private key of the signature held by the signing user, and n is used to characterize the order of the base point G.
Similarly, the dot product operation that needs to generate the random number k and calculate k×g in the signature process of Schnorr, etc. can be replaced, and the replacement principle is the same as that described above, and will not be repeated here. Therefore, the signature rapid generation method has certain universality, the method can be used for replacing a second private key sk i and a second public key PK i in any point multiplication operation of generating a random number k and calculating k G in the signature process, the generated second private key sk i can meet the value coverage range [1, n-1] of k and has randomness, the security can be met, and the generated second public key PK i is the public key corresponding to sk i. Therefore, the signature does not need to calculate point multiplication operation any more, and only needs a small amount of finite field addition operation and a small amount of elliptic curve point addition operation, so that the operation amount required by the signature process can be reduced.
It should be further understood that, according to the ECC composite characteristic, the second public key is equal to the second private key multiplied by the base point G, that is, pk= [ sk ] = [ k ]. G, so as to satisfy the relation of (x 1,y1) = [ k ]. G in the prior art, and because the second private key is a random value, the second public key is a point on the elliptic curve, so that the second private key can replace the random number k in the prior art, the second public key can replace the elliptic curve point (x 1,y1) in the prior art, so that dot multiplication operation is not required, and only elliptic curve point addition operation and finite field addition operation are required to satisfy the elements required in the signature rapid generation process, and the derivation result of the specific ECC composite characteristic is not repeated herein.
The first signature part r and the second signature part s are combined and a signature (r, s) is output.
The evaluation was performed based on the calculation amount in the state secret SM2 document, and the addition and subtraction calculation amount of the finite field < the square calculation (S) amount of the finite field < the multiplication calculation (M) amount of the finite field < the inversion calculation (I) amount of the finite field. The point addition of SM2 in Jacobian accentuation projection coordinate system on Fp domain requires (12m+4s) computation, and the 2-fold point requires (4m+6s) computation. The method provided by the application optimizes the calculation process to calculate M times of point addition operations, the operand of the rest steps can be converted into 1M, namely, let t= (1+d A)-1 mod n, s= (t (sk i +r) -r) mod n), so that the ratio of the actual signature operand of M value 3-5 is about (37-61M+12-20S)/(897M+448S), and the total operand required by signature is less than the previous 1/10, thereby improving the signature performance of the password equipment.
In the embodiment of the application, the digital signature is generated through the second private key, the second public key and the hash value, the second private key and the second public key can be used for replacing the dot multiplication result of the random numbers k and the base point G in the SM2 signature or ECDSA signature step, and the operation of the second private key only needs m finite field addition operations, and the operation of the second public key only needs m finite field dot addition operations (because m elements are added and m-1 addition operations are needed, and then one addition operation is carried out with the second private key result or the second public key result of the last signature), so that the operation amount is greatly reduced when the signature is rapidly generated, and the method is suitable for signature generating equipment with poor performance, and therefore, the signature rapid generation method has higher applicability. The signature performance of the same cipher device in unit time can be improved by reducing the operation amount of the signature.
In one possible implementation, before combining the first signature part and the second signature part to generate the digital signature, it is determined whether the first signature part and the second signature part are constantly equal to 0. If the first signature part and/or the second signature part is/are constant equal to 0, then the generation of the first random number is performed to regenerate the digital signature.
When the first signature part and/or the second signature part are/is equal to 0, the step of generating the first random number, that is, the step 101 and the step 201 in other embodiments of the present application, is re-executed, and after the first random number is re-generated, the first private key and the first public key are changed due to the change of the first random number, so that the result of the subsequent steps is changed, and thus the first signature part and the second signature part can be re-generated until the requirement is met.
In the embodiment of the application, when the first signature part and/or the second signature part do not meet the requirement, the first random number is regenerated, so that the validity of the digital signature is ensured, the occurrence of invalid digital signature generation is avoided, and the safety of the signature rapid generation method is improved.
Fig. 3 is a schematic diagram of a signature rapid generating apparatus according to an embodiment of the present application, as shown in fig. 3, the apparatus 300 includes:
a first generation module 301 is configured to generate a first random number.
The first extraction module 302 is configured to extract m first matrix elements from a private key matrix generated in advance according to a first random number, where m is a positive integer greater than or equal to 2.
The second extraction module 303 is configured to extract m second matrix elements with coordinates identical to those of the first matrix elements from a public key matrix that is generated in advance and corresponds to the private key matrix.
The calculation module 304 is configured to add m first matrix elements to obtain a first private key, and add m second matrix elements to obtain a first public key.
The second generation module 305 is configured to generate a digital signature according to the first private key, the first public key and a hash value generated in advance.
In an embodiment of the present application, the first generating module 301 may be used to perform step 101 in the above method embodiment, the first extracting module 302 may be used to perform step 102 in the above method embodiment, the second extracting module 303 may be used to perform step 103 in the above method embodiment, the calculating module 304 may be used to perform step 104 in the above method embodiment, and the second generating module 305 may be used to perform step 105 in the above method embodiment.
In one possible implementation, the first extraction module 302 may be configured to determine M bytes from M bytes included in the first random number, where M is a positive integer greater than or equal to M, determine M matrix coordinates according to content corresponding to the M bytes in the first random number, and extract M first matrix elements corresponding to the matrix coordinates from the private key matrix according to the M matrix coordinates.
In one possible implementation, the second extraction module 303 may be configured to extract m second matrix elements corresponding to the matrix coordinates from the public key matrix according to the m matrix coordinates.
In one possible implementation, the signature rapid generation apparatus 300 may further generate preprocessing information according to the relevant parameters of the elliptic curve and the identity of the signer, and generate a hash value according to the preprocessing information.
In one possible implementation, the second generation module 305 may be configured to obtain a second private key and a second public key for generating the digital signature last time, add the first private key to the second private key for generating the digital signature last time to obtain the second private key for generating the digital signature last time, add the first public key to the second public key for generating the digital signature last time to obtain the second public key for generating the digital signature last time, and generate the digital signature last time based on the second private key for generating the digital signature last time, the second public key for generating the digital signature last time, and the hash value.
In one possible implementation, the second generation module 305 may be configured to generate the first signature part based on the hash value and/or the second public key used to generate the digital signature currently, generate the second signature part based on the hash value and/or the second private key used to generate the digital signature currently, and the signature private key and the first signature part, and combine the first signature part and the second signature part to generate the digital signature.
In one possible implementation, the second generation module 305 may be configured to determine whether the first signature part and the second signature part are equal to 0, and if the first signature part and/or the second signature part are equal to 0, perform generation of the first random number to regenerate the digital signature.
It should be noted that, because the content such as information interaction and execution process between each module in the signature rapid generation device is based on the same concept as that of the signature rapid generation method embodiment, specific content can be referred to the description in the signature rapid generation method embodiment, and will not be repeated here.
Referring to fig. 4, a schematic structural diagram of an electronic device according to an embodiment of the present application is shown, and the specific embodiment of the present application is not limited to the specific implementation of the electronic device.
As shown in FIG. 4, the electronic device may include a processor 402, a communication interface (Communications Interface) 404, a memory 406, and a communication bus 408.
Wherein:
processor 402, communication interface 404, and memory 406 communicate with each other via communication bus 408.
A communication interface 404 for communicating with other electronic devices or servers.
The processor 402 is configured to execute the program 410, and may specifically perform relevant steps in the foregoing signature rapid generation method embodiment.
In particular, program 410 may include program code including computer-operating instructions.
Processor 402 may be a Central Processing Unit (CPU), or a graphics processor GPU (Graphics Processing Unit), or an Application SPECIFIC INTEGRATED Circuit (ASIC), or one or more integrated circuits configured to implement embodiments of the application. The one or more processors included in the smart device may be the same type of processor, such as one or more CPUs, one or more GPUs, or different types of processors, such as one or more CPUs and one or more GPUs and one or more ASICs.
Memory 406 for storing programs 410. Memory 406 may comprise high-speed RAM memory or may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
Program 410 may be specifically configured to cause processor 402 to perform the signature rapid generation method of any of the foregoing embodiments.
The specific implementation of each step in the procedure 410 may refer to corresponding descriptions in the corresponding steps and units in any of the foregoing signature rapid generation method embodiments, which are not repeated herein. It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the apparatus and modules described above may refer to corresponding procedure descriptions in the foregoing method embodiments, which are not repeated herein.
In the embodiment of the application, the first matrix element and the second matrix element are extracted through the generated random number, the first private key is obtained by adding the extracted first matrix element, and the first public key is obtained by adding the second matrix element, so that the digital signature is generated according to the first private key, the first public key and the hash value, the first public key generated by adopting the first private key generated by finite field addition operation and the first public key generated by elliptic curve point addition operation replaces the result of the dot multiplication operation of the generated random number k, the calculation k and the base point G in the existing signature generation method, the dot multiplication operation is not needed in the generation process of the digital signature, and the operation amount of a small amount of finite field addition operation and a small amount of elliptic curve point addition operation is far smaller than that of one dot multiplication operation. The signature performance of the same cipher device in unit time can be improved by reducing the operation amount of the signature.
Embodiments of the present application also provide a computer program product comprising computer instructions that instruct a computing device to perform operations corresponding to any one of the above-described method embodiments.
It should be noted that, according to implementation requirements, each component/step described in the embodiments of the present application may be split into more components/steps, or two or more components/steps or part of operations of the components/steps may be combined into new components/steps, so as to achieve the objects of the embodiments of the present application.
The above-described methods according to embodiments of the present application may be implemented in hardware, firmware, or as software or computer code storable in a recording medium such as a CD ROM, RAM, floppy disk, hard disk, or magneto-optical disk, or as computer code originally stored in a remote recording medium or a non-transitory machine-readable medium and to be stored in a local recording medium downloaded through a network, so that the methods described herein may be stored on such software processes on a recording medium using a general purpose computer, special purpose processor, or programmable or special purpose hardware such as an ASIC or FPGA. It is understood that a computer, processor, microprocessor controller, or programmable hardware includes a memory component (e.g., RAM, ROM, flash memory, etc.) that can store or receive software or computer code that, when accessed and executed by the computer, processor, or hardware, implements the signature rapid generation methods described herein. Further, when the general-purpose computer accesses code for implementing the signature rapid generation method shown herein, execution of the code converts the general-purpose computer into a special-purpose computer for executing the signature rapid generation method shown herein.
Those of ordinary skill in the art will appreciate that the elements and method steps of the examples described in connection with the embodiments disclosed herein can be implemented as electronic hardware, or as a combination of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the embodiments of the present application.
The above embodiments are only for illustrating the embodiments of the present application, but not for limiting the embodiments of the present application, and various changes and modifications may be made by one skilled in the relevant art without departing from the spirit and scope of the embodiments of the present application, so that all equivalent technical solutions also fall within the scope of the embodiments of the present application, and the scope of the embodiments of the present application should be defined by the claims.

Claims (9)

1.一种签名快速生成方法,包括:1. A method for quickly generating a signature, comprising: 生成第一随机数;generating a first random number; 根据所述第一随机数从预先生成的私钥矩阵中抽取m个第一矩阵元素,其中,m为大于等于2的正整数;Extracting m first matrix elements from a pre-generated private key matrix according to the first random number, where m is a positive integer greater than or equal to 2; 从预先生成且与所述私钥矩阵相对应的公钥矩阵中抽取m个与所述第一矩阵元素坐标相同的第二矩阵元素;Extract m second matrix elements having the same coordinates as the first matrix elements from a pre-generated public key matrix corresponding to the private key matrix; 将所述m个第一矩阵元素相加获得第一私钥,并将所述m个第二矩阵元素相加获得第一公钥;Adding the m first matrix elements to obtain a first private key, and adding the m second matrix elements to obtain a first public key; 根据所述第一私钥、所述第一公钥和预先生成的散列值生成数字签名;Generate a digital signature according to the first private key, the first public key and a pre-generated hash value; 所述根据所述第一私钥、所述第一公钥和预先生成的散列值生成数字签名,包括获取用于上一次生成数字签名的第二私钥和第二公钥;将所述第一私钥与用于上一次生成数字签名的第二私钥相加,获得用于当前次生成数字签名的第二私钥;将所述第一公钥与用于上一次生成数字签名的第二公钥相加,获得用于当前次生成数字签名的第二公钥;根据用于当前次生成数字签名的第二私钥、用于当前次生成数字签名的第二公钥及所述散列值,生成当前次的数字签名。The generating of the digital signature according to the first private key, the first public key and the pre-generated hash value includes obtaining the second private key and the second public key used for the last digital signature generation; adding the first private key to the second private key used for the last digital signature generation to obtain the second private key used for the current digital signature generation; adding the first public key to the second public key used for the last digital signature generation to obtain the second public key used for the current digital signature generation; generating the current digital signature according to the second private key used for the current digital signature generation, the second public key used for the current digital signature generation and the hash value. 2.根据权利要求1所述的方法,其中,所述根据所述第一随机数从预先生成的私钥矩阵中抽取m个第一矩阵元素,包括:2. The method according to claim 1, wherein extracting m first matrix elements from a pre-generated private key matrix according to the first random number comprises: 从所述第一随机数包括的M个字节中确定m个字节,其中,M为大于等于m的正整数;Determine m bytes from the M bytes included in the first random number, where M is a positive integer greater than or equal to m; 根据所述m个字节在所述第一随机数中对应的内容,确定m个矩阵坐标;Determine m matrix coordinates according to the contents corresponding to the m bytes in the first random number; 根据所述m个矩阵坐标从所述私钥矩阵中抽取m个与所述矩阵坐标对应的第一矩阵元素。According to the m matrix coordinates, m first matrix elements corresponding to the matrix coordinates are extracted from the private key matrix. 3.根据权利要求2所述的方法,其中,所述从预先生成且与所述私钥矩阵相对应的公钥矩阵中抽取m个与所述第一矩阵元素坐标相同的第二矩阵元素,包括:3. The method according to claim 2, wherein extracting m second matrix elements having the same coordinates as the first matrix elements from a pre-generated public key matrix corresponding to the private key matrix comprises: 根据所述m个矩阵坐标从所述公钥矩阵中抽取m个与所述矩阵坐标对应的第二矩阵元素。According to the m matrix coordinates, m second matrix elements corresponding to the matrix coordinates are extracted from the public key matrix. 4.根据权利要求1所述的方法,其中,在所述根据用于当前次生成数字签名的第二私钥、用于当前次生成数字签名的第二公钥及所述散列值,生成当前次的数字签名之前,还包括:4. The method according to claim 1, wherein, before generating the current digital signature according to the second private key used for generating the digital signature currently, the second public key used for generating the digital signature currently and the hash value, the method further comprises: 判断所述第二私钥是否等于0;Determine whether the second private key is equal to 0; 若所述第二私钥等于0,则执行所述生成第一随机数,以重新生成所述第二私钥。If the second private key is equal to 0, the step of generating a first random number is performed to regenerate the second private key. 5.根据权利要求1所述的方法,其中,所述根据用于当前次生成数字签名的第二私钥、用于当前次生成数字签名的第二公钥及所述散列值,生成当前次的数字签名,包括:5. The method according to claim 1, wherein the step of generating the current digital signature according to the second private key used for generating the current digital signature, the second public key used for generating the current digital signature, and the hash value comprises: 根据所述散列值和/或用于当前次生成数字签名的第二公钥生成第一签名部分;Generate a first signature part according to the hash value and/or the second public key used for currently generating the digital signature; 根据所述散列值和/或用于当前次生成数字签名的第二私钥,以及签名私钥和所述第一签名部分生成第二签名部分;Generate a second signature part according to the hash value and/or the second private key used for currently generating the digital signature, the signature private key and the first signature part; 将所述第一签名部分和所述第二签名部分组合,生成所述数字签名。The first signature part and the second signature part are combined to generate the digital signature. 6.根据权利要求5所述的方法,其中,在所述将所述第一签名部分和所述第二签名部分组合,生成所述数字签名之前,所述方法还包括:6. The method according to claim 5, wherein, before combining the first signature part and the second signature part to generate the digital signature, the method further comprises: 判断所述第一签名部分和所述第二签名部分是否恒等于0;Determine whether the first signature part and the second signature part are always equal to 0; 若所述第一签名部分和/或所述第二签名部分恒等于0,则执行所述生成第一随机数,以重新生成数字签名。If the first signature part and/or the second signature part is always equal to 0, the step of generating a first random number is performed to regenerate a digital signature. 7.一种签名快速生成装置,包括:7. A fast signature generation device, comprising: 第一生成模块,用于生成第一随机数;A first generating module, used to generate a first random number; 第一抽取模块,用于根据所述第一随机数从预先生成的私钥矩阵中抽取m个第一矩阵元素,其中,m为大于等于2的正整数;A first extraction module, configured to extract m first matrix elements from a pre-generated private key matrix according to the first random number, where m is a positive integer greater than or equal to 2; 第二抽取模块,用于从预先生成且与所述私钥矩阵相对应的公钥矩阵中抽取m个与所述第一矩阵元素坐标相同的第二矩阵元素;A second extraction module, used to extract m second matrix elements having the same coordinates as the first matrix elements from a pre-generated public key matrix corresponding to the private key matrix; 计算模块,用于将所述m个第一矩阵元素相加获得第一私钥,并将所述m个第二矩阵元素相加获得第一公钥;A calculation module, configured to add the m first matrix elements to obtain a first private key, and to add the m second matrix elements to obtain a first public key; 第二生成模块,用于根据所述第一私钥、所述第一公钥和预先生成的散列值生成数字签名;A second generating module, used to generate a digital signature according to the first private key, the first public key and a pre-generated hash value; 所述第二生成模块还用于:获取用于上一次生成数字签名的第二私钥和第二公钥;将所述第一私钥与用于上一次生成数字签名的第二私钥相加,获得用于当前次生成数字签名的第二私钥;将所述第一公钥与用于上一次生成数字签名的第二公钥相加,获得用于当前次生成数字签名的第二公钥;根据用于当前次生成数字签名的第二私钥、用于当前次生成数字签名的第二公钥及所述散列值,生成当前次的数字签名。The second generation module is also used to: obtain the second private key and the second public key used for the last digital signature generation; add the first private key to the second private key used for the last digital signature generation to obtain the second private key used for the current digital signature generation; add the first public key to the second public key used for the last digital signature generation to obtain the second public key used for the current digital signature generation; generate the current digital signature based on the second private key used for the current digital signature generation, the second public key used for the current digital signature generation and the hash value. 8.一种电子设备,包括:处理器、存储器、通信接口和通信总线,所述处理器、所述存储器和所述通信接口通过所述通信总线完成相互间的通信;8. An electronic device, comprising: a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface communicate with each other through the communication bus; 所述存储器用于存放至少一可执行指令,所述可执行指令使所述处理器执行如权利要求1-6中任一所述的签名快速生成方法。The memory is used to store at least one executable instruction, and the executable instruction enables the processor to execute the signature rapid generation method as described in any one of claims 1-6. 9.一种计算机存储介质,其上存储有计算机程序,该程序被处理器执行时实现如权利要求1-6中任一所述的签名快速生成方法。9. A computer storage medium having a computer program stored thereon, which, when executed by a processor, implements the method for rapid signature generation as claimed in any one of claims 1 to 6.
CN202211546358.5A 2022-12-05 2022-12-05 Signature rapid generation method and device, electronic equipment and computer storage medium Active CN116192396B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211546358.5A CN116192396B (en) 2022-12-05 2022-12-05 Signature rapid generation method and device, electronic equipment and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211546358.5A CN116192396B (en) 2022-12-05 2022-12-05 Signature rapid generation method and device, electronic equipment and computer storage medium

Publications (2)

Publication Number Publication Date
CN116192396A CN116192396A (en) 2023-05-30
CN116192396B true CN116192396B (en) 2025-07-15

Family

ID=86439176

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211546358.5A Active CN116192396B (en) 2022-12-05 2022-12-05 Signature rapid generation method and device, electronic equipment and computer storage medium

Country Status (1)

Country Link
CN (1) CN116192396B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117544309B (en) * 2024-01-10 2024-03-22 厦门身份宝网络科技有限公司 Mixed computing storage and transmission method and system for plaintext and ciphertext

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111628868A (en) * 2020-05-26 2020-09-04 腾讯科技(深圳)有限公司 Digital signature generation method and device, computer equipment and storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006077820A1 (en) * 2005-01-24 2006-07-27 Matsushita Electric Industrial Co., Ltd. Signature generation device, key generation device, and signature generation method
EP3624391A1 (en) * 2018-09-12 2020-03-18 Koninklijke Philips N.V. Public/private key system with decreased encrypted message size
CN113407976B (en) * 2021-07-20 2022-08-02 北京百度网讯科技有限公司 Digital signature method, signature information verification method, related device and electronic equipment

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111628868A (en) * 2020-05-26 2020-09-04 腾讯科技(深圳)有限公司 Digital signature generation method and device, computer equipment and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于标识的组合公钥体制的原理;陈华平;;计算机安全;20060205(第02期);第1-5页 *

Also Published As

Publication number Publication date
CN116192396A (en) 2023-05-30

Similar Documents

Publication Publication Date Title
CN109951296B (en) A short-signature-based remote data integrity verification method
KR101992270B1 (en) Method and device for generating digital signature
US20030152218A1 (en) Cryptography method on elliptic curves
CN107911217B (en) Method and device for cooperatively generating signature based on ECDSA algorithm and data processing system
US7908641B2 (en) Modular exponentiation with randomized exponent
CN111262704A (en) SM9 digital signature generation method and device, computer equipment and storage medium
CN112436938A (en) Digital signature generation method and device and server
CN116192396B (en) Signature rapid generation method and device, electronic equipment and computer storage medium
CN110719172B (en) Signature method, signature system and related equipment in block chain system
TW202431127A (en) Biometric matching method, terminal device, server, system and medium
CN108039947B (en) SM2 signature method for resisting attack by using coprocessor
CN115694820A (en) A lattice digital signature method and related equipment
CN112906059B (en) Proxy signature and verification method, device, system and storage medium
CN117118637B (en) Data processing method, device, equipment and computer readable storage medium
CN109274504A (en) Multi-user big data storage sharing method and system based on cloud platform
CN117134900A (en) Structure for realizing asymmetric encryption and control method
CN116506133A (en) Message blind signature algorithm, device and electronic equipment
CN114338049B (en) Rapid realization method and system of SM2 cryptographic algorithm based on modular reduction
CN116595548A (en) Service parameter comparison method, device, system and storage medium
CN112541197B (en) Result verification method and device
CN119675878A (en) Short signature generation method, device, electronic device and computer storage medium
US9479193B2 (en) Apparatus and method for performing compression operation in hash algorithm
CN114499860A (en) Signature public key compression method, device, computer equipment and storage medium
CN105406970B (en) Method and device for signature, method and device for verifying signature
CN112398652B (en) Information transmission method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant