53 results about "Elliptic Curve Digital Signature Algorithm" patented technology

The invention discloses a consortium chain permission control method based on digital certificates and a CA authentication system. In a consortium chain, the enrollment control and automatic authorization of the consortium chain are realized through a layered digital certificate issuance system. The method of the invention pre-defines three kinds of permission mechanisms for respectively controlling enrollment permissions between consortium chain nodes, role permissions of the consortium chain nodes and access permissions of blockchain users. Three kinds of digital certificates including the enrollment certificate, role certificate and transaction certificate are used for respectively controlling the three permissions of node enrollment, role identification and client enrollment. An internationally accepted elliptic curve digital signature algorithm or a national crypto digital signature algorithm is used for achieving the generation of the digital certificates and secure message signature and validation, the defects of being large in permission granularity of a traditional blockchain or even having no enrollment functions and the like are overcome, the blockchain users are provided with anonymous transaction features, the security of blockchain transactions is improved, and the privacy needs of the users are met.

Execution of the Elliptic Curve Digital Signature Algorithm (ECDSA) requires determination of a signature, which determination involves arithmetic operations. Some of the arithmetic operations employ a long term cryptographic key. It is the execution of these arithmetic operations that can make the execution of the ECDSA vulnerable to a power analysis attack. In particular, an attacker using a power analysis attack may determine the long term cryptographic key. By modifying the sequence of operations involved in the determination of the signature and the inputs to those operations, power analysis attacks may no longer be applied to determine the long term cryptographic key.

A public key and digital signature is provided using a private key of a public-private key pair in an elliptic curve digital signature algorithm (ECDSA) by: identifying domain parameters of an elliptic curve for use in elliptic curve cryptography, the domain parameters including an initial generating point; transforming the generating point into a new generating point as a deterministic function; generating the public key as a deterministic function of the private key and the domain parameters, in which the new generating point is substituted for the initial generating point; and generating the digital signature as a function of the private key and the domain parameters, in which the new generating point is substituted for the initial generating point.

A cryptography module includes a key store having a plurality of storage locations for storing a private key as k key fragments. One or more crypto-processing segments each operate based on corresponding ones of the k key fragments to process a message in accordance with elliptic curve digital signature algorithm (ECDSA) to produce a signed message.

The invention relates to the technical field of information security, and designs an anti-spoofing scheme based on an Elliptic Curve Digital Signature Algorithm, ECDSA. Due to the transparency and predictability of a civil Beidou second-generation navigation signal, a Beidou civil satellite navigation system is easily threatened by spoofing attacks. Digital signature authentication information isinserted into reserved positions of Beidou D1 and D2 navigation messages, the authenticity and integrity of navigation data are verified, and then the purpose of resisting the spoofing attacks is achieved. The effectiveness, the security and the real-time performance of the anti-spoofing scheme are verified through a simulation experiment. An experimental result shows that the anti-spoofing schemecan effectively provide authentication for the Beidou second-generation navigation messages and enhance the ability of the civil satellite navigation system to resist the spoofing attacks.

The invention discloses an elliptic curve based safety protection method for digital signatures of electric documents. The method comprises the following steps: 1, generating system parameters: setting public parameters such as elliptic curve, mapping functions and a plurality of effectively computable functions; establishing a user cipher key; randomly selecting a private key for each signer, working out the corresponding public key, keeping the private key secret for signature by the signer, and verifying the signature by the disclosed the public key; 2, signing process: by utilizing the private key, generating the message signature and sending the message signature to a document receiver; and 3, verifying process: after the message and the signature are received, by utilizing the verification formula in the proposal for checking, verifying the signature if the verification formula is true, and ensuring that the message received by a verifier is sent by a sender keeping the private key corresponding to the public key. The digital signature method can generate a plurality of elliptic curve based digital signature algorithms for safety protection of integrality, trueness and non-repudiation during document transmission.

The invention discloses a method and system for authenticating an SM2 (Smart Media 2) signature, relating to the technical fields of digital signature and authentication technology. The method for authenticating the SM2 signature is implemented through an ASIC (Application Specific Integrated Circuit) chip in which an ECDSA (Elliptic Curve Digital Signature Algorithm) is adopted. The method comprises the following steps of: 1, converting an SM2 signature waiting to be authenticated into a corresponding ECDSA signature; 2, authenticating the ECDSA signature obtained by conversion by using the ASIC chip in which the ECDSA is adopted; and 3, performing out-chip modular addition operation on an authentication result of the ECDSA signature, authenticating a modular addition operation result toobtain an authentication result of the SM2 signature, and returning a result indicating whether the signature is received. In the method, the SM2 signature is converted into the ECDSA signature, and ECDSA authentication is performed on the ECDSA signature to obtain the authentication result of the SM2 signature, so that an SM2 algorithm can be directly realized by using the conventional ASIC chipfor realizing ECDSA signature authentication, a chip design special for SM2 signature authentication is not required, and the developing period is shortened.

The invention provides a power data storage and query method and system based on a block chain technology, and relates to the field of block chains. The electric power data storage and query method based on the block chain technology comprises the following steps: classifying electric power data, designing block chains with different functions, and storing the data into different block chains according to the classification; in the power block chain, using an elliptic curve digital signature algorithm and asymmetric cryptography to carry out system initialization, and generating a key; and enabling the block chain smart contract to complete identity authentication through the key and store the data in the block. according to the method and system, only the corresponding account number can be added to the block chain network by setting the authority of the role of the block chain account number, and the identity is subjected to secondary verification, so that the privacy protection of the block chain data is realized, and the security of the block chain system is ensured. In addition, the invention further provides an electric power data storage and query system based on the block chain technology. The system comprises a classification module, an encryption module and a storage module.

The invention provides a reconfigurable rapid parallel multiplier. The reconfigurable rapid parallel multiplier comprises a control unit, a transient memory, two reconfigurable decomposition operand generating circuits, a secondary polynomial multiplier, a frequency adjustment circuit and an FPR circuit, wherein the control unit outputs a control vector S0, a control vector S1 and a control vector S2, the control vector S0 and the control vector S1 are used for controlling the two reconfigurable decomposition operand generating circuits so that i and i can be generated in the same way, the secondary polynomial multiplier is used for generating a control vector S2 which is used for controlling the frequency adjustment circuit to generate a D stored in the transient memory, i=0, 1, ..., and 5, and the FPR circuit is used for generating a final result C. Compared with an existing multiplier, the expandable multiplier has the advantages that the calculation time is shortened obviously, the area, the ADP and the power consumption are reduced obviously, and an analysis result provides a valuable reference for carrying out a pairing algorithm and an elliptic curve digital signature algorithm on an embedded system with limited resources and a smart phone.

Described is system for generation of elliptic curve digital signature algorithm (ECDSA) based digital signatures. A. Secret-Share protocol is initialized between a client and a set of servers to share a set of shares of a private key s among the set of servers. The set of servers initializes a protocol to generate a digital signature on a message using the set of shares of the private key s without reconstructing or revealing the private key A. The set of servers periodically initialises a Secret-Redistribute protocol on each share of the private key A- to re- randomize the set of shares. A Secret-Open protocol is initialized to reveal the private key s to an intended recipient, wherein the private key A is used to compute the digital signature.

The invention discloses a hardware implementation method and system for elliptic curve digital signature and signature verification, and belongs to the technical field of information security. In the prior art, the problems of high calculation complexity, insufficient hardware performance and high acceleration difficulty of an elliptic curve digital signature algorithm exist. In order to solve said problems, the hardware implementation method comprises the following steps: integrating point doubling, point addition, modular multiplication operation, modular addition operation, modular subtraction operation, modular inverse operation, modular shift operation and other bottom layer operations; building a new computing array structure, optimizing a scheduling method, and integrating and sharing computing resources. The calling times and the hardware resource consumption in the calculation process are reduced, the hardware performance and the scheduling sequence are improved, the system calculation time is shortened, the calculation efficiency is improved, the hardware resource use is reduced, and better performance is obtained.

The invention relates to a WLAN (wireless local area network) identity verification method. According to the method, two NFC (near field communication) modules, namely, a user NFC module adopted by user equipment and an NFC module of the WLAN, are used and work in a point-to-point mode; when a user requests access to the WLAN, the user NFC module and the NFC module of the WLAN establish NFC, exchange random information with a Diffie-Hellman algorithm and calculate symmetric keys; user identity verification is performed on symmetric key signatures and verification with an ECDSA (elliptic curve digital signature algorithm) identity verification method. With the adoption of the method, man-in-the-middle attacks and replay attacks are prevented for NFC, illegal access attacks are prevented to a certain extent for the WLAN, user identities are ensured to be real and effective, and the safety of access to the WLAN with NFC is enhanced.

A wireless communications system comprises a sector controller that includes a wireless transmitter, and a mobile subscriber station that includes a wireless receiver, and a memory. The wireless transmitter continuously transmitting frames. Each frame comprising a control field and the control field comprising a portion of an encryption certificate associated with the sector controller. The wireless receiver receives each frame and extracts the portion of the encryption certificate and stores the portion of an encryption certificate in the memory. The mobile subscriber station combines the portions of the encryption certificate stored in the memory and verifies that a complete encryption certificate has been received. After this the mobile subscriber station transmits its encryption certificate to the sector controller. The encryption certificates are based on an elliptic curve digital signature algorithm.

The invention discloses a batch authentication method for an elliptic curve digital signature algorithm under an implicit certificate. The method mainly comprises the following steps: judging whetherthe sum of the first parameters of the signatures of the to-be-authenticated data is equal to the sum of the products of the inverse of the second parameters of the signatures of the to-be-authenticated data and the abstract values of the to-be-authenticated data and the products of the base points on the corresponding elliptic curves plus the inverse of the second parameters of the signatures ofthe to-be-authenticated data and the signatures; the sum of the product of the x coordinate value of the first parameter, the abstract value of the to-be-signed part of the implicit certificate and the reconstruction factor of the public key of the data sender plus the result obtained by the product of the sum of the product of the inverse of the second parameter of the signature of each piece ofto-be-authenticated data and the x coordinate value of the first parameter of the signature and the public key of the certificate center. if yes, the data packets of the batch are all legal and pass the authentication, otherwise, the authentication is not passed. The batch authentication method provided by the invention can obviously improve the throughput rate of the system.

The invention discloses an improved elliptic curve digital signature algorithm. Before identity identification, a signature side and a signature verification side obtains a time random number t from a trusted third party. The improved elliptic curve digital signature algorithm comprises: step one, a k belonging to [1, n-1] is selected randomly; step two, operation of kP=(x1,y1) is carried out and then the x1 is converted into an integer; step three, calculation is carried out based on a formula: r=x1mod n, wherein if the r is equal zero, the step one is carried out again and a random time number t is obtained from the trusted third party; step four, a formula e=H(m) is calculated, wherein the H(x) express a hash function; step five, calculation is carried out based on a formula: s=k<-1>t(e+dr)mod n, and if the s is equal to zero, the step one is carried out again and a random time number t is obtained from the trusted third party; and step six, a signature pair (r,s) is outputted. In addition, the invention also discloses a signature verification method based on the improved elliptic curve digital signature algorithm. Therefore, a behavior of signature countering by an intermediary can be avoided.

The invention discloses an improved point-to-point elliptic-curve type digital signature algorithm. The algorithm comprises the following steps that: (1), a formula t=Hash(IDA||IDB||count)mod n is calculated, wherein the count is equal to 0X00000001; and if t is equal to 0, the count++ is realized and the t is calculated again; (2), k belonging to [1, n-1] is selected randomly; (3), a formula kP=(x1,y1) is operated and the x1 is transformed into an integer; (4), a formula r=x1 mod n is calculated; and if the r is equal to 0, the step (2) is carried out again; (5), an expression e=H(m) is calculated, wherein the H(x) is a hash function; (6), an expression s=k <1>t (e+dr) mod n is calculated; if the s is equal to 0, the step (2) is carried out again to obtain a random number; and (7), a signature pair (r,s) is outputted. In addition, the invention also discloses a signature verification method based on the improved point-to-point elliptic-curve type digital signature algorithm. A point-to-point signature verification behavior is realized.

The invention discloses a beidou second generation navigation telegraph text anti-spoofing FPGA hardware platform written in a Verilog language based on national secrets. At present, most of domesticcryptographs such as SM2, SM3, SM4, and the like are completed by C language software simulation based on OpenSSL library, and relevant development is still lacked in terms of the hardware. Accordingto the beidou second generation navigation telegraph text anti-spoofing hardware platform realized based on the Verilog language, domestic cryptographic algorithms SM2, SM3 and SM4 are realized on FPGA chips of Virtex4 and Virtex5 by using the Verilog language, a joint simulation experiment is conducted through ISE and ModelSim, and hardware signature authentication schemes of the beidou second generation navigation telegraph text are completed. According to the beidou second generation navigation telegraph text anti-spoofing hardware platform realized based on the Verilog language, great innovation is realized on the hardware design, BlockRAM is used, and the most central parts of dot product and modular product in an SM2 elliptic curve digital signature algorithm are finished by an embedded type microprocessor. According to the beidou second generation navigation telegraph text anti-spoofing hardware platform realized based on the Verilog language, high data confidentiality and safety level can be provided, and long-time protection is suitable. According to the beidou second generation navigation telegraph text anti-spoofing hardware platform realized based on the Verilog language, encryption authentication in a hardware layer can be conducted on keyframes of a navigation telegraph text, attack methods such as generative type deception and forwarded deception can be effectively prevented, and characteristics of a high detection rate and a low misjudgment rate are provided.