阅读说明：本技术 一种数字签名算法及系统 (A kind of Digital Signature Algorithm and system ) 是由 张海松 王超 许明 于 2019-09-06 设计创作，主要内容包括：本发明涉及一种数字签名算法及系统,该算法包括：系统签名主密钥、副密钥和用户签名密钥的生成算法、数字签名生成算法和数字签名验证算法；其中,系统签名主密钥、副密钥和用户签名密钥的生成算法,包括：基于第一随机数确定签名主私钥和签名主公钥；基于第二随机数确定签名副私钥和签名副公钥；基于签名主私钥和签名副私钥,计算第一中间结果；若第一中间结果为0,则中止计算；若第一中间结果不为0,则计算第二中间结果；基于第一中间结果和第二中间结果,生成用户签名密钥。本发明的算法在产生用户签名密钥过程中,当出现第一中间结果为0时,计算中止不生成用户签名密钥,签名主密钥不会泄露,也不需要更新已有用户的签名私钥。(The present invention relates to a kind of Digital Signature Algorithm and system, which includes: system signature master key, the generating algorithm of assistant key and user's signature key, digital signature generating algorithm and digital signature verification algorithm；Wherein, the generating algorithm of system signature master key, assistant key and user's signature key, comprising: sign main private key and signature Your Majesty's key are determined based on the first random number；Sign secondary private key and secondary public key of signing are determined based on the second random number；Based on main private key and the secondary private key of signing of signing, the first intermediate result is calculated；If the first intermediate result is 0, termination of computations；If the first intermediate result is not 0, the second intermediate result is calculated；Based on the first intermediate result and the second intermediate result, user's signature key is generated.Algorithm of the invention is in generating user's signature cipher key processes, when the first intermediate result occur is 0, calculates and stops not generating user's signature key, and signature master key will not be revealed, and the signature private key for updating existing subscriber is not needed yet.)

1. a kind of Digital Signature Algorithm characterized by comprising system signature master key, assistant key and user's signature key Generating algorithm, digital signature generating algorithm and digital signature verification algorithm；

Wherein, the generating algorithm of the system signature master key, assistant key and user's signature key, comprising:

Sign main private key and signature Your Majesty's key are determined based on the first random number；

Sign secondary private key and secondary public key of signing are determined based on the second random number；

Based on the main private key of the signature and the secondary private key of the signature, the first intermediate result is calculated；

If first intermediate result is 0, termination of computations；

If first intermediate result is not 0, the second intermediate result is calculated；

Based on first intermediate result and second intermediate result, the user's signature key is generated.

2. Digital Signature Algorithm according to claim 1, which is characterized in that first random number and described second is at random The integer that number is 1 to N-1, and first random number is not equal to second random number.

3. Digital Signature Algorithm according to claim 1 or 2, which is characterized in that the digital signature verification algorithm, packet It includes:

By the point that the data type conversion of the second test element is on elliptic curve, examine whether second test element belongs to First addition cyclic group, sets up if belonging to, and otherwise invalid verifying does not pass through；

The second element in multiplicative cyclic group for being prime number N based on rank, third element, The Fifth Element, hexa-atomic element, among third As a result with the fourth element in the second addition cyclic group, the 4th intermediate integer is determined；

If the 4th intermediate integer is third intermediate integer, it is verified, otherwise verifies and do not pass through.

4. Digital Signature Algorithm according to claim 3, which is characterized in that the fourth element P=[h₁]P_x+P_pub-s；

Wherein, P_x、P_pub-sFor the element in the second addition cyclic group, h₁For third intermediate result.

5. a kind of digital signature system characterized by comprising system signature master key, assistant key and user's signature key Generation module, digital signature generation module and digital signature authentication module；

Wherein, the generation module of the system signature master key, assistant key and user's signature key, comprising:

First determination unit, for determining sign main private key and signature Your Majesty's key based on the first random number；

Second determination unit, for determining sign secondary private key and secondary public key of signing based on the second random number；

Computing unit, for calculating the first intermediate result based on the main private key of the signature and the secondary private key of the signature；

First judging unit, if being 0 for first intermediate result, termination of computations；If first intermediate result is not 0, then calculate the second intermediate result；

Generation unit generates the user's signature key for being based on first intermediate result and second intermediate result.

6. Digital Signature Algorithm method according to claim 5, which is characterized in that first random number and described second The integer that random number is 1 to N-1, and first random number is not equal to second random number.

7. Digital Signature Algorithm system according to claim 5 or 6, which is characterized in that the digital signature authentication module, Include:

Verification unit examines second inspection for being the point on elliptic curve by the data type conversion of the second test element It tests whether element belongs to the first addition cyclic group, is set up if belonging to, otherwise invalid verifying does not pass through；

Third determination unit, for based on rank be prime number N multiplicative cyclic group in second element, third element, The Fifth Element, Hexa-atomic element, the fourth element in third intermediate result and the second addition cyclic group, determines the 4th intermediate integer；

Second judgment unit is verified, otherwise verifies obstructed if being third intermediate integer for the 4th intermediate integer It crosses.

8. Digital Signature Algorithm system according to claim 7, which is characterized in that the fourth element P=[h₁]P_x+ P_pub-s；

Wherein, P_x、P_pub-sFor the element in the second addition cyclic group, h₁For third intermediate result.

Technical field

The present invention relates to field of information security technology, and in particular to a kind of Digital Signature Algorithm and system.

Background technique

SM9 is a kind of asymmetric cryptographic algorithm based on mark issued by national Password Management office, and codes and standards are " GM/T 0044-2016SM9 id password algorithm ", the Digital Signature Algorithm in SM9 id password algorithm define system signature The generating algorithm of master key and user's signature key, digital signature generating algorithm and digital signature verification algorithm.

In the implementation of the present invention, inventor has found: in the prior art, system signature master key and user's signature When the generating algorithm of key, if in finite field F_NThe first intermediate result t of upper calculating₁=H₁(ID_A| | hid, N)+ks=0, it may appear that Following two problem:

1, the main private key ks that signs is revealed；

2, it requires to update user key based on the ks user for having obtained key before.

Summary of the invention

In view of the above-mentioned problems existing in the prior art, this application provides a kind of Digital Signature Algorithm and systems.

A kind of Digital Signature Algorithm comprising: the generation of system signature master key, assistant key and user's signature key is calculated Method, digital signature generating algorithm and digital signature verification algorithm；Wherein, the system signature master key, assistant key and user's label The generating algorithm of name key, comprising: sign main private key and signature Your Majesty's key are determined based on the first random number；Based on the second random number Determine sign secondary private key and secondary public key of signing；Based on the main private key of the signature and the secondary private key of the signature, knot among first is calculated Fruit；If first intermediate result is 0, termination of computations；If first intermediate result is not 0, knot among second is calculated Fruit；Based on first intermediate result and second intermediate result, the user's signature key is generated.

The integer that first random number and second random number are 1 to N-1, and first random number is not equal to described the Two random numbers.

Digital signature verification algorithm, comprising: by the data type conversion of the second test element be elliptic curve on point, inspection It tests whether second test element belongs to the first addition cyclic group, is set up if belonging to, otherwise invalid verifying does not pass through；Base In rank be prime number N multiplicative cyclic group in second element, third element, The Fifth Element, hexa-atomic element, third intermediate result and Fourth element in second addition cyclic group, determines the 4th intermediate integer；If the 4th intermediate integer is third intermediate integer, It is then verified, otherwise verifies and do not pass through.

Fourth element P=[h₁]P_x+P_pub-s；Wherein, P_x、P_pub-sFor the element in the second addition cyclic group, h₁For in third Between result.

A kind of digital signature system comprising: the generation mould of system signature master key, assistant key and user's signature key Block, digital signature generation module and digital signature authentication module；Wherein, the system signature master key and user's signature key Generation module, comprising: the first determination unit, for determining sign main private key and signature Your Majesty's key based on the first random number；Second Determination unit, for determining sign secondary private key and secondary public key of signing based on the second random number；Computing unit, for being based on the label The main private key of name and the secondary private key of the signature, calculate the first intermediate result；First judging unit, if being used for first intermediate result It is 0, then termination of computations；If first intermediate result is not 0, the second intermediate result is calculated；Generation unit, for being based on institute The first intermediate result and second intermediate result are stated, the user's signature key is generated.

The integer that first random number and second random number are 1 to N-1, and first random number is not equal to described the Two random numbers.

Digital signature authentication module, comprising: verification unit, for being ellipse by the data type conversion of the second test element Point on curve, examines whether second test element belongs to the first addition cyclic group, sets up if belonging to, otherwise invalid Verifying does not pass through；Third determination unit, for be prime number N based on rank multiplicative cyclic group in second element, third element, the Five elements, hexa-atomic element, the fourth element in third intermediate result and the second addition cyclic group, determine the 4th intermediate integer；The Two judging units are verified if being third intermediate integer for the 4th intermediate integer, otherwise verify and do not pass through.

Fourth element P=[h₁]P_x+P_pub-s；Wherein, P_x、P_pub-sFor the element in the second addition cyclic group, h₁For in third Between result.

Compared with the immediate prior art, technical solution provided by the invention is had the beneficial effect that

1, algorithm of the invention is in generating user's signature cipher key processes, as the first intermediate result t of appearance₁When being 0, calculate Suspension does not generate signature key, so that signature master key will not be revealed, does not also need the signature private key for updating existing subscriber；

2, algorithm of the invention is based on the first random number k s not equal to the second random number k x, therefore works as t₁=H₁(ID_A|| Hid, N) kx+ks=0 when, based on determining H1 (ID_A| | hid, N), ensure that the main private key of signature and sign pair private key will not Leakage.

Detailed description of the invention

Fig. 1 is the generating algorithm flow chart of the system signature master key of inventive algorithm, assistant key and user's signature key；

Fig. 2 is the digital signature verification algorithm flow chart of inventive algorithm.

Specific embodiment

With reference to the accompanying drawings and examples, the present invention is specifically described.Obviously, described embodiment is only this Invention a part of the embodiment, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art exist Every other embodiment obtained under the premise of creative work is not made, shall fall within the protection scope of the present invention.

101, the generating algorithm of system signature master key as shown in Figure 1, assistant key and user's signature key；

1011, key generation centre (KGC) generates the first random number k s ∈ [1, N-1] as main private key of signing, and calculates rank For the second addition cyclic group G of prime number N₂In element P_pub-s=[ks] P₂As signature Your Majesty's key, then sign master key to for (ks,P_pub-s), wherein P₂For G₂Second generate member, KGC secret saves ks, open P_pub-s；

1012, KGC generate the second random number k x ∈ [1, N-1], and kx ≠ ks, as secondary private key of signing, calculate G₂In Element P_x=[kx] P₂As secondary public key of signing, wherein KGC secret saves kx, open P_x；

1013, KGC select and openly with the signature private key generating function identifier hid of a byte representation；

1014, in finite field F_NThe first intermediate result t of upper calculating₁=H₁(ID_A| | hid, N) kx+ks, wherein H₁It serves as reasons The cipher function that cryptographic Hash function derives from, ID_AFor the mark of user A, ID_A| | hid indicates ID_AWith the splicing of hid；

1015, if t₁=0, then calculate suspension；

If t₁≠ 0, then calculate the second intermediate result t₂=kst₁ ^-1ModN, to calculate the signature private key ds of user A_A= [t₂]P₁, wherein P₁Indicate that rank is the first addition cyclic group G of prime number N₁First generate member.

The present invention is as kx ≠ ks, based on determining H₁(ID_A| | hid, N), the numerical value of ks and kx cannot be calculated, that is, It says the main private key of signature and secondary private key of signing will not be revealed.

102, digital signature generating algorithm；

If message to be signed is Bit String M, the user in order to obtain the digital signature (h, S) of message M, as signer A should realize following calculation step:

1021, calculate the multiplicative cyclic group G that rank is prime number N_TIn the first element g=e (P₁,P_pub-s), wherein e indicate from G₁×G₂To G_TBilinear map；

1022, it generates third random number r ∈ [1, N-1]；

1023, calculate the multiplicative cyclic group G that rank is prime number N_TIn the first element w=g^r, it is by the data type conversion of w Bit String, g^rIndicate multiplicative group G_TThe r power of middle second element g, r are positive integer；

1024, calculate the first intermediate integer h=H₂(M | | w, N), wherein H₂() is the password derived from by cryptographic Hash function Function inputs as M | | the Bit String and Integer N of w splicing export as an integer h ∈ [1, N-1]；

1025, second intermediate integer l=(r-h) mod N is calculated, 1022 are returned if l=0；

1026, calculate the first addition cyclic group G₁In first test element S=[l] ds_A；

1027, then the signature of message M is (h, S).

103, digital signature verification algorithm

As shown in Fig. 2, user's B packet in order to examine the message M ' received and its digital signature (h ', S '), as verifier Include following calculation step:

1031: examining third intermediate integer h ' ∈ [1, N-1] whether true, verify if invalid and do not pass through；

1032: by the data type conversion of the second test element S ' be elliptic curve on point, examine S ' ∈ G1 whether at It is vertical, it verifies if invalid and does not pass through；

1033: calculating G_TIn second element g=e (P₁,P_pub-s)；

1034: calculating G_TIn third element t=g^h’；

1035: calculating third intermediate result h₁=H₁(ID_A||hid,N)；

1036: calculating G₂In fourth element P=[h₁]P_x+P_pub-s；

1037: calculating G_TIn The Fifth Element u=e (S ', P)；

1038: calculating G_TIn hexa-atomic element w '=ut, by the data type conversion of w ' be Bit String；

1039: calculating the 4th intermediate integer h₂=H₂(M ' | | w ', N), examine h₂Whether=h ' is true, verifies if setting up Pass through；Otherwise it verifies and does not pass through.

Based on the same inventive concept, it the present invention also provides a kind of Digital Signature Algorithm system, is illustrated below.

A kind of digital signature system comprising: the generation module of system signature master key and user's signature key, number label Name generation module and digital signature authentication module；Wherein, the life of the system signature master key, assistant key and user's signature key At module, comprising: the first determination unit, for determining sign main private key and signature Your Majesty's key based on the first random number；Second really Order member, for determining sign secondary private key and secondary public key of signing based on the second random number；Computing unit, for being based on the signature Main private key and the secondary private key of the signature, calculate the first intermediate result；First judging unit, if being for first intermediate result 0, then termination of computations；If first intermediate result is not 0, the second intermediate result is calculated；Generation unit, for based on described First intermediate result and second intermediate result, generate the user's signature key.

The integer that first random number and second random number are 1 to N-1, and first random number is not equal to described the Two random numbers.

Digital signature authentication module, comprising: verification unit, for being ellipse by the data type conversion of the second test element Point on curve, examines whether second test element belongs to the first addition cyclic group, sets up if belonging to, otherwise invalid Verifying does not pass through；Third determination unit, for be prime number N based on rank multiplicative cyclic group in second element, third element, the Five elements, hexa-atomic element, the fourth element in third intermediate result and the second addition cyclic group, determine the 4th intermediate integer；The Two judging units are verified if being third intermediate integer for the 4th intermediate integer, otherwise verify and do not pass through.

Fourth element P=[h₁]P_x+P_pub-s；Wherein, P_xAnd P_pub-sFor the element and h in the second addition cyclic group₁For third Intermediate result.

It should be understood by those skilled in the art that, embodiments herein can provide as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the application, which can be used in one or more, The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces The form of product.

The application is referring to method, the process of equipment (system) and computer program product according to the embodiment of the present application Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.

These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.

These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.