CN1177872A - Method for realizing digital signing with information appendix and checking method thereof - Google Patents

Method for realizing digital signing with information appendix and checking method thereof Download PDF

Info

Publication number
CN1177872A
CN1177872A CN 97117857 CN97117857A CN1177872A CN 1177872 A CN1177872 A CN 1177872A CN 97117857 CN97117857 CN 97117857 CN 97117857 A CN97117857 A CN 97117857A CN 1177872 A CN1177872 A CN 1177872A
Authority
CN
China
Prior art keywords
signature
message
mod
digital signature
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN 97117857
Other languages
Chinese (zh)
Inventor
车荣台
李炅熙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Samsung Electronics Co Ltd
Original Assignee
Samsung Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Samsung Electronics Co Ltd filed Critical Samsung Electronics Co Ltd
Priority to CN 97117857 priority Critical patent/CN1177872A/en
Publication of CN1177872A publication Critical patent/CN1177872A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

一种用于实现一具有消息附录的数字签名的方法和一种用于证实这种签名的方法。该方法包括步骤:响应发送一消息M,用gk乘以散列码H(M),其中的gk由每当执行一签名时产生的随机数K计算,对此乘法结果由一模数P执行模乘,并且通过将其结果值截断为Lq位而得到一签名的开始部分R,采用一签名者的秘密密钥X而获得一签名的结尾部分S,其随机数K在每当执行签名时产生,并且通过S=(K-RX)mod q计算R,然后传送一用于证实数字签名的签名证实密钥Y和包括R、S的消息M。

A method for implementing a digital signature with an appendix to a message and a method for verifying such a signature. The method comprises the steps of: sending a message M in response, multiplying a hash code H(M) by g k , wherein g k is calculated by a random number K generated each time a signature is executed, and the result of the multiplication is determined by a modulus P performs a modular multiplication, and obtains the beginning part R of a signature by truncating its result value to Lq bits, and obtains the ending part S of a signature using a signer's secret key X, whose random number K is executed each time It is generated when signing, and R is calculated by S=(K-RX) mod q, and then a signature verification key Y and a message M including R and S are sent to verify the digital signature.

Description

用于实现具有消息附录的数字 签名的方法及其检验方法Method for implementing digital signature with message appendix and verification method thereof

本发明涉及数字签名,更具体地,本发明涉及一种具有消息附录的数字签名的方法,利用这种方法能够对电子文件或数据提供签名功能。The present invention relates to digital signatures, and more specifically, the present invention relates to a digital signature method with message appendix, which can provide signature function for electronic files or data.

通常,在信息的电子交换中的数字签名是传统邮件中手写签名的对应物。随着社会更多地依赖信息,由于计算机和电子通信的发展,所有的文件从传统邮件变成电子数据。在这种情况下,各实体间,即个人之间、个人和团体之间以及公司之间的合同或文件被更改和伪造的可能性变高了。为适应这种新情况,类似于在传统邮件中那样,需要一种对电子文件提供签名功能的技术。In general, digital signatures in the electronic exchange of information are the counterparts of handwritten signatures in traditional mail. As society relies more on information, due to the development of computers and electronic communication, all documents have changed from traditional mail to electronic data. In this case, the possibility of alteration and falsification of contracts or documents between entities, that is, between individuals, between individuals and groups, and between companies becomes high. To adapt to this new situation, a technology that provides a signature function to electronic documents is required, similarly to that in conventional mail.

即,为了适应上述情况,具有消息附录的数字签名用于在信息处理系统中和网络间通信系统中提供诸如数据的证实和完整之类的信息保护服务。需要一种密码技术用于所述数字签名技术,通过此技术能够防止电子文件的盗用、伪造和更改。That is, to accommodate the above-mentioned circumstances, digital signatures with message appendixes are used to provide information protection services such as authentication and integrity of data in information processing systems and inter-network communication systems. There is a need for a cryptographic technique for the digital signature technique, by which theft, forgery and alteration of electronic documents can be prevented.

采用密码技术的系统一般分为公开密钥系统和秘密密钥系统。秘密密钥方法的密码系统难于管理,因为想要通信的两个系统必须共享相同的秘密密钥,并且不能提供能给予充分保护的签名,还因为它不能提供诸如签名将提供的越权访问拒绝和抑制等功能。在公开密钥方法的密码系统中,其公开密钥和保密密钥采用一单向函数计算,这一数学解决是非常困难的。具有一公开副本的公开密钥的任何人能够利用此副本完成一秘密通信,因为此公开密钥被公开,为的是可由任何人使用,而所述秘密密钥由用户保护。Systems using cryptography are generally divided into public key systems and secret key systems. A cryptographic system of the secret key approach is difficult to manage because two systems wanting to communicate must share the same secret key, and cannot provide signatures that would give adequate protection, and because it cannot provide such things as unauthorized access denial and Inhibition and other functions. In the cryptographic system of the public key method, the public key and the secret key are calculated using a one-way function, and this mathematical solution is very difficult. Anyone who has a public copy of the public key can use this copy to perform a private communication because the public key is made public for use by anyone, while the secret key is protected by the user.

在采用公开密钥方法的数字签名中,采用了一对密钥,即用于签字一信息的秘密密钥和用于验证此签名的公开密钥。即,用于数字签名方法的这一对密钥包括用于证实的公开密钥和用于签名的秘密密钥。In digital signatures using the public key method, a pair of keys, a secret key for signing a message and a public key for verifying the signature, are used. That is, the pair of keys used in the digital signature method includes a public key for authentication and a secret key for signature.

采用公开密钥方法的一种消息签名是实行消息还原的数字签名。这种方法在验证签名的处理过程中还原消息。此数字签名方法由国际标准化组织和国际电工技术委员会(ISO/IEC9796)提供,它是一种实行消息还原的数字签名。在这时里,采用了RSA算法,其保密性是基于素因子的分解困难,在RSA算法,由于必须接收有限长度的消息,因此难于将数字签名加到一任意长度的消息中。One type of message signing using the public key method is a digital signature that performs message recovery. This method restores the message during the process of verifying the signature. This digital signature method is provided by the International Organization for Standardization and the International Electrotechnical Commission (ISO/IEC9796), and it is a digital signature that implements message restoration. At this time, the RSA algorithm is adopted, and its confidentiality is based on the difficulty of prime factor decomposition. In the RSA algorithm, it is difficult to add a digital signature to a message of any length because it must receive a message of limited length.

具有消息附录的数字签名与实行消息还原的数字签名不同。在此具有消息附录的数字签名中,采用一散列函数以获得此消息。由于在采用散列函数简化消息后实现签名,因此能够在短时间内完成签名和证实。ELGamal数字签名是具有消息附录的数字签名和公开密钥数字签名的一个例子,其保密性是基于计算一离散对数。但是,它的缺点是,在产生签名时,其签名长度将增加一倍。A digital signature with an appendix to a message is not the same as a digital signature that performs message restoration. In the digital signature with message appendix, a hash function is used to obtain the message. Since the signature is implemented after the message is simplified using a hash function, the signature and verification can be completed in a short time. ELGamal digital signature is an example of digital signature with message appendix and public key digital signature, whose secrecy is based on computing a discrete logarithm. However, it has the disadvantage that the signature length will be doubled when generating the signature.

本发明的一个目的是提供一种方法,用于实现具有消息附录的数字签名,其中采用一散列函数以便减小签名长度。It is an object of the present invention to provide a method for implementing digital signatures with message appendices in which a hash function is used in order to reduce the signature length.

本发明的另一个目的是提供一种方法,用于证实具有消息附录的数字签名。Another object of the present invention is to provide a method for verifying a digital signature with a message appendix.

为了实现第一个目的,这里提供了一种用于实现一具有消息附录的数字签名的方法,当Lp和Lq表示素因子p和q的位长度,并且在满足1<a<p-1和a(p-1)/q mod p>1时 g=a(p-1)/q mod p,此方法包括步骤:响应发送的一消息M,用gk乘以散列码H(M),其中的gk由每当执行一签名时产生的随机数K计算;对前面的乘法结果由一模数P执行模乘,并且通过将其结果值截断为Lq位而得到一签名的开始部分R,采用一签名者的秘密密钥X而获得一签名的结尾部分S,其随机数K在每当执行签名时产生,并且通过S=(K-RX)mod q计算R,然后传送一用于证实数字签名的签名证实密钥Y和包括R、S的消息M。In order to achieve the first purpose, a method for implementing a digital signature with message appendix is provided here, when L p and L q represent the bit lengths of prime factors p and q, and satisfy 1<a<p- 1 and a (p-1)/q mod p>1 when g=a (p-1) /q mod p, the method comprises the steps of: responding to a message M sent, multiplying the hash code H by g k ( M), where g k is calculated by the random number K generated whenever a signature is executed; the previous multiplication result is performed by a modulus P, and a signature is obtained by truncating the result value to L q bits The beginning part R of a signer's secret key X is used to obtain the end part S of a signature, whose random number K is generated every time a signature is executed, and R is calculated by S=(K-RX) mod q, and then A signature verification key Y for verifying the digital signature and a message M including R, S are transmitted.

为了实现第二个目的,这里提供了一种用于证实具有消息附录的数字签名的方法,当Lp和Lq表示素因子p和q的位长度,并且在满足1<a<p-1和a(p-1)/q mod p>1时g=a(p-1)/q modp时,此方法包括步骤,接收在权利要求1中发送的消息Y、M、S和R,并且确认0<R<q以及0<s<q,通过与消息M相对应的散列函数值H(M)、接收的S和R计算gs和YR,并且根据模数P执行模乘,然后,当将所述模乘结果截为Lq位后的结果值等于所接收的值R时,使一具有公开证实密钥Y的用户能够确认签名的所述接收消息M。In order to achieve the second purpose, a method for verifying a digital signature with a message appendix is provided here, when L p and L q represent the bit lengths of the prime factors p and q, and satisfy 1<a<p-1 and a (p-1)/q mod p>1 when g=a (p-1)/q mod p, the method comprises the steps of receiving the messages Y, M, S and R sent in claim 1, and Confirm 0<R<q and 0<s<q, calculate g s and Y R through the hash function value H(M) corresponding to the message M, received S and R, and perform modular multiplication according to the modulus P, Then, when the result value after truncating the modular multiplication result into L q bits is equal to the received value R, a user with the public verification key Y can confirm the signed received message M.

通过参照附图详细地描述其最佳实施例,本发明的上述目的和优点将变得更加清楚,其中:The above objects and advantages of the present invention will become more apparent by describing in detail its preferred embodiments with reference to the accompanying drawings, in which:

图1是一流程图,描述了一用于根据本发明产生一数字签名的方法。Fig. 1 is a flow chart depicting a method for generating a digital signature according to the present invention.

图2是一流程图,描述了一用于证实所产生的数字签名的方法。Fig. 2 is a flowchart describing a method for verifying a generated digital signature.

下面,将参照附图详细描述本发明。在说明本发明之前,在本发明中使用的参考符号将描述如下。M表示一发送消息。p和q表示素因子。Lp和Lq分别表示p和q的位长度。定义当满足1<a<p-1和a(p-1)/q mod p>1时g=a(p-1)/qmod P。X表示一签字者的秘密签名密钥。Y表示一公开的签名证实密钥,以便证实此数字签名:Y=gx mod p.K表示一随机数,它是{1,2,…,q-1}中的任意元素。此数字签名∑通过R和S的并置(concatenation)而获得。R和S都小于q。Hereinafter, the present invention will be described in detail with reference to the accompanying drawings. Before explaining the present invention, reference symbols used in the present invention will be described as follows. M represents a send message. p and q represent prime factors. L p and L q denote the bit lengths of p and q, respectively. Define g=a (p-1)/q mod P when 1<a<p-1 and a (p-1)/q mod p>1 are satisfied. X represents a signer's secret signing key. Y represents a public signature verification key to verify the digital signature: Y=g x mod pK represents a random number, which is any element in {1, 2, . . . , q-1}. This digital signature Σ is obtained by concatenation of R and S. Both R and S are smaller than q.

X、Y、p和q都是固定的变量,其中p、q和g由所有用户共享,但是,每当产生签名时,随机数K都重新选择。在签名处理过程中使用的K和X不应被他人知道,并且其取值在0至所述素因子q之间选择。H是一具有抗冲突性的散列函数。h=H(M)是一散列码。它是对所签字的消息进行散列函数运算的结果。另外,“‖”表示并置。X, Y, p, and q are all fixed variables, where p, q, and g are shared by all users, however, the random number K is reselected whenever a signature is generated. K and X used in the signature process should not be known by others, and their values are selected between 0 and the prime factor q. H is a collision-resistant hash function. h=H(M) is a hash code. It is the result of hashing the signed message. In addition, "‖" means juxtaposition.

根据上面的定义和理解,本发明的具有消息附录的数字签名能够如下所述而产生。图1是一方法流程图,用于产生根据本发明的数字签名。According to the above definition and understanding, the digital signature with message appendix of the present invention can be generated as follows. Fig. 1 is a flowchart of a method for generating a digital signature according to the present invention.

首先,采用散列函数产生一消息M的散列码H(M),其中的散列函数是一单向函数(步骤100)。每次产生签名时,从{1,2,…,q-1}中选择产生一可选择的随机数K(步骤110)。采用所产生的随机数计算gK(步骤120)。gk是一个与消息无关的值并且能够预先计算。First, a hash code H(M) of a message M is generated by using a hash function, wherein the hash function is a one-way function (step 100). Each time a signature is generated, an optional random number K is selected from {1, 2, . . . , q-1} (step 110). Compute g K using the generated random numbers (step 120). g k is a message-independent value and can be precomputed.

在由预先计算的值完成此散列码的模p乘法后(步骤130),其结果被截断为Lq位长。截断意味着弃除超过Lq位长的所有位。其结果为R,此值对应于签名的开始部分(步骤140)。After the modulo-p multiplication of this hash code by the precomputed value (step 130), the result is truncated to be L q bits long. Truncation means discarding all bits longer than L q bits. The result is R, which corresponds to the beginning of the signature (step 140).

采用签字者的秘密签名密钥计算S=(K-RX)mod q,以便产生签名的结尾部分(步骤150)。通过并置R和S而输出签名∑=RIIS(步骤160)。此签名加到消息中,并且{Y,M,R和S}与签名的证实密钥Y一起被传送(步骤170)。S=(K-RX) mod q is computed using the signer's secret signing key to generate the epilogue of the signature (step 150). The signature Σ=RIIS is output by concatenating R and S (step 160). This signature is added to the message and {Y, M, R and S} are transmitted along with the signature's verification key Y (step 170).

图2是一方法流程图,用于证实所产生的数字签名,一证实者根据∑=RIIS确认0<R<q和0<S<q以便证实此签名,其中的∑是此证实者接收的签名消息之一(步骤200)。在满足上述两个条件的情况下,签名由图2所示的进行证实。由接收的消息M和接收的S、R计算gs、YR和散列函数值H(M)(步骤210),并且完成模p乘法(步骤220)。通过截断模乘结果到Lq位而产生VR(步骤230),并且将VR与所接收的值R进行比较(步骤240)。当VR等于R时,具有签名者的公开证实密钥Y的此用户能够确认,所接收消息M的签名∑=RIIS被采用所述签名者的秘密签名密钥X而签名(步骤250)。此VR不等于R意味着,此消息M被用一非法签名而签名或者被一攻击者改变。在这种情况下,消息M被当用作无效数据(步骤260)。Fig. 2 is a flow chart of a method for verifying the generated digital signature, a verifier confirms 0<R<q and 0<S<q according to ∑=RIIS so as to verify the signature, where ∑ is received by the verifier One of the signed messages (step 200). In the case where the above two conditions are met, the signature is verified as shown in Figure 2. Compute g s , Y R and the hash function value H(M) from the received message M and the received S, R (step 210), and perform modulo p multiplication (step 220). VR is generated by truncating the modular multiplication result to Lq bits (step 230), and compared to the received value R (step 240). When V R equals R, this user, having the signer's public attestation key Y, can confirm that the signature Σ=RIIS of the received message M was signed with the signer's secret signing key X (step 250). The fact that VR is not equal to R means that the message M was signed with an illegal signature or changed by an attacker. In this case, the message M is treated as invalid data (step 260).

根据本发明,传统邮件中的签名功能能够提供给电子文件和能够证实电子文件的原始撰写器(original drafter)。According to the present invention, a signature function in a conventional mail can be provided to an electronic document and an original drafter capable of authenticating the electronic document.

当原始文件的内容被第三方改变时能够知道此文件被第三方改变并且能够提供电子货币所需的电子签名。另外,此数字签名能够用于授权系统并且能够增加证实签名的速度。When the content of the original file is changed by a third party, it can be known that the file has been changed by a third party and an electronic signature required for electronic money can be provided. In addition, this digital signature can be used in authorization systems and can increase the speed of verifying the signature.

Claims (2)

1, a kind ofly is used to realize that one has the method for the digital signature of information appendix, works as L pAnd L qThe bit length of expression prime p and q, and at satisfied 1<a<p-1 and a (p-1)/qMod p>1 o'clock g=a (p-1)/qMod p comprises step:
The message M that response sends uses g kMultiply by hash code H (M), g wherein kCalculate by the random number K that when carrying out a signature, produces;
Described multiplication result is carried out mould by a modulus P take advantage of, and be L by its end value is blocked qThe position and obtain one the signature beginning part R;
Adopt the privacy key X of a signer and obtain an ending S who signs, its random number K is producing when carrying out signature, and by S=(K-RX) mod q calculating R; And
Transmission one is used for the signature verification key Y of confirmer digital signature and comprises the message M of described R, S.
2, a kind of method that is used to confirm have the digital signature of information appendix is worked as L pAnd L qThe bit length of expression prime p and q, and at satisfied 1<a<p-1 and a (p-1)/qMod p>1 o'clock g=a (p-1)/qMod p comprises step:
Be received in message Y, the M, S and the R that send in the claim 1, and confirm 0<R<q and 0<S<q;
Calculate g by S and R with the corresponding Hash functional value H of message M (M), described reception sAnd Y R, and carry out mould according to modulus P and take advantage of;
When taking advantage of the result to be truncated into L described mould qDuring value R that the end value behind the position equals to be received, make a user with open verification key Y can confirm the reception message M that signs.
CN 97117857 1996-07-31 1997-07-24 Method for realizing digital signing with information appendix and checking method thereof Pending CN1177872A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 97117857 CN1177872A (en) 1996-07-31 1997-07-24 Method for realizing digital signing with information appendix and checking method thereof

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR32051/96 1996-07-31
CN 97117857 CN1177872A (en) 1996-07-31 1997-07-24 Method for realizing digital signing with information appendix and checking method thereof

Publications (1)

Publication Number Publication Date
CN1177872A true CN1177872A (en) 1998-04-01

Family

ID=5174570

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 97117857 Pending CN1177872A (en) 1996-07-31 1997-07-24 Method for realizing digital signing with information appendix and checking method thereof

Country Status (1)

Country Link
CN (1) CN1177872A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1653459B (en) * 2001-06-12 2010-12-15 捷讯研究有限公司 System and method for processing encoded messages exchanged with a mobile data communications device
CN101828210B (en) * 2007-10-29 2014-05-07 日本电信电话株式会社 Signature generating device, signature verifying device, their methods

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1653459B (en) * 2001-06-12 2010-12-15 捷讯研究有限公司 System and method for processing encoded messages exchanged with a mobile data communications device
CN101828210B (en) * 2007-10-29 2014-05-07 日本电信电话株式会社 Signature generating device, signature verifying device, their methods

Similar Documents

Publication Publication Date Title
Kohnfelder Towards a practical public-key cryptosystem.
EP1687931B1 (en) Method and apparatus for verifiable generation of public keys
Moore Protocol failures in cryptosystems
US5537475A (en) Efficient digital signature algorithm and use thereof technical field
EP0503119B1 (en) Public key cryptographic system using elliptic curves over rings
US5606617A (en) Secret-key certificates
US6490352B1 (en) Cryptographic elliptic curve apparatus and method
US6298153B1 (en) Digital signature method and information communication system and apparatus using such method
CA2279462A1 (en) Data card verification system
CN1108041C (en) Digital signature method using elliptic curve encryption algorithm
EP2686978B1 (en) Keyed pv signatures
JP2002534701A (en) Auto-recoverable, auto-encryptable cryptosystem using escrowed signature-only keys
GB2313272A (en) Digital signature protocol with reduced bandwidth
Lim et al. A study on the proposed Korean digital signature algorithm
JP4772965B2 (en) Method for proving entity authenticity and / or message integrity
US20050025311A1 (en) Tate pairing techniques for use with hyperelliptic curves
US7382875B2 (en) Cryptographic method for distributing load among several entities and devices therefor
KR100397601B1 (en) Digital signature method and message verification method
Jeng et al. An ECC-based blind signature scheme
Michels et al. GOST 34.10—a brief overview of Russia's DSA
Yang et al. A provably secure and efficient strong designated verifier signature scheme
CA2306468A1 (en) Signature verification for elgamal schemes
WO2016187689A1 (en) Signature protocol
CN1177872A (en) Method for realizing digital signing with information appendix and checking method thereof
Prajwal Digital signature algorithm: A hybrid approach

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication