Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the technical solution of the present application and are not intended to limit the present application.
For a better understanding of the technical solution of the present application, the following detailed description will be given with reference to the drawings and the specific embodiments.
It should be noted that, the execution body of the embodiment may be a computing service device with functions of data processing, network communication and program running, such as a tablet computer, a personal computer, a mobile phone, or an electronic device, a big data service platform, a collaborative signature verification system, or the like, which can implement the above functions. The present embodiment and the following embodiments will be described below by taking a collaborative signature verification system as an example.
Based on this, the embodiment of the application provides a collaborative signature verification method, referring to fig. 1, fig. 1 is a schematic flow chart provided by a collaborative signature verification method embodiment of the application.
In this embodiment, the collaborative signature verification method includes steps S11 to S13:
step S11, acquiring process data after the initiating terminal completes collaborative signature, wherein the process data comprises a first signature value and a second signature value;
It should be noted that the initiator represents a participant that sends first-round information in the operation process of the protocol, where the initiator (initiator) may be an untrusted (counterfeit initiator) or a real initiator, and needs to be validated by the validation end, the initiator includes an initiator private key d1 e [1, n-1], a private key d1 is not disclosed, an initiator public key P1=[d1 ] G, an initiator key pair (d1, P1);P1 is disclosed to the validation end, a joint public key is PA=[d1]P2-G,PA and is disclosed to the validation end, where G is a point on a predefined elliptic curve and is used to generate other points on the elliptic curve, and P2 is a collaborative public key.
It should be further noted that, the verification end (the evaluation side) represents an evaluation mechanism for detecting whether the collaborative signature algorithm mechanism is implemented correctly and effectively and detecting whether the collaborative end actually participates in the collaborative signature algorithm, and the verification end may separately call the collaborative end and the initiating end to perform SM2 signature verification operation, so that parameters obtained by the verification end may include PA (joint public key), P2 (collaborative end public key), other parameters disclosed by the SM2 elliptic curve (base point G, k times point of point P on the elliptic curve, k is a positive integer, n is a rank of the base point G, etc.), process data of collaborative signature between the initiating end and the collaborative end, including message digest e, Q1 (points representing elliptic curve), partial signature values (r, s2) sent by the collaborative end to the initiating end, joint signature values (r, s) of message M and message M transmitted by the initiating end.
Additionally, the process data refers to all data generated and transmitted by the originating terminal in the collaborative signature process, including a message digest e, elliptic curve points (Q1,Q2, the.+ -.), random numbers (k1,k2, the..), a first signature value, a second signature value, and the like. The first signature value refers to a partial signature value (r, s2) generated by the cooperative end and is used for being sent to the initiating end to generate a final joint signature value, and the second signature value refers to the joint signature value (r, s) generated after the initiating end receives the partial signature value.
Specifically, the data packets and the like sent from the initiator to the coordinator may be captured by a network packet capturing tool (such as Wireshark), which is not limited herein.
Step S12, obtaining a first verification result based on the process data, the first signature value and the second signature value;
It should be noted that, the first verification result refers to a result obtained after the verification terminal verifies the signature values of the initiating terminal and the coordinating terminal, and is used for verifying whether the initiating terminal and the coordinating terminal correctly adopt the coordinating signature technology to perform coordinating signature.
Specifically, whether a message digest and an elliptic curve point exist in the process data is detected, if yes, a third parameter value and a fourth parameter value in the first signature value and a fifth parameter value and a sixth parameter value in the second signature value are extracted, consistency verification is conducted on the third parameter value and the fifth parameter value, if verification is passed, correctness of the fourth parameter value and the sixth parameter value is verified according to a first preset verification formula, and if verification is passed, a collaborative signature technology is correctly used when the initiating terminal and the collaborative terminal conduct collaborative signature, so that a first verification result is generated.
Step S13, generating elliptic curve points and a message abstract, sending the elliptic curve points and the message abstract to a cooperative end so that the cooperative end can determine a private key of the cooperative end, calculating a third signature value based on the private key of the cooperative end, the elliptic curve points and the message abstract, and sending the third signature value to a verification end;
The elliptic curve point number refers to a point generated on an elliptic curve, and is generally used in a signature and verification process to generate a signature value and verify the correctness of a signature, such as Q1=[k1]P2,Q2=[k2 ] G. The message digest refers to a digest value with a fixed length obtained by performing hash operation on an original message, which is used for ensuring the integrity and consistency of the message and preventing the message from being tampered, for example, e=hv(M),Hv () represents a cryptographic hash algorithm with a message digest length of v bits.
It should be further noted that, the cooperative end (cooperative party) represents a participant that assists the initiating end to complete the generation or signature of the key pair in the operation process of the protocol, the cooperative end may be an untrusted (counterfeit cooperative end) or may not participate in actual cooperation, or the real cooperative end needs to be verified and confirmed by the verification end, the parameters included by the cooperative end include that the private key d2 e [1, n-1] of the cooperative end is not disclosed, the private key d2 is not disclosed, the public key P2=[d2 G of the cooperative end, and the key pair of the cooperative end is (d2,P2);P2 is disclosed to the verification end).
Additionally, the third signature value refers to a part of signature value (r, s2) used for verification, which is generated by the coordination terminal according to the data sent by the verification terminal and sent to the verification terminal.
Specifically, the verification end generates a random number k1, generates or calculates a number W1 e [1, n-1] based on the random number k1, and simultaneously selects a message M, calculates the elliptic curve point number Q1=[W1]P2 and a message digest e=hv (M), wherein Q1 represents the point number of the elliptic curve, P2 represents the public key of the collaboration end, Hv represents a cryptographic hash algorithm with a message digest length v bits, and e is a message digest (or referred to as a hash value or hash value), thereby generating the elliptic curve point number and the message digest.
Further, the elliptic curve point number and the message digest are sent to a cooperative end, so that the cooperative end can determine a private key of the cooperative end, a third signature value is calculated based on the private key of the cooperative end, the elliptic curve point number and the message digest, and the third signature value is sent to a verification end.
Step S14, receiving a third signature value returned by the coordination terminal, and calculating a fourth signature value based on the elliptic curve point number and the message digest to obtain a second verification result based on the third signature value and the fourth signature value;
The fourth signature value refers to a signature value (r') calculated by the verification terminal based on the elliptic curve point number and the message digest. The second verification result is a result obtained after the verification end verifies the third signature value and the fourth signature value, and is used for verifying whether the cooperative end participates in the cooperative signature process.
Specifically, the third signature value returned by the coordination end is received, and then a fourth signature value is calculated based on the elliptic curve point number and the message digest, wherein the process data obtained by the verification end at this time comprises the signature value (r, s2), the random number k1, the elliptic curve point W1, the message digest e, the joint public key PA and the coordination end public key P2 sent by the coordination end. In the collaborative signature, r in the joint signature value (r, s) of the message M is provided to the verification terminal by the collaborative terminal, s is calculated by the private key d1 of the initiating terminal, s= (d1(s2+W1) -r) mod n, but at this time, the verification terminal cannot calculate s, because if the verification terminal completes the signature verification calculation by using PA under the condition that s is unknown, it is proved that the collaborative terminal participates in the collaborative signature process, wherein PA is the public key of the joint signature and is generated by the collaborative signature mechanism, and fig. 2 can refer to a flow chart about the joint signature public key generation provided by the collaborative signature verification method of the present application, and fig. 2 is a flow chart provided by the collaborative signature verification method of the present application.
Further, if the verification terminal generates the formula p= [ d1-1d2-1 -1]G through the public key, the process of completing signature verification calculation by using PA under the condition that s is unknown includes determining a first random number, a public key of the cooperative terminal and a message digest, calculating the first random number, the public key of the cooperative terminal and the message digest with the third signature value based on a second preset verification formula to obtain a seventh parameter value corresponding to the third signature value, and further performing consistency comparison on the seventh parameter value and an eighth parameter value corresponding to the fourth signature value, so that if the comparison is successful, determining that the cooperative terminal participates in the cooperative signature process to generate a second verification result.
And step S15, generating a collaborative signature verification result based on the first verification result and the second verification result.
It should be noted that, the collaborative signature verification result refers to a final verification result obtained by the verification end after integrating the first verification result and the second verification result, which is used for ensuring the correctness and the security of the whole collaborative signature process and ensuring that the signature result is valid and trusted.
Specifically, if the first verification result and the second verification result are verification passing results, generating a collaborative signature verification result of 'collaborative signature verification passing'.
According to the method, the process data after the collaborative signature is completed by the initiating terminal is obtained, wherein the process data comprises a first signature value and a second signature value, further, a first verification result is obtained based on the process data, the first signature value and the second signature value, so that elliptic curve points and a message digest are generated, the elliptic curve points and the message digest are sent to the collaborative terminal, the collaborative terminal determines a private key of the collaborative terminal, a third signature value is calculated based on the private key of the collaborative terminal, the elliptic curve points and the message digest, the third signature value is sent to the verification terminal, further, a third signature value returned by the collaborative terminal is received, and a fourth signature value is calculated based on the elliptic curve points and the message digest, so that a second verification result is obtained based on the third signature value and the fourth signature value, and further, the collaborative signature verification result is generated based on the first verification result and the second verification result, each participant is ensured to participate in the collaborative signature, the validity mechanism of each collaborative signature is ensured, the validity and the validity of the collaborative signature is ensured, and the validity of the overall signature are ensured, and the validity and the security of the system are ensured.
In a possible embodiment, the method further comprises:
Step S21, obtaining a public key of the cooperative end corresponding to the cooperative end, wherein the public key of the cooperative end comprises a first parameter value and a second parameter value, step S22, calculating the first parameter value, the second parameter value and a preset elliptic curve equation to judge whether the public key of the cooperative end meets the preset elliptic curve equation, and step S23, if not, terminating the cooperative signature verification process.
It should be noted that, the public key of the cooperative end refers to a public key used by the cooperative end in the elliptic curve cryptography system, where the public key is obtained by calculating a private key of the cooperative end and a base point G, and is generally represented as a point P2 on an elliptic curve and is in a form of P2=(x2,y2).
It should be further noted that the first parameter value refers to an x coordinate of the public key P2 at the coordination end, which is generally denoted as x2. The second parameter value refers to the y-coordinate of the co-terminal public key P2, generally denoted as y2.
Specifically, a cooperative end public key P2=(x2,y2 corresponding to a cooperative end is obtained, where the cooperative end public key includes a first parameter value x2 and a second parameter value y2, and further the first parameter value and the second parameter value are calculated with a preset elliptic curve equation to determine whether the cooperative end public key meets the preset elliptic curve equation, where the preset elliptic curve equation is y2=x3 +ax+b, and x2 and y2 are substituted into the elliptic curve equation to perform verification, and whether the equation is satisfied is checked.
Further, if the equation is satisfied, it indicates that P2 is a valid point on the elliptic curve, and if the equation is not satisfied, it indicates that P2 is not on the elliptic curve, the verification fails, and the verification flow is terminated.
According to the embodiment, the public key of the collaborative end corresponding to the collaborative end is obtained, wherein the public key of the collaborative end comprises a first parameter value and a second parameter value, the first parameter value, the second parameter value and a preset elliptic curve equation are calculated, whether the public key of the collaborative end meets the preset elliptic curve equation or not is judged, if not, the collaborative signature verification process is terminated, the public key of the collaborative end is effective, an attacker is prevented from forging the public key, the public key possibly is invalid or tampered due to the fact that the public key does not meet the elliptic curve equation is indicated, the verification process can be immediately found and terminated, the attacker is prevented from inserting or modifying the public key in the signing process, the safety of the signing process is ensured, meanwhile, in the early stage of the signing verification process, the invalid signing process can be timely found and terminated through verifying the validity of the public key, the calculation resources and time are saved, the data in the signing process is not tampered, and the integrity of the signing process is ensured.
In a possible embodiment, the method further comprises:
Step S31, the message digest is sent to a cooperator terminal for signature by the cooperator terminal based on the message digest to generate a fifth signature value, and the fifth signature value is returned to the verifier terminal, step S32, the fifth signature value returned by the cooperator terminal is received and a cooperator terminal public key is determined, and step S33, signature verification is carried out on the fifth signature value based on the cooperator terminal public key to verify the validity of the cooperator terminal.
The fifth signature value refers to a signature value generated by the collaboration terminal based on the message digest e.
Specifically, the verification terminal generates a message digest e, and then the verification terminal invokes the coordination terminal, signs the message digest e by using a private key d2 of the coordination terminal, and generates a fifth signature value (r, s 2), wherein the specific steps of calculating the fifth signature value (r, s 2) by the coordination terminal are as follows:
Generating a random number k2, calculating an elliptic curve point Q2=[k2 G, calculating r=x2 mod n, wherein x2 is the x coordinate of Q2, calculating s2=(d2×(e+r)-k2) mod n, obtaining a fifth signature value, and transmitting the signature value (r, s2) to a detecting party by a cooperative end.
The signature verification process is that a detection party uses a public key P2 at the coordination end to carry out signature verification on signature values (r, s2), u1=s2-1 ×e mod n and u2=s2-1 ×r mod n are calculated, and an elliptic curve point Q' = [ u1]G+[u2]P2 ] is calculated. And further checking whether the x coordinate of the Q' is equal to r, if so, checking the signature successfully, otherwise, checking the signature failed, and ending the collaborative signature verification flow.
In this embodiment, the message digest is sent to the cooperative end, so that the cooperative end signs based on the message digest, generates a fifth signature value, returns the fifth signature value to the verification end, further receives the fifth signature value returned by the cooperative end, and determines a public key of the cooperative end, so that the validity of the cooperative end is verified by checking the fifth signature value based on the public key of the cooperative end, further signs the message digest by calling a private key d2 of the cooperative end, and uses a public key P2 of the cooperative end to check the signature, so as to ensure that the cooperative end does have a private key d2 corresponding to P2, and further prevent identity masquerading, because if the cooperative end does not have a corresponding private key d2, the signature cannot pass through the signature checking of P2, thereby preventing identity masquerading and unauthorized signature behaviors, and timely discovering and terminating the signature process in an early stage of a signature verification process, and saving computing resources and time.
In a possible implementation manner, the obtaining a first verification result based on the process data, the first signature value and the second signature value includes:
Step S41, detecting whether a message abstract and an elliptic curve point exist in the process data, step S42, if yes, extracting a third parameter value and a fourth parameter value in the first signature value and a fifth parameter value and a sixth parameter value in the second signature value, and carrying out consistency verification on the third parameter value and the fifth parameter value, step S43, if verification is passed, verifying the correctness of the fourth parameter value and the sixth parameter value according to a first preset verification formula, and step S44, if verification is passed, determining that a collaborative signature technology is correctly used when the initiating terminal and the collaborative terminal carry out collaborative signature so as to generate a first verification result.
It should be noted that, the third parameter value in the first signature value refers to r in the partial signature value (r, s2) sent by the cooperative end, and the fourth parameter value refers to r in the joint signature value (r, s) generated by the initiating end. The fifth parameter value in the second signature value refers to s2 in the partial signature values (r, s2) sent by the cooperative end, and the sixth parameter value refers to s in the joint signature values (r, s) generated by the initiating end.
Specifically, whether a message digest and an elliptic curve point exist in the process data is detected, if yes, a third parameter value and a fourth parameter value in the first signature value and a fifth parameter value and a sixth parameter value in the second signature value are extracted, and further consistency verification is performed on the third parameter value and the fifth parameter value, specifically, consistency verification can be performed by referring to the step in "consistency comparison of the seventh parameter value and an eighth parameter value corresponding to the fourth signature value".
Further, if the verification is passed, verifying the correctness of the fourth parameter value and the sixth parameter value according to a first preset verification formula, wherein the specific verification process is as follows:
order the T=[s](P+G)+[r]P,T'=[s1+w1s2+w2s3+...+wγsγ+1]·P2-[r]·G
Wherein the method comprises the steps of ,s1=d1(r+Wy+1)mod n;s2=(d2Wy+2)mod n,...,sy+1=(d2W2y+1)mod n;
T'=(s1·P2+w1s2·P2+w2s3·P2+...+wγsγ+1·P2)-[r]·G
=(s1·P2+w1s2·d2-1G+w2s3·d2-1G+...+wγsγ+1·d2-1G)-[r]·G
=(s1·d2-1G+Q1s2·d2-1+Q2s3·d2-1+...+Qγsγ+1·d2-1)-[r]·G
=(s1G+Q1s2+Q2s3+...+Qγsγ+1)·d2-1-[r]·G
T'·d2+[r]·G·d2=(s1G+Q1s2+Q2s3+...+Qγsγ+1)
T’·d2+[r]·G·d2=[s](P+G)·d2+[r]P·d2+[r]·G·d2
=[s]P1+[r](P·d2+G·d2)
=[s]P1+[r]P1=(s+r)P1
=(s1P2+w1·d2·wy+2·d2-1G+w2·d2·wy+3·d2-1G+...+wγ·d2·w2y+2·d2-1G)-[r]G
=(s1P2+w1·wy+2·G+w2·wy+3·G+...+wγ·w2y+2·G)-[r]·G
=(s1P2+Q1·wy+2+Q2·wy+3+...+Qγ·w2y+2)-[r]·G
=(d1(r+wy+1)·d2-1G+Q1·wy+2+Q2·wy+3+...+Qγ·w2y+2)-[r]·G
=(r·G+wy+1·G+Q1·wy+2+Q2·wy+3+...+Qγ·w2y+2)-[r]·G
=wy+1·G+Q1·wy+2+Q2·wy+3+...+Qγ·w2y+2
=Q
According to a first preset verification formula, namely:
s·(P+G)=(P2·(s1+w1s2+w2s3+...+wγsγ+1)-r·(P+G))mod n, Obtaining:
s =(P2·(s1+w1s2+w2s3+...+wγsγ+1)-r·(P+G))·(P+G)-1
=P2·(P+G)-1·(s1+w1s2+w2s3+...+wγsγ+1)-r
=d2-1·G·(P+G)-1·(s1+w1s2+w2s3+...+wγsγ+1)-r( 1, a method for manufacturing the same
Further, since (w1、w2、w3、...、wr+1)、(s1、s2、s3、...、sr+1)、P2、r、PA、G, is known at the verification end and then substituted into (equation 1), the value of s is obtained, and T' are calculated from the value of s、(Q1、Q2、...、Qγ)、(s1、s2、s3、...、sr+1)、P2、r、PA、G. After verifying (s1、s2、s3、...、sr+1) the relation between s and the signature value (r, s1、s2、s3、...、sr+1) of the cooperative end obtained by the verification initiating end by comparing the values of T and T', a cooperative signature mechanism is adopted to complete the system signature.
Further, if t=t', it is proved (s1、s2、s3、...、sr+1) that such a relationship :s×(PA+G)=(P2×(s1+w1s2+w2s3+...+wγsγ+1)-r×(PA+G), exists between s, and after the initiating terminal obtains the signature value (r, s1、s2、s3、...、sr+1) of the cooperative terminal, the initiating terminal completes the joint signature operation of the system by adopting the mechanism of cooperative signature, outputs the joint signature value (r, s), and generates the first verification result. Otherwise, if T is not equal to T', the initiating terminal is not correctly completed with the collaborative signature mechanism, and the verification process is ended.
In this embodiment, by detecting whether a message digest and an elliptic curve point exist in the process data, if so, extracting a third parameter value and a fourth parameter value in the first signature value and a fifth parameter value and a sixth parameter value in the second signature value, and verifying consistency of the third parameter value and the fifth parameter value, if verification is passed, verifying correctness of the fourth parameter value and the sixth parameter value according to a first preset verification formula, and if verification is passed, determining that a cooperative signature technology is correctly used when the initiating terminal and the cooperative terminal perform cooperative signature, so as to generate a first verification result, thereby completing final signature by verifying whether the initiating terminal correctly uses signature data of the cooperative terminal, ensuring integrity and correctness of a signature process, preventing the initiating terminal from falsifying or ignoring the data after receiving signature data of the cooperative terminal, and generating an invalid signature because if the initiating terminal does not correctly use the cooperative signature technology, a detecting party cannot pass verification, thereby preventing and finally verifying whether the initiating terminal performs cooperative signature by adopting the cooperative signature technology.
Based on this, the embodiment of the application provides a collaborative signature verification method, and referring to fig. 3, fig. 3 is a schematic flow chart provided by a second embodiment of the collaborative signature verification method of the application.
In a possible implementation manner, the obtaining a second verification result based on the third signature value and the fourth signature value includes:
step S51, a first random number, a cooperative public key and a message digest are determined, and based on a second preset verification formula, the first random number, the cooperative public key, the message digest and the third signature value are calculated to obtain a seventh parameter value corresponding to the third signature value;
Step S52, comparing the seventh parameter value with the eighth parameter value corresponding to the fourth signature value in consistency;
step S53, if the comparison is successful, determining that the cooperative end participates in the cooperative signature process to generate a second verification result.
It should be noted that, the seventh parameter value refers to r in the partial signature value sent by the coordination end, and the eighth parameter value corresponding to the fourth signature value refers to r' in the joint signature value calculated by the verification end.
Specifically, a first random number k1, a public key P2 at the coordination end and a message digest e are determined, and based on a second preset verification formula, values such as the first random number, the public key at the coordination end and the message digest are calculated with the third signature value to obtain a seventh parameter value corresponding to the third signature value, and the specific calculation flow is as follows:
1) Firstly, according to the signature verification principle in the SM2 digital signature technology, the mathematical expression of the elliptic curve point (x1',y1') of the combined signature is obtained as follows:
(x1',y1') = [ s ] g+ [ t ] P = [ s ] g+ [ r+s ] P = [ s ] g+ [ r ] p+ [ s ] P = [ s ] (p+g) + [ r ] P (formula 2)
2) Since s=(d1·(s1+w1s2+w2s3+...+wγsγ+1)-r)mod n, is:
s·(P+G)=(d1·(P+G)·(s1+w1s2+w2s3+...+wγsγ+1)-r·(P+G))mod n( 3, a method for manufacturing the same
3) If public key p=d1-1P2 -G satisfies the collaborative signing key generation requirement, d1-1P2=P+G;P2=d1-1 (p+g), therefore (formula 2) can be expressed as:
s·(P+G)=(P2·(s1+w1s2+w2s3+...+wγsγ+1)-r·(P+G))mod n( 4, a method for manufacturing the same
And thus can be obtained,
[s]·(P+G)=[s1+w1s2+w2s3+...+wγsγ+1]·P2-[r]·P-[r]·G;
[s]·(P+G)+[r]·P=[s1+w1s2+w2s3+...+wγsγ+1]·P2-[r]·G ( 5. The method is applicable to the field of medical treatment
4) As available according to (formula 2) and (formula 5),
(x1',y1')=[s1+w1s2+w2s3+...+wγsγ+1]·P2-[r]·G ( 6. The method is applicable to the field of medical treatment
When the verification end simulates the test of the initiation end, Q1=W1G=k1 G is sent, and the (6) = [ s1+k1s2]*P2 - [ r ] G;
When W1=d1-1k1 is executed, the initiating terminal generates W2=k2,W3=k3 at the moment, and the verifying terminal simulates the transmission of the initiating terminal during the test Q1=W1G=d1-1·k1·G=k1P1,Q2=k2G,Q3=k3G,
When the compound (formula 6) is used at the same time, since W1·P2=d1-1·k1·P2=k1 (P+G),
(A) 6)=(s1·P2+w1s2·P2+w2s3·P2+...+wγsγ+1·P2)-[r]·G,
(A) 6)=(s1·P2+s2·d1-1k1·P2+w2s3·P2+...+wγsγ+1·P2)-[r]·G,
(A) 6)=(s1·P2+s2·k1·(P+G)+k2s3·P2+...+kγsγ+1·P2)-[r]·G
When W1=d1-2k1 is executed, the initiator generates W2=k2,W3=k3, and the verification terminal simulates Q1=W1G=d1-2·k1·G=d1-1·k1·d1-1·G=d1-1·k1·P1,Q2=k2G,Q3=k3G, transmitted during the initiator test and is used simultaneously (formula 6), because W1·P2=d1-2·k1·P2=d1-1·k1·(P+G),
(A) 6)=(s1·P2+w1s2·P2+w2s3·P2+...+wγsγ+1·P2)-[r]·G,
(A) 6)=(s1·P2+s2·d1-1k1·P2+w2s3·P2+...+wγsγ+1·P2)-[r]·G,
(A) 6)=(s1·P2+s2·k1·(P+G)+k2s3·P2+...+kγsγ+1·P2)-[r]·G
Because of ,P= [d1-1d2-1-1]G= d1-1d2-1G-G= d1-1P2-G=d2-1P2-G
d1-1P2=P+G;d2-1P2=P+G;P1=(P+G)d2;P2=d1P+d1G=d1(P+G)=d2-1G;
[s]·(P+G)·d1-1+[r]P·d1-1=[s1+w1s2+w2s3+...+wγsγ+1]·P2·d1-1-[r]·G·d1-1
Background type son :s1=d2(r+wγ+1)mod q,s2=(d2wγ+2)mod q,...,sγ+1=(d2w2γ+1)mod q;
The background formula is w1,w2,...wγ epsilon [1, n-1]; calculating Q1=[w1]G,...,Qγ=[wγ ] G;
Background formula q= (x 1, y 1) = [ wγ+1]G+[wγ+2]Q1+...+[w2γ+1 ] Q;
At the co-ordination end, due to s2=(d2·(r+W2)) mod n, then s2 is substituted (equation 6), yielding:
(x1',y1')=[s1+w1s2+w2s3+...+wγsγ+1]·P2-[r]·G
=s1·P2+w1s2·P2+w2s3·P2+...+wγsγ+1·P2-[r]·G
=d2(r+wγ+1)·P2+w1·(d2wγ+2)·P2+w2·(d2wγ+3)·P2+...+wγ·d2w2γ+1·P2-[r]·G
=d2(r+wγ+1)d2-1G+w1(d2wγ+2)d2-1G+w2(d2wγ+3)d2-1G+...+wγd2w2γ+1d2-1G-[r]·G
=(r+wγ+1)·G+w1·(wγ+2)·G+w2·(wγ+3)·G+...+wγ·w2γ+1·G-[r]·G
=r·G+wγ+1·G+w1·(wγ+2)·G+w2·(wγ+3)·G+...+wγ·w2γ+1·G-[r]·G
=wγ+1·G+w1·(wγ+2)·G+w2·(wγ+3)·G+...+wγ·w2γ+1·G
= (x1,y1) (7)
X1'=x1, available according to (formula 7). Assuming that the joint signature value calculated by the verification terminal is represented by r '(eighth parameter value), the signature value sent by the cooperative party is r (seventh parameter value), and r' = (e+x1') mod n,r=(e+x1) mod n, further, by comparing the values of (e+x1 ') mod n and (e+x1) mod n, the (e+x1') mod n=(e+x1) mod n is obtained, so that the joint signature value r' =r calculated by the verification terminal is verified, and thus, the cooperative terminal can be proved to participate in the cooperative signature. And the seventh parameter value and the eighth parameter value corresponding to the fourth signature value are subjected to consistency comparison, so that if the comparison is successful, the cooperative end is determined to participate in the cooperative signature process, and a second verification result is generated.
Furthermore, this conclusion can be verified by directly calculating the value of (x1', y1 ') using the signature value (r, s2) already grasped by the verification terminal, the random number k1, the cooperative-terminal public key P2, and point G (equation 6), and then calculating the value of r' using x1 ', e, and r' = (e+x1 ') mod n, and further verifying whether the cooperative party participates in the cooperative signature by comparing the values of r' and r.
Further, if r '=r, it indicates that the cooperative end participates in the cooperative signature, and if r' +.r, it indicates that the cooperative end does not participate in the cooperative signature. In addition, the verification process also illustrates that PA is the public key of the joint signature and is generated by the mechanism of collaborative signature (p= [ d1-1d2-1 -1]G).
According to the embodiment, the first random number, the public key of the cooperative end and the message digest are determined, the first random number, the public key of the cooperative end and the message digest are calculated with the third signature value based on a second preset verification formula to obtain a seventh parameter value corresponding to the third signature value, and the seventh parameter value is compared with an eighth parameter value corresponding to the fourth signature value in consistency, so that if the comparison is successful, the cooperative end is determined to participate in the cooperative signature process to generate a second verification result, and then the verification end simulates the action of the initiating end, and verifies whether the cooperative end correctly generates part of signature data according to the cooperative signature protocol, so that the cooperative end plays a role in the signature process, rather than just transmitting some invalid or forged data or counterfeiting cooperative signature of the initiating end by itself, and if the cooperative end does not actually participate in the cooperative signature process, the detecting party cannot timely find and prevent potential cheating actions through subsequent verification steps, and the purpose of verifying that the cooperative end correctly participates in the cooperative signature process is achieved.
Based on this, the embodiment of the application provides a collaborative signature verification method, and referring to fig. 4, fig. 4 is a schematic flow chart provided by a third embodiment of the collaborative signature verification method of the application.
In this embodiment, the collaborative signature verification method includes steps S61 to S63:
Step S61, receiving elliptic curve points and a message abstract sent by a verification terminal, and determining a private key of a cooperative terminal;
It should be noted that, the private key of the cooperative end refers to a private key used by the cooperative end (cooperative end) to generate a signature, denoted as d2.
Step S62, calculating a third signature value based on the private key of the coordination terminal, the elliptic curve point number and the message digest;
Specifically, the cooperative end generates a random number k2, generates or calculates a number W2 based on the random number k2, further adopts a cooperative signature mode, takes e and Q1 as the information of the initiating end, calculates a third signature value (r, s2) by using a private key d2 of the cooperative end, and sends the third signature value to the verification end;
wherein elliptic curve point (x1,y1)=[W2]G+d2-1Q1=[W2]G+d2-1[W1]G,r=(e+x1) mod n,s2=(d2·(r+W2)) mod n, notes that d2 is not public data, only the co-ordinated end is available.
Step S63, sending the third signature value to a verification end, so that the verification end calculates a fourth signature value based on the elliptic curve point number and the message digest, so as to obtain a second verification result based on the third signature value and the fourth signature value, and generate a collaborative signature verification result based on a first verification result and a second verification result, wherein the first verification result is generated based on the process data, the first signature value and the second signature value.
According to the embodiment, by receiving the elliptic curve point number and the message abstract sent by the verification terminal, determining a private key of the cooperative terminal, further calculating a third signature value based on the private key of the cooperative terminal, the elliptic curve point number and the message abstract, and then sending the third signature value to the verification terminal, the verification terminal calculates a fourth signature value based on the elliptic curve point number and the message abstract, and further obtains a second verification result based on the third signature value and the fourth signature value, and generates a cooperative signature verification result based on the first verification result and the second verification result, wherein the first verification result is generated based on the process data, the first signature value and the second signature value, and further ensures that each participant correctly participates in the cooperative signature process, each step has a definite verification mechanism, and ensures the reliability, the validity and the validity of the signature, so that the validity and the validity of the participant are jointly ensured, and the security of the cooperative signature mechanism are jointly ensured, and the overall security of the system is improved.
It should be understood that the sequence number of each step in the foregoing embodiment does not mean that the execution sequence of each process should be determined by the function and the internal logic, and should not limit the implementation process of the embodiment of the present invention.
The present application also provides a collaborative signature verification system, please refer to fig. 5, which includes:
The verification terminal 51 is configured to obtain process data after the initiation terminal and the coordination terminal complete collaborative signature, where the process data includes a first signature value and a second signature value, obtain a first verification result based on the process data, the first signature value and the second signature value, generate elliptic curve points and a message digest, send the elliptic curve points and the message digest to the coordination terminal for the coordination terminal to determine a private key of the coordination terminal, calculate a third signature value based on the private key of the coordination terminal, the elliptic curve points and the message digest, send the third signature value to the verification terminal, receive a third signature value returned by the coordination terminal, and calculate a fourth signature value based on the elliptic curve points and the message digest to obtain a second verification result based on the third signature value and the fourth signature value;
The collaborative terminal 52 is configured to receive the elliptic curve point number and the message digest sent by the verification terminal, determine a collaborative terminal private key, calculate a third signature value based on the collaborative terminal private key, the elliptic curve point number and the message digest, send the third signature value to the verification terminal, and calculate a fourth signature value based on the elliptic curve point number and the message digest by the verification terminal, so as to obtain a second verification result based on the third signature value and the fourth signature value, and generate a collaborative signature verification result based on the first verification result and the second verification result, wherein the first verification result is generated based on the process data, the first signature value and the second signature value.
The collaborative signature verification system is further configured to:
obtaining a public key of a cooperative end corresponding to the cooperative end, wherein the public key of the cooperative end comprises a first parameter value and a second parameter value;
calculating the first parameter value, the second parameter value and a preset elliptic curve equation to judge whether the public key of the coordination end meets the preset elliptic curve equation or not;
If not, the collaborative signature verification process is terminated.
The collaborative signature verification system is further configured to:
sending the message digest to a cooperative end, so that the cooperative end signs based on the message digest, generates a fifth signature value, and returns the fifth signature value to the verification end;
receiving a fifth signature value returned by the cooperative end, and determining a public key of the cooperative end;
and based on the public key of the coordination terminal, verifying the fifth signature value to verify the validity of the coordination terminal.
The collaborative signature verification system is further configured to:
detecting whether a message abstract and an elliptic curve point exist in the process data;
If yes, extracting a third parameter value and a fourth parameter value in the first signature value and a fifth parameter value and a sixth parameter value in the second signature value, and carrying out consistency verification on the third parameter value and the fifth parameter value;
If the verification is passed, verifying the correctness of the fourth parameter value and the sixth parameter value according to a first preset verification formula;
if the verification is passed, the correct use of the collaborative signature technology when the initiating terminal and the collaborative terminal carry out collaborative signature is determined, so as to generate a first verification result.
The collaborative signature verification system is further configured to:
Determining a first random number, a cooperative public key and a message digest, and calculating the first random number, the cooperative public key, the message digest and the third signature value based on a second preset verification formula to obtain a seventh parameter value corresponding to the third signature value;
consistency comparison is carried out on the seventh parameter value and an eighth parameter value corresponding to the fourth signature value;
If the comparison is successful, determining that the cooperative end participates in the cooperative signature process so as to generate a second verification result.
The collaborative signature verification system is further configured to:
Receiving elliptic curve points and a message abstract sent by a verification terminal, and determining a private key of a cooperative terminal;
Calculating a third signature value based on the collaborative end private key, the elliptic curve point number and the message digest;
And sending the third signature value to a verification terminal, so that the verification terminal calculates a fourth signature value based on the elliptic curve point number and the message digest to obtain a second verification result based on the third signature value and the fourth signature value, and generating a collaborative signature verification result based on a first verification result and the second verification result, wherein the first verification result is generated based on process data, the first signature value and the second signature value.
The collaborative signature verification system provided by the application can solve the technical problems in the background technology by adopting the collaborative signature verification method in the embodiment. Compared with the prior art, the collaborative signature verification system provided by the application has the same beneficial effects as the collaborative signature verification method provided by the embodiment, and other technical features in the collaborative signature verification system are the same as the features disclosed by the method of the embodiment, and are not repeated herein.
The application provides a collaborative signature verification device which comprises at least one processor and a memory in communication connection with the at least one processor, wherein the memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor so that the at least one processor can execute the collaborative signature verification method in the first embodiment.
Referring now to fig. 6, a schematic diagram of a collaborative signature verification device suitable for use in implementing embodiments of the present application is shown. The collaborative signature verification device in the embodiment of the present application may include, but is not limited to, mobile terminals such as mobile phones, notebook computers, digital broadcast receivers, PDAs (Personal DIGITAL ASSISTANT: personal digital assistants), PADs (Portable Application Description: tablet computers), PMPs (Portable MEDIA PLAYER: portable multimedia players), vehicle-mounted terminals (e.g., vehicle-mounted navigation terminals), and the like, and fixed terminals such as digital TVs, desktop computers, and the like. The collaborative signature verification device shown in fig. 6 is only one example and should not impose any limitation on the functionality and scope of use of embodiments of the present application.
As shown in fig. 6, the collaborative signature verification apparatus may include a processing system 1001 (e.g., a central processor, a graphics processor, etc.) that may perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 1002 or a program loaded from a storage system 1003 into a random access Memory (RAM: random Access Memory) 1004. In the RAM1004, various programs and data required for operation of the cooperative signature verification apparatus are also stored. The processing system 1001, the ROM1002, and the RAM1004 are connected to each other by a bus 1005. An input/output (I/O) interface 1006 is also connected to the bus. In general, the following systems may be connected to the I/O interface 1006, an input system 1007 including, for example, a touch screen, touch pad, keyboard, mouse, image sensor, microphone, accelerometer, gyroscope, etc., an output system 1008 including, for example, a Liquid crystal display (LCD: liquid CRYSTAL DISPLAY), speakers, vibrator, etc., a storage system 1003 including, for example, a magnetic tape, hard disk, etc., and a communication system 1009. Communication system 1009 may allow the collaborative signature verification device to communicate wirelessly or by wire with other devices to exchange data. Although a collaborative signature verification device having various systems is shown in the figures, it should be understood that not all of the illustrated systems are required to be implemented or provided. More or fewer systems may alternatively be implemented or provided.
In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through a communication system, or installed from the storage system 1003, or installed from the ROM 1002. The above-described functions defined in the methods of the disclosed embodiments of the application are performed when the computer program is executed by the processing system 1001.
The collaborative signature verification device provided by the application can solve the technical problems in the background technology by adopting the collaborative signature verification method in the embodiment. Compared with the prior art, the collaborative signature verification device provided by the application has the same beneficial effects as the collaborative signature verification method provided by the embodiment, and other technical features in the collaborative signature verification device are the same as the features disclosed by the method of the previous embodiment, and are not described in detail herein.
It is to be understood that portions of the present disclosure may be implemented in hardware, software, firmware, or a combination thereof. In the description of the above embodiments, particular features, structures, materials, or characteristics may be combined in any suitable manner in any one or more embodiments or examples.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
The present application provides a computer readable storage medium having computer readable program instructions (i.e., a computer program) stored thereon for performing the collaborative signature verification method of the above-described embodiments.
The computer readable storage medium provided by the present application may be, for example, a U disk, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, or device, or a combination of any of the foregoing. More specific examples of a computer-readable storage medium may include, but are not limited to, an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access Memory (RAM: random Access Memory), a Read-Only Memory (ROM), an erasable programmable Read-Only Memory (EPROM: erasable Programmable Read Only Memory or flash Memory), an optical fiber, a portable compact disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In this embodiment, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, or device. Program code embodied on a computer readable storage medium may be transmitted using any appropriate medium, including but not limited to electrical wiring, fiber optic cable, RF (Radio Frequency) and the like, or any suitable combination of the foregoing.
The above-mentioned computer-readable storage medium may be contained in the collaborative signature verification apparatus or may exist alone without being incorporated in the collaborative signature verification apparatus.
The computer-readable storage medium carries one or more programs that, when executed by a collaborative signature verification device, cause the collaborative signature verification device to:
acquiring process data after the initiating terminal completes collaborative signature, wherein the process data comprises a first signature value and a second signature value;
Obtaining a first verification result based on the process data, the first signature value and the second signature value;
Generating elliptic curve points and a message abstract, sending the elliptic curve points and the message abstract to a cooperative end so that the cooperative end can determine a private key of the cooperative end, calculating a third signature value based on the private key of the cooperative end, the elliptic curve points and the message abstract, and sending the third signature value to a verification end;
Receiving a third signature value returned by the coordination terminal, and calculating a fourth signature value based on the elliptic curve point number and the message digest to obtain a second verification result based on the third signature value and the fourth signature value;
and generating a collaborative signature verification result based on the first verification result and the second verification result.
Computer program code for carrying out operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of remote computers, the remote computer may be connected to the user's computer through any kind of network, including a local area network (LAN: local Area Network) or a wide area network (WAN: wide Area Network), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules involved in the embodiments of the present application may be implemented in software or in hardware. Wherein the name of the module does not constitute a limitation of the unit itself in some cases.
The readable storage medium provided by the application is a computer readable storage medium, and the computer readable storage medium stores computer readable program instructions (i.e. a computer program) for executing the collaborative signature verification method, so as to solve the technical problems in the background technology. Compared with the prior art, the beneficial effects of the computer readable storage medium provided by the application are the same as those of the collaborative signature verification method provided by the above embodiment, and are not described in detail herein.
An embodiment of the application provides a computer program product comprising a computer program which, when executed by a processor, implements the steps of a collaborative signature verification method as described above.
The computer program product provided by the application can solve the technical problems as in the background art. Compared with the prior art, the beneficial effects of the computer program product provided by the embodiment of the application are the same as those of the collaborative signature verification method provided by the embodiment, and are not described in detail herein.
The foregoing description is only a partial embodiment of the present application, and is not intended to limit the scope of the present application, and all the equivalent structural changes made by the description and the accompanying drawings under the technical concept of the present application, or the direct/indirect application in other related technical fields are included in the scope of the present application.