CN114978536B

Movatterモバイル変換

Info

Publication number: CN114978536B
Application number: CN202210530903.5A
Authority: CN
Inventors: 吴艳; 谢芳炎; 林良梁; 叶友校; 王文春
Original assignee: Fujian Kinsec Co ltd
Current assignee: Fujian Kinsec Co ltd
Priority date: 2022-05-16
Filing date: 2022-05-16
Publication date: 2024-01-30
Anticipated expiration: 2042-05-16
Also published as: CN114978536A

Abstract

The invention discloses a multiparty joint signature method and a multiparty joint signature system based on an SM2 algorithm, wherein a first communication party generates a first subkey pair, and a second communication party generates a second subkey pair; the first communication party signs the received message to be signed to obtain a signature value, and sends the signature value to the second communication party; the second communication party verifies the signature value according to the first sub-key pair to obtain a first verification result, calculates the message to be signed according to the second sub-key pair based on the first verification result to obtain a part of signature value parameters, and sends the part of signature value parameters to the first communication party; the first communication party calculates a complete signature value according to the partial signature value parameter and the first sub-key pair, and obtains a combined signature result according to the complete signature value, so that user private key data can be well hidden, the difficulty of acquiring a key by using an attack means is improved, and the security of the key can be effectively improved.

Description

Multi-party joint signature method and system based on SM2 algorithm

Technical Field

The invention relates to the technical field of information security, in particular to a multiparty joint signature method and system based on an SM2 algorithm.

Background

At the beginning of the certificate application, each CA (Certificate Authority ) commonly uses a USB key as a certificate storage medium. The user signature private key is generated in the key, the signature private key cannot be derived from the key, the signature operation is performed in the key, and the measures ensure the safety of the generation, storage and use of the signature private key.

In recent years, the application of a certificate of a mobile terminal rapidly develops, the mobile terminal generally does not directly have a USB interface, and at present, the digital certificate is commonly stored by using an SD/TF card, an audio key, a Bluetooth key, an NFC (Near Field Communication, near field communication technology) card and a file mode, or signature and decryption services provided by a cloud are used, so that the following risks exist in the conventional unilateral SM2 algorithm:

(1) Key generation security risk: when the key pair is generated, a complete key appears, and an attacker can acquire the key through means such as memory detection;

(2) Key storage security risk: the private key is stored in a plaintext mode, a segmented mode and the like, and an attacker can read or copy the private key of the user through Trojan horse and the like;

(3) Key operation security risk: when the private key performs data signing and decryption operation, the private key performs operation in a complete key form, and an attacker can acquire the key through means such as memory detection.

Disclosure of Invention

The technical problems to be solved by the invention are as follows: the multi-party joint signature method and system based on the SM2 algorithm can effectively improve the security of the secret key.

In order to solve the technical problems, the invention adopts a technical scheme that:

a multiparty joint signature method based on SM2 algorithm includes the following steps:

the first communication party generates a first sub-key pair, and the second communication party generates a second sub-key pair;

the first communication party signs the received message to be signed to obtain a signature value, and sends the signature value to the second communication party;

the second communication party verifies the signature value according to the first sub-key pair to obtain a first verification result, calculates the message to be signed according to the second sub-key pair based on the first verification result to obtain a part of signature value parameters, and sends the part of signature value parameters to the first communication party;

and the first communication party calculates a complete signature value according to the partial signature value parameter and the first sub-key pair, and obtains a combined signature result according to the complete signature value.

In order to solve the technical problems, the invention adopts another technical scheme that:

a multi-party joint signature system based on SM2 algorithm, comprising a first communication party and a second communication party, the first communication party comprising a first memory, a first processor and a first computer program stored on the first memory and executable on the first processor, the second communication party comprising a second memory, a second processor and a second computer program stored on the second memory and executable on the second processor, the first processor implementing the following steps when executing the first computer program:

the second processor, when executing the second computer program, performs the steps of:

the first processor, when executing the first computer program, performs the steps of:

Drawings

Fig. 1 is a flowchart of steps of a multiparty joint signature method based on SM2 algorithm according to an embodiment of the present invention;

fig. 2 is a schematic structural diagram of a multiparty joint signature system based on SM2 algorithm according to an embodiment of the present invention.

Detailed Description

In order to describe the technical contents, the achieved objects and effects of the present invention in detail, the following description will be made with reference to the embodiments in conjunction with the accompanying drawings.

Referring to fig. 1, an embodiment of the present invention provides a multi-party joint signature method based on SM2 algorithm, including the steps of:

Further, the first communication party generating the first sub-key pair includes:

the first communication party generates a first random number and calculates a first sub-private key according to the first random number;

the first communication party generates a first sub-public key according to a base point of a preset elliptic curve and the first sub-private key;

the first communication party obtains a first sub-key pair according to the first sub-private key and the first sub-public key.

As can be seen from the above description, the first communication party generates its own sub-key pair, where the sub-private key and the sub-public key are not complete keys, so that even if the sub-key pair of the first communication party is obtained, the sub-key pair cannot be used to perform corresponding encryption and decryption operations, thereby improving the security of the key and further improving the security of data.

Further, the first communication party obtains a first sub-key pair according to the first sub-private key and the first sub-public key, and then includes:

the first communication party calculates a first parameter according to the first random number and the base point, and sends the first parameter to a second communication party;

the second communication party generating a second sub-key pair includes:

the second communication party generates a second random number and calculates a second sub-private key according to the second random number;

the second communication party generates a second sub-public key according to the second sub-private key and the base point;

the second communication party generates a second parameter according to the second random number and the base point, and generates a second public key according to the second random number, the first parameter and the second parameter;

the second communication party sends the second public key and the second parameter to the first communication party;

the first communication party generates a first public key according to the first random number, the second parameter and the first parameter, judges whether the first public key is equal to the second public key, and if yes, determines that the key generation is successful.

As can be seen from the above description, the first communication party sends the required parameters to the second communication party, the second communication party calculates the second sub-private key according to the second random number, and generates the second sub-public key according to the second sub-private key and the base point, so that the second communication party generates its own sub-key pair, and meanwhile, calculates the complete public key by using the parameters of the first communication party, and sends the required parameters and the complete public key to the first communication party, so that the first communication party compares the generated complete public key with the complete public key generated by the second communication party, thereby determining whether the key generation is successful, and ensuring that the two parties can respectively store their own key pair.

Further, the first communication party signs the received message to be signed to obtain a signature value, and sending the signature value to the second communication party includes:

the first communication party generates a third random number and generates a third parameter according to the third random number and the base point;

the first communication party signs the received message to be signed according to the first sub private key to obtain a signature value, and sends the signature value and the third parameter to the second communication party.

As can be seen from the above description, when signing, the first communication party only sends the signature value and the corresponding parameter to the second communication party, so that the second communication party signs, thereby realizing joint signature and improving the security of the signing process.

Further, the first communication party obtains a first sub-key pair according to the first sub-private key and the first sub-public key, and then the first communication party further comprises:

the first communication party sends the first sub-public key to the second communication party;

the second communication party verifies the signature value according to the first sub-key pair to obtain a first verification result, the message to be signed is operated according to the second sub-key pair based on the first verification result to obtain a part of signature value parameters, and the part of signature value parameters are sent to the first communication party, wherein the steps of:

the second communication party verifies the signature value according to the first sub-public key to obtain a first verification result;

the second communication party judges whether the first verification result is successful in verification, if so, the second communication party generates a fourth random number and a fifth random number, and calculates a first elliptic curve point according to the fourth random number, the fifth random number, the third parameter, the first sub public key, the second sub private key and the base point, wherein the first elliptic curve point comprises first coordinates;

the second communication party calculates a message digest of the message to be signed, calculates the message to be signed according to the message digest, the first coordinate, the second sub-private key, the fourth random number and the fifth random number, obtains a partial signature value parameter, and sends the partial signature value parameter to the first communication party.

As can be seen from the above description, the second communication party calculates the message digest of the message to be signed, calculates the message to be signed according to the message digest, the first coordinate, the second sub-private key, the fourth random number and the fifth random number, and sends the corresponding partial signature value parameter to the first communication party, thereby improving the reliability of signature and facilitating the subsequent first communication party to calculate the complete signature value.

Further, the computing the message to be signed according to the message digest, the first coordinate, the second subprivate key, the fourth random number and the fifth random number to obtain a partial signature value parameter, and sending the partial signature value parameter to the first communication party includes:

the second communication party calculates a first partial signature value parameter according to the message digest and the first coordinates;

the second communication party judges whether the first partial signature value parameter is equal to a first preset value, if yes, the second communication party returns to execute the step of generating a fourth random number and a fifth random number, and if not, a second partial signature value parameter is calculated according to the second sub-private key and the fifth random number;

and calculating a third partial signature value parameter according to the second sub private key, the fourth random number, the fifth random number and the first partial signature value parameter, and sending the first partial signature value parameter, the second partial signature value parameter and the third partial signature value parameter to the first communication party.

As can be seen from the above description, the second communication party calculates the first partial signature value parameter according to the message digest and the first coordinate, calculates the second partial signature value parameter according to the second subprivate key and the fifth random number when the first partial signature value parameter is not equal to the first preset value, calculates the third partial signature value parameter according to the second subprivate key, the fourth random number, the fifth random number and the first verification parameter, and transmits the first partial signature value parameter, the second partial signature value parameter and the third partial signature value parameter to the first communication party, thereby improving the validity of the signature.

Further, the first communication party calculates a complete signature value according to the partial signature value parameter and the first subkey pair, and obtains a joint signature result according to the complete signature value, which includes:

and the first communication party calculates a complete signature value according to the partial signature value parameter, the third random number and the first sub private key, judges whether the complete signature value is equal to a second preset value, if so, returns to execute the step of generating the third random number by the first communication party, and if not, determines that the combined signature is successful, and obtains a combined signature result.

As can be seen from the above description, the first communication party calculates the complete signature value according to the partial signature value parameter, the third random number and the first sub-private key, and determines that the joint signature is successful when the complete signature value is not equal to the second preset value, otherwise, the signature step is performed again, thereby realizing safe and effective joint signature.

Further, the first communication party generates a first sub-key pair, and the second communication party generates a second sub-key pair, which further includes:

the first communication party acquires a ciphertext, wherein the ciphertext comprises a first ciphertext, a second ciphertext and a third ciphertext;

the first communication party signs the first ciphertext to obtain a second signature value, and sends the second signature value and the first ciphertext to the second communication party;

the second communication party verifies the second signature value to obtain a second verification result, calculates a fourth parameter according to the second sub-private key and the first ciphertext based on the second verification result, and sends the fourth parameter to the first communication party;

and the first communication party decrypts the ciphertext according to the fourth parameter, the first sub private key and the first ciphertext to obtain a plaintext.

As can be seen from the above description, the first communication party signs the first ciphertext, and sends the obtained second signature value and the first ciphertext to the second communication party, the second communication party verifies the second signature value to obtain a second verification result, calculates a fourth parameter according to the second subprivate key and the first ciphertext based on the second verification result, and sends the fourth parameter to the first communication party, and the first communication party decrypts the ciphertext according to the fourth parameter, the first subprivate key and the first ciphertext to obtain a plaintext, thereby realizing joint decryption, and improving the security of the decryption process.

Further, the first communication party decrypting the ciphertext according to the fourth parameter, the first sub-private key and the first ciphertext, and obtaining the plaintext includes:

the first communication party calculates a second elliptic curve point according to the fourth parameter, the first sub-private key and the first ciphertext, wherein the second elliptic curve point comprises a third coordinate and a fourth coordinate;

the first communication party obtains the bit length of the second ciphertext, and calculates a fifth parameter according to the third coordinate, the fourth coordinate and the bit length;

the first communication party calculates a plaintext according to the fifth parameter and the second ciphertext, and calculates a sixth parameter according to the third coordinate, the fourth coordinate and the plaintext;

and the first communication party judges whether the sixth parameter is equal to the third ciphertext, and if so, the first communication party outputs the plaintext.

As can be seen from the above description, the first communication party decrypts by using the parameters sent by the second communication party and combining the secret key stored by itself, so as to ensure the validity of the joint decryption, thereby improving the data security.

Referring to fig. 2, another embodiment of the present invention provides a multi-party joint signature system based on an SM2 algorithm, including a first communication party and a second communication party, where the first communication party includes a first memory, a first processor and a first computer program stored in the first memory and capable of running on the first processor, and the second communication party includes a second memory, a second processor and a second computer program stored in the second memory and capable of running on the second processor, and when the first processor executes the first computer program, the first processor implements each step executed by the first communication party in the multi-party joint signature method based on the SM2 algorithm;

the second processor implements each step performed by the second communication party in the multiparty joint signature method based on the SM2 algorithm when executing the second computer program.

The invention discloses a multiparty joint signature method and a multiparty joint signature system based on an SM2 algorithm, which can be applied to application scenes needing signature encryption, and are explained by a specific embodiment:

example 1

The first communication party and the second communication party share a set of preset elliptic curves;

referring to fig. 1, a multiparty joint signature method based on SM2 algorithm of the present embodiment includes the steps of:

s1, a first communication party generates a first sub-key pair, and a second communication party generates a second sub-key pair, which specifically comprises the following steps:

s11, a first communication party generates a first random number, and a first sub-private key is calculated according to the first random number;

specifically, the first communication party generates a first random number D₁ ∈[1，n-1]And according to the first random number D₁ Calculate a first sub-private key d₁ ＝(D₁ -1)^-1 The method comprises the steps of carrying out a first treatment on the surface of the A step corresponding to a base point G in a preset elliptic curve on an n-finite field;

s12, the first communication party generates a first sub public key according to a base point of a preset elliptic curve and the first sub private key;

specifically, the first communication party sets a base point G of an elliptic curve and a first sub-private key d according to a preset elliptic curve₁ Generating a first sub-public key P₁ ＝d₁ [*]G, wherein []Representing elliptic curve point multiplication operation;

s13, the first communication party obtains a first sub-key pair according to the first sub-private key and the first sub-public key;

specifically, the first sub-key pair includes the first sub-private key d₁ And the first sub public key P₁ ；

S14, the first communication party calculates a first parameter according to the first random number and the base point, and sends the first parameter to a second communication party, and the first communication party sends the first sub-public key to the second communication party;

specifically, the first communication party is based on the first random number D₁ Calculating a first parameter Q from the base point G₁ ＝D₁ [*]G, and to apply the first parameter Q₁ To the second communication party, the first communication party transmits the first sub-public key P₁ Transmitting to a second communication party;

s15, the second communication party generates a second random number, and a second sub private key is calculated according to the second random number;

specifically, the second communication party generates a second random number D₂ ∈[1，n-1]And according to the second random number D₂ Calculate a second sub private key d₂ ＝(D₂ -1)^-1 ；

S16, the second communication party generates a second sub-public key according to the second sub-private key and the base point;

specifically, the second communication party uses the second sub-private key d₂ And the base point G generates a second sub public key P₂ ＝d₂ [*]G；

S17, the second communication party generates a second parameter according to the second random number and the base point, and generates a second public key according to the second random number, the first parameter and the second parameter;

specifically, the second communication party uses the second random number D₂ And the base point G generates a second parameter Q₂ ＝D₂ [*]G, and according to the second random number D₂ First parameter Q₁ And a second parameter Q₂ Generating a second public key p=d₂ [*]Q₁ [-]Q₁ [-]Q₂ Wherein [ ] is]Representing elliptic curve point subtraction operation;

s18, the second communication party sends the second public key and the second parameter to the first communication party;

specifically, the second communication party uses the second public key P and the second parameter Q₂ Transmitting to a first communication party;

s19, the first communication party generates a first public key according to the first random number, the second parameter and the first parameter, judges whether the first public key is equal to the second public key, and if yes, determines that the key generation is successful; if not, returning to execute S11;

specifically, the first communication party is based on the first random number D₁ Second parameter Q₂ And a first parameter Q₁ Generating a first public key P^* And judges the first public key P^* Whether the key is equal to the second public key P or not, if so, determining that the key generation is successful; if not, returning to execute S11;

s2, the first communication party signs the received message to be signed to obtain a signature value, and sends the signature value to the second communication party, wherein the method specifically comprises the following steps:

s21, the first communication party generates a third random number, and generates a third parameter according to the third random number and the base point;

specifically, the first communication party generates a third random number k₁ ∈[1，n-1]And according to a third random number k₁ And the base point G generates a third parameter T₁ ＝k₁ [*]G；

S22, the first communication party signs the received message to be signed according to the first sub private key to obtain a signature value, and the signature value and the third parameter are sent to the second communication party;

specifically, the first communication party uses the first sub-private key d₁ Signing the received message to be signed to obtain a signature value sign1, and combining the signature value sign1 with a third parameter T₁ Transmitting the signature to a second communication party, wherein the signature is performed by using the existing signature flow;

s3, the second communication party verifies the signature value according to the first sub-key pair to obtain a first verification result, calculates the message to be signed according to the second sub-key pair based on the first verification result to obtain a partial signature value parameter, and sends the partial signature value parameter to the first communication party, wherein the method specifically comprises the following steps:

s31, the second communication party verifies the signature value according to the first sub public key to obtain a first verification result; it should be noted that the second communication party cannot obtain the first sub-private key of the first communication party, and only the first sub-public key thereof can be used to verify the signature value;

s32, the second communication party judges whether the first verification result is successful, if so, S33 is executed; if not, reporting error and exiting;

s33, the second communication party generates a fourth random number and a fifth random number, and calculates a first elliptic curve point according to the fourth random number, the fifth random number, the third parameter, the first sub public key, the second sub private key and the base point, wherein the first elliptic curve point comprises first coordinates;

wherein the first coordinate is x₁ ；

Specifically, the second communication party generates a fourth random number k₂ And a fifth random number k₃ And according to the fourth random number k₂ A fifth random number k₃ Third parameter T₁ First sub public key P₁ Second sub private key d₂ And the base point G calculate a first elliptic curve point (x₁ ，y₁ )＝k₃ [*](T₁ [+]P₁ )[+]((k₂ +d₂ )*k₃ )[*]G, wherein [ + ]]Representing elliptic curve point addition;

s34, the second communication party calculates a message digest of the message to be signed, calculates the message to be signed according to the message digest, the first coordinate, the second sub-private key, the fourth random number and the fifth random number, obtains a partial signature value parameter, and sends the partial signature value parameter to the first communication party, and the method specifically comprises the following steps:

s341, the second communication party calculates a message digest of the message to be signed;

specifically, the second communication party calculates a message digest e=h of the message to be signed_v ()，H_v () A cryptographic hash function representing a message digest length v;

s342, the second communication party calculates a first part of signature value parameter according to the message digest and the first coordinate;

specifically, the second communication party uses the message digest e and the first coordinate x₁ Calculating a first partial signature value parameter r= (e+x)₁ ) mod n, wherein mod represents a modulo operation;

s343, the second communication party judges whether the first partial signature value parameter is equal to a first preset value, if yes, the step of generating a fourth random number and a fifth random number by the second communication party is executed in a returning mode, and if not, a second partial signature value parameter is calculated according to the second sub private key and the fifth random number;

wherein the first preset value is 0;

specifically, the second communication party determines whether the first partial signature value parameter r is equal to 0, if yes, returns to S33, if no, based on the second sub-private key d₂ And a fifth random number k₃ Calculating a second partial signature value parameter s₁ ＝(d₂ *k₃ )mod n；

S344, calculating a third partial signature value parameter according to the second sub-private key, the fourth random number, the fifth random number and the first verification parameter, and sending the first partial signature value parameter, the second partial signature value parameter and the third partial signature value parameter to the first communication party;

specifically, according to the second sub-private key d₂ Fourth random number k₂ A fifth random number k₃ And the first verification parameter r calculates a third partial signature value parameter s₂ ＝(d₂ *((k₂ +d₂ )*k₃ +r)) mod n, and comparing the first partial signature value parameter r with the second partial signature value parameter s₁ And a third partial signature value parameter s₂ Transmitting to a first communication party;

s4, the first communication party calculates a complete signature value according to the partial signature value parameter and the first sub-key pair, and obtains a joint signature result according to the complete signature value, and the method specifically comprises the following steps:

the first communication party calculates a complete signature value according to the partial signature value parameter, the third random number and the first sub private key, judges whether the complete signature value is equal to a second preset value, if yes, returns to execute S21, if not, determines that the combined signature is successful, and obtains a combined signature result;

wherein the second preset value is 0;

specifically, the first communication party is based on the partial signature value parameter (including the first partial signature value parameter r, the second partial signature value parameter s₁ And a third partial signature value parameter s₂ ) Third random number k₁ And a first sub private key d₁ Calculate the complete signature value s= (d)₁ *(k₁ +d₁ )*s₁ +d₁ *s₂ -r) mod n and determining if the complete signature value S is equal to 0, if so, returning to S21, if not, determining that the joint signature is successful and obtaining a joint signature result (r, S);

s5, the first communication party acquires a ciphertext, wherein the ciphertext comprises a first ciphertext, a second ciphertext and a third ciphertext;

specifically, the first communication party obtains a ciphertext, where the ciphertext includes a first ciphertext C₁ Second ciphertext C₂ And third ciphertext C₃ ；

S6, the first communication party signs the first ciphertext to obtain a second signature value, and sends the second signature value and the first ciphertext to the second communication party, wherein the method specifically comprises the following steps:

s61, the first communication party verifies whether the first ciphertext is on the preset elliptic curve, and if yes, S62 is executed; if not, reporting error and exiting;

specifically, the first communication party verifies the first ciphertext C₁ Whether the ellipse is on the preset elliptic curve, if so, executing S62;

s62, the first communication party calculates a third elliptic curve point according to the first ciphertext, judges whether the third elliptic curve point is an infinity point or not, if yes, misexits are reported, and if not, S63 is executed;

specifically, the first communication party is according to the first secretText C₁ Calculating a third elliptic curve point s=h [ + ]]C₁ Judging whether the third elliptic curve point S is an infinity point or not, if so, reporting error and exiting, and if not, executing S63;

s63, the first communication party signs the first ciphertext to obtain a second signature value, and the second signature value and the first ciphertext are sent to the second communication party;

specifically, the first communication party performs the first ciphertext C₁ Signing to obtain a second signature value sign1, and combining the second signature value sign1 with the first ciphertext C₁ Transmitting to a second communication party;

s7, the second communication party verifies the second signature value to obtain a second verification result, whether the second verification result is successful or not is judged, and if yes, S8 is executed; if not, reporting error and exiting;

s8, the second communication party calculates a fourth parameter according to the second sub private key and the first ciphertext, and sends the fourth parameter to the first communication party;

specifically, the second communication party uses the second sub-private key d₂ And first ciphertext C₁ Calculate the fourth parameter T₂ ＝d₂^-1 [*]C₁ And apply the fourth parameter T₂ Transmitting to a first communication party;

s9, the first communication party decrypts the ciphertext according to the fourth parameter, the first sub private key and the first ciphertext to obtain plaintext, and the method specifically comprises the following steps:

s91, the first communication party calculates a second elliptic curve point according to the fourth parameter, the first sub private key and the first ciphertext, wherein the second elliptic curve point comprises a third coordinate and a fourth coordinate;

wherein the third coordinate is x₂ The fourth coordinate is y₂ ；

Specifically, the first communication party is based on the fourth parameter T₂ First sub private key d₁ And first ciphertext C₁ Calculate a second elliptic curve point (x₂ ，y₂ )＝d₁^-1 [*]T₂ [-]C₁ ；

S92, the first communication party obtains the bit length of the second ciphertext, and calculates a fifth parameter according to the third coordinate, the fourth coordinate and the bit length;

specifically, the first communication party obtains the second ciphertext C₂ And according to a third coordinate x₂ Fourth coordinate y₂ And bit length klen, calculate a fifth parameter t=kdf (x₂ ||y₂ Klen), judging whether the fifth parameter t is all 0, if so, reporting error and exiting, otherwise, executing S93;

s93, the first communication party calculates a plaintext according to the fifth parameter and the second ciphertext, and calculates a sixth parameter according to the third coordinate, the fourth coordinate and the plaintext;

specifically, the first communication party receives the fifth parameter t and the second ciphertext C₂ Calculate plaintext M' =c₂ T and according to the third coordinate x₂ Fourth coordinate y₂ And plaintext M' to calculate a sixth parameter u=hash (x₂ ||M’||y₂ )；

S94, the first communication party judges whether the sixth parameter is equal to the third ciphertext, if so, the plaintext is output;

specifically, the first communication party determines whether the sixth parameter u is equal to the third ciphertext C₃ If yes, outputting a plaintext M', otherwise, reporting an error and exiting;

the above-mentioned combined decryption processes S5-S9 and the combined signature processes S2-S4 may be performed simultaneously, and the encryption process corresponding to the combined decryption processes S5-S9 is an existing encryption process, which is not described herein.

Example two

Referring to fig. 2, the multi-party joint signature system based on the SM2 algorithm of the present embodiment includes a first communication party and a second communication party, where the first communication party includes a first memory, a first processor and a first computer program stored in the first memory and capable of running on the first processor, and the second communication party includes a second memory, a second processor and a second computer program stored in the second memory and capable of running on the second processor, and the first processor implements the steps executed by the first communication party in the first embodiment when executing the first computer program;

the second processor, when executing the second computer program, implements the steps performed by the second runner in the first embodiment.

In summary, according to the multiparty joint signature method and system based on the SM2 algorithm provided by the invention, the first communication party generates the first sub-key pair, the second communication party generates the second sub-key pair, the first sub-key pair comprises the first sub-private key and the first sub-public key, the second sub-key pair comprises the second sub-private key and the second sub-public key, the sub-key pairs are respectively stored, the complete private key is not existed in any party, and the security of the key is improved; the first communication party signs the received message to be signed to obtain a signature value, and sends the signature value to the second communication party; the second communication party verifies the signature value according to the first sub-key pair to obtain a first verification result, calculates the message to be signed according to the second sub-key pair based on the first verification result to obtain a part of signature value parameters, and sends the part of signature value parameters to the first communication party; the first communication party calculates a complete signature value according to the partial signature value parameter and the first sub-key pair, and obtains a combined signature result according to the complete signature value; meanwhile, after the first communication party acquires the ciphertext, signing the first ciphertext, sending the second signature value and the first ciphertext to the second communication party, verifying the second signature value by the second communication party to obtain a second verification result, calculating a fourth parameter according to a second sub-private key and the first ciphertext based on the second verification result, sending the fourth parameter to the first communication party, and decrypting the ciphertext by the first communication party according to the fourth parameter, the first sub-private key and the first ciphertext to obtain a plaintext, so that joint decryption is realized, and the security of a decryption process is improved; even in the signing operation process, the private key can not completely appear, the private key data of the user can be well hidden, the difficulty of acquiring the key by using an attack means is improved, and therefore the security of the key can be effectively improved.

The foregoing description is only illustrative of the present invention and is not intended to limit the scope of the invention, and all equivalent changes made by the specification and drawings of the present invention, or direct or indirect application in the relevant art, are included in the scope of the present invention.

Claims

1. The multi-party joint signature method based on the SM2 algorithm is characterized by comprising the following steps:

the first communication party calculates a complete signature value according to the partial signature value parameter and the first sub-key pair, and obtains a combined signature result according to the complete signature value;

the first communication party generating a first sub-key pair includes:

the first communication party obtains a first sub-key pair according to the first sub-private key and the first sub-public key;

the first communication party obtaining a first sub-key pair according to the first sub-private key and the first sub-public key, comprising:

the second communication party generating a second sub-key pair includes:

2. The SM2 algorithm-based multiparty joint signature method according to claim 1, wherein the first communication party signs the received message to be signed to obtain a signature value, and transmitting the signature value to the second communication party comprises:

3. The SM2 algorithm-based multiparty joint signature method according to claim 2, wherein the first communication party obtains a first sub-key pair according to the first sub-private key and the first sub-public key, further comprising:

4. The SM2 algorithm-based multiparty joint signature method as recited in claim 3, wherein said computing the message to be signed according to the message digest, the first coordinate, the second subprivate key, the fourth random number and the fifth random number to obtain a partial signature value parameter, and transmitting the partial signature value parameter to the first communication party comprises:

5. The SM2 algorithm-based multiparty joint signature method according to claim 2, wherein the first communication party calculates a complete signature value according to the partial signature value parameter and the first sub-key pair, and obtaining a joint signature result according to the complete signature value comprises:

6. The SM2 algorithm-based multiparty joint signature method according to claim 1, wherein the first communication party generates a first sub-key pair, and the second communication party generates a second sub-key pair, further comprising:

7. The SM2 algorithm-based multiparty joint signature method according to claim 6, wherein the first communication party decrypting the ciphertext according to the fourth parameter, the first sub-private key and the first ciphertext to obtain plaintext comprises:

8. A multi-party joint signature system based on SM2 algorithm, comprising a first communication party and a second communication party, the first communication party comprising a first memory, a first processor and a first computer program stored on the first memory and executable on the first processor, the second communication party comprising a second memory, a second processor and a second computer program stored on the second memory and executable on the second processor, the first processor implementing the steps performed by the first communication party in a multi-party joint signature method based on SM2 algorithm according to any one of claims 1-7 when the first computer program is executed;

the second processor, when executing the second computer program, implements the steps performed by the second communication party in a multi-party joint signature method based on the SM2 algorithm as claimed in any one of claims 1 to 7.