A data processing method, device, apparatus, and computer-readable storage medium
By segmenting the private key into fragments and managing them independently in elliptic curve cryptography, the problem of low private key security is solved, enabling a more secure joint signature process that ensures the legitimacy and integrity of the signature.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- TENCENT TECHNOLOGY (SHENZHEN) CO LTD
- Filing Date
- 2022-09-15
- Publication Date
- 2026-07-10
AI Technical Summary
In existing technologies, the security of private keys is not high, which reduces the security of joint signatures and makes them easy for attackers to obtain and illegally sign using private keys.
Elliptic curve cryptography is used to divide the private key into fragments, which are managed independently by two signing devices. The legality is verified by generating local signature components and a global public key, ensuring the independence and security of the private key fragments.
It improves the security of private keys, reduces the risk of private key leakage, enhances the security of joint signatures, and ensures the legitimacy and integrity of signatures.
Smart Images

Figure CN117749379B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of Internet technology, and in particular to a data processing method, apparatus, device, and computer-readable storage medium. Background Technology
[0002] With the development of the internet, many transactions are conducted online, and the completion of these electronic transactions usually involves several participants. To improve security and fairness among participants, there is a growing need for all participants to jointly sign relevant messages.
[0003] In existing technology, if the participants in an electronic transaction include Participant 1 and Participant 2, and both parties wish to jointly sign a message, Participant 1 signs the message using its private key 1 to obtain a first participation signature, and forwards the message carrying the first participation signature to Participant 2. Participant 2 first verifies the first participation signature using Participant 1's public key 1. If the verification passes, Participant 2 signs the message using its private key 2 to obtain a second participation signature, and then forwards the message carrying both the first and second participation signatures to the verifier. The verifier verifies the first participation signature using Participant 1's public key 1 to obtain a first verification result; it also verifies the second participation signature using Participant 2's public key 2 to obtain a second verification result. When both the first and second verification results are successful, the verifier confirms that the message was sent by Participant 1 and Participant 2, and also confirms the message's legitimacy. However, since private key 1 is only related to participant 1 (including its generation and storage), and private key 2 is only related to participant 2, it is relatively easy to obtain their corresponding private keys using the participants' information. For example, by obtaining private key 2 and using it to illegally sign a modified message, and then transmitting it to the verifier, the verifier can still verify the illegal signature using public key 2. Clearly, the security of private keys in the existing technology is not high, and this low security further reduces the security of the joint signature process. Summary of the Invention
[0004] This application provides a data processing method, apparatus, device, and computer-readable storage medium, which can not only improve the security of private keys, but also improve the security of joint signature participants.
[0005] One embodiment of this application provides a data processing method, which is executed by a first signing device having a first private key fragment, and the method includes:
[0006] The message digest and elliptic curve point Q corresponding to the business message are both sent to the second signature device, so that when the second signature device generates the first signature component of the business message based on the elliptic curve point Q, the message digest and the second private key fragment, it generates a local signature component based on the second private key fragment and the first signature component.
[0007] Obtain the first signature component and the partial signature component sent by the second signature device, and generate the second signature component based on the first private key fragment, the first signature component, and the partial signature component;
[0008] The first signature component, the second signature component, and the business message are sent to the verification device as data to be verified, so that the verification device can verify the legitimacy of the obtained data to be verified based on the global public key associated with the first private key fragment and the second private key fragment.
[0009] One embodiment of this application provides a data processing method, which is executed by a second signing device having a second private key fragment, the method comprising:
[0010] Obtain the message digest and elliptic curve point Q corresponding to the business message sent by the first signature device;
[0011] Based on the elliptic curve point Q, the message digest, and the second private key fragment, a first signature component of the business message is generated, and a local signature component is generated based on the second private key fragment and the first signature component.
[0012] Both the first signature component and the partial signature component are sent to the first signature device, so that when the first signature device generates the second signature component based on the first private key fragment, the first signature component, and the partial signature component, it sends the first signature component, the second signature component, and the business message as data to be verified to the verification device; the verification device is used to verify the legality of the obtained data to be verified based on the global public key associated with the first private key fragment and the second private key fragment.
[0013] One embodiment of this application provides a data processing apparatus, which operates on a first signature device having a first private key fragment, the apparatus comprising:
[0014] The first sending module is used to send the message digest and elliptic curve point Q corresponding to the business message to the second signing device, so that when the second signing device generates the first signature component of the business message based on the elliptic curve point Q, the message digest and the second private key fragment, it generates a local signature component based on the second private key fragment and the first signature component.
[0015] The first generation module is used to obtain the first signature component and the partial signature component sent by the second signature device, and generate the second signature component based on the first private key fragment, the first signature component and the partial signature component.
[0016] The second sending module is used to send the first signature component, the second signature component, and the business message as data to be verified to the verification device, so that the verification device can verify the legality of the obtained data to be verified based on the global public key associated with the first private key fragment and the second private key fragment.
[0017] The data processing device also includes:
[0018] The second generation module is used to obtain the base point of the elliptic curve, generate a set of candidate private key fragments based on the order of the base point, and obtain candidate private key fragments from the set of candidate private key fragments.
[0019] The first determining module is used to determine the candidate private key fragment as the first private key fragment if the candidate private key fragment meets the private key determining conditions.
[0020] The first determining module is further configured to generate a local public key based on the first private key fragment and the base point, and send the local public key to the second signing device so that the second signing device can generate a global public key based on the local public key and the second private key fragment.
[0021] The data processing device also includes:
[0022] The third generation module is used to generate a hash value to be compressed based on the first object identifier, the second object identifier, the elliptic curve system parameters, and the global public key; the elliptic curve system parameters include the base points of the elliptic curve.
[0023] The third generation module is also used to compress the hash value to be compressed and the business message to obtain a message digest;
[0024] The fourth generation module is used to generate a set of random numbers based on the order of the base point, obtain a random number k1 from the set of random numbers, and generate an elliptic curve point Q based on the random number k1 and the base point.
[0025] The fourth generation module includes:
[0026] The first acquisition unit is configured to, if it acquires the first error message sent by the second signature device for the historical elliptic curve point Q, acquire a random number k1 from the random number set that is different from the historical random number k1; the historical random number k1 belongs to the random number set; the historical elliptic curve point Q is generated based on the historical random number k1 and the base point;
[0027] The product operation unit is used to perform a product operation on the random number k1 and the base point to obtain the elliptic curve point Q.
[0028] The first generation module includes:
[0029] The first verification unit is used to verify the first signature component and the local signature component respectively, and obtain the first verification result;
[0030] The second acquisition unit is used to acquire, if the first verification result is a verification pass result, the first difference between the first private key fragment and the first value, and the first total value between the random number k1 and the local signature component; the random number k1 is used to generate the elliptic curve point Q.
[0031] The candidate generation unit is used to generate candidate signature components based on the first difference, the first total value, the first signature component, and the order of the base point of the elliptic curve.
[0032] The second verification unit is used to verify the candidate signature component and obtain the second verification result. If the second verification result is a pass result, the candidate signature component is determined as the second signature component.
[0033] The first inspection unit includes:
[0034] The first verification subunit is used to verify the first correlation between the first signature component and the random number set; the random number set is generated based on the order of the base point.
[0035] The first determining subunit is configured to determine the first verification result as a verification failure result if the first association relationship indicates that the random number set does not include the first signature component, and return a second error message for the first signature component to the second signature device.
[0036] The second verification subunit is used to verify the second correlation between the local signature component and the random number set if the first correlation indicates that the random number set includes the first signature component.
[0037] The second determining subunit is used to determine the first verification result as a verification failure result if the second association relationship indicates that the random number set does not include the local signature component, and return a third error message for the local signature component to the second signature device.
[0038] The second determining subunit is further configured to determine the first test result as a test pass result if the second association relationship indicates that the random number set includes a local signature component.
[0039] The candidate generation unit includes:
[0040] The first operation subunit is used to multiply the reciprocal of the difference and the first total value to obtain the second value, and to obtain the second difference between the second value and the first signature component.
[0041] The second operation subunit is used to perform a modulo operation on the second difference and the order of the base point of the elliptic curve, and the resulting first remainder is used as a candidate signature component.
[0042] The second inspection unit includes:
[0043] The third verification subunit is used to verify the third correlation between the candidate signature components and the random number set; the random number set is generated based on the order of the base point.
[0044] The third determining subunit is used to determine the second test result as a test failure result if the third association relationship indicates that the random number set does not include the candidate signature component, and return the fourth error message to the second signature device.
[0045] The third determining subunit is also used to determine the second test result as a test pass result if the third association relationship indicates that the random number set includes candidate signature components.
[0046] One embodiment of this application provides a data processing apparatus that operates on a second signature device having a second private key fragment. The apparatus includes:
[0047] The first acquisition module is used to acquire the message digest and elliptic curve point Q corresponding to the business message sent by the first signature device;
[0048] The component generation module is used to generate a first signature component of the business message based on the elliptic curve point Q, the message digest, and the second private key fragment, and to generate a local signature component based on the second private key fragment and the first signature component.
[0049] The component sending module is used to send both the first signature component and the partial signature component to the first signing device, so that when the first signing device generates the second signature component based on the first private key fragment, the first signature component, and the partial signature component, it sends the first signature component, the second signature component, and the business message as data to be verified to the verification device; the verification device is used to verify the legitimacy of the obtained data to be verified based on the global public key associated with the first private key fragment and the second private key fragment.
[0050] The data processing device also includes:
[0051] The second acquisition module is used to acquire the third difference between the second private key fragment and the first value, and to perform a product operation on the third difference and the local public key to obtain the third value; the local public key is generated by the first signing device based on the first private key fragment;
[0052] The product operation module is used to perform a product operation on the second private key fragment and the base point of the elliptic curve to obtain the fourth value;
[0053] The public key determination module is used to determine the difference between the third and fourth values as the global public key.
[0054] The component generation module includes:
[0055] The first acquisition unit is used to acquire a random number k2 if the test point Q of the elliptic curve belongs to the elliptic curve, and to perform a product operation on the random number k2 and the base point of the elliptic curve to obtain the fifth value.
[0056] The second acquisition unit is used to acquire the third difference between the second private key fragment and the first value, and to acquire the fourth difference between the elliptic curve point Q and the fifth value.
[0057] The first determining unit is used to perform a product operation on the fifth value and the fourth difference to obtain a candidate elliptic curve point. If the candidate elliptic curve point meets the value conditions, then the candidate elliptic curve point is determined as the elliptic curve point T. The elliptic curve point T includes the target coordinate value.
[0058] The third acquisition unit is used to acquire the second total value between the target indicator value and the message digest, perform a modulo operation on the second total value and the order of the base point, and use the obtained second remainder as the first signature component of the business message.
[0059] The third acquisition unit includes:
[0060] The first acquisition subunit is used to acquire the fifth difference between random number k1 and random number k2; random number k1 is used to generate elliptic curve point Q.
[0061] The second acquisition subunit is used to multiply the third difference and the fifth difference to obtain the sixth value, and to obtain the third total value between the second remainder and the sixth value.
[0062] The component determination subunit is used to determine the second remainder as the first signature component of the business message if the third total value is not equal to the order of the base point and the second remainder is not equal to the seventh value.
[0063] The component generation module includes:
[0064] The fourth acquisition unit is used to acquire the third difference between the second private key fragment and the first value, and to multiply the reciprocal of the third difference with the first signature component to obtain the eighth value.
[0065] The fifth acquisition unit is used to acquire the sixth difference between the eighth value and the random number k2; the random number k2 is associated with the first signature component;
[0066] The second determining unit is used to perform a remainder operation on the sixth difference and the order of the base point of the elliptic curve. If the obtained third remainder is not equal to the seventh value, then the third remainder is determined as the local signature component.
[0067] This application provides a computer device, including: a processor, a memory, and a network interface;
[0068] The processor is connected to the memory and the network interface, wherein the network interface is used to provide data communication functions, the memory is used to store computer programs, and the processor is used to call the computer programs so that the computer device executes the methods in the embodiments of this application.
[0069] One aspect of this application provides a computer-readable storage medium storing a computer program adapted for loading by a processor and executing the methods described in this application.
[0070] One aspect of this application provides a computer program product, which includes a computer program stored in a computer-readable storage medium; a processor of a computer device reads the computer program from the computer-readable storage medium and executes the computer program, causing the computer device to perform the method described in this application.
[0071] In this embodiment, the first signing device with the first private key fragment can send both the message digest and the elliptic curve point Q corresponding to the business message to the second signing device. Therefore, when the second signing device generates the first signature component of the business message based on the elliptic curve point Q, the message digest, and the second private key fragment, it can generate a partial signature component based on the second private key fragment and the first signature component. Further, the first signing device obtains the first signature component and the partial signature component sent by the second signing device, and can generate a second signature component based on the first private key fragment, the first signature component, and the partial signature component. Further, the first signing device sends the first signature component, the second signature component, and the business message as data to be verified to the verification device, so that the verification device can perform legality verification on the obtained data to be verified based on the global public key associated with the first private key fragment and the second private key fragment. As described above, the first private key fragment and the second private key fragment in this application embodiment are independent private key fragments owned by two different signing devices, and they both correspond to a global public key. Therefore, the first signing device cannot determine the global private key (which includes the first private key fragment and the second private key fragment) corresponding to the global public key through the first private key fragment. Similarly, the second signing device cannot determine the global private key corresponding to the global public key through the second private key fragment. Therefore, by adopting this application, the risk of private key leakage caused by only one party holding the private key can be reduced, thus improving the security of the private key. In addition, this application embodiment performs the signing operation on the business message through the joint cooperation of the first signing device with the first private key fragment and the second signing device with the second private key fragment. Therefore, the requirement for both parties to participate in the signing can be met, and the security of joint signing can be improved through the first private key fragment and the second private key fragment. Attached Figure Description
[0072] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0073] Figure 1 This is a schematic diagram of a system architecture provided in an embodiment of this application;
[0074] Figure 2 This is a schematic diagram of a data processing scenario provided in an embodiment of this application. Figure 1 ;
[0075] Figure 3 This is a flowchart illustrating a data processing method provided in an embodiment of this application. Figure 1 ;
[0076] Figure 4 This is a schematic diagram of a data processing scenario provided in an embodiment of this application. Figure 2 ;
[0077] Figure 5 This is a flowchart illustrating a data processing method provided in an embodiment of this application. Figure 2 ;
[0078] Figure 6 This is a schematic diagram of the structure of a data processing device provided in an embodiment of this application. Figure 1 ;
[0079] Figure 7 This is a schematic diagram of the structure of a data processing device provided in an embodiment of this application. Figure 2 ;
[0080] Figure 8 This is a schematic diagram of the structure of a computer device provided in an embodiment of this application. Detailed Implementation
[0081] The technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, and not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those of ordinary skill in the art without creative effort are within the scope of protection of this application.
[0082] To facilitate understanding, the following brief explanations are provided for some of the terms:
[0083] 1. Elliptic Curve Cryptography (ECC) is a public-key encryption technique based on elliptic curve theory. It utilizes the difficulty of solving discrete logarithms of the Abelian group formed by points of an elliptic curve over a finite field to achieve encryption, decryption, and digital signatures. By corresponding the addition operation in elliptic curves with the modular multiplication operation in discrete logarithms, a corresponding cryptosystem based on elliptic curves can be established.
[0084] 2. Digital signature is a typical application of public-key cryptography algorithms. The application scenario is as follows: the sender uses their private key to process the message to obtain a signature value (first signature component r, second signature component s), and the receiver uses the sender's public key to verify the message and the signature value. This is referred to as "private key signing, public key verification." The main cryptographic algorithms that may be used in this process include: asymmetric cryptography algorithms (also known as public-key cryptography algorithms) and hash algorithms (also known as message digest algorithms, hash algorithms, etc.).
[0085] 3. Hash algorithms, also known as hash algorithms, are used in the field of information security to calculate message digests and verify message integrity.
[0086] 4. Public key and private key: A public key and a private key are a key pair (one public key and one private key) obtained through an algorithm. The public key is the publicly known part of the key pair, while the private key is the private key. Public keys are typically used for encrypting data, verifying digital signatures, etc. This algorithm ensures that the resulting key pair is unique. When using this key pair, if data is encrypted or signed using one key, the other key must be used to decrypt or verify the signature. For example, if data is encrypted with the public key, it must be decrypted with the private key; if data is signed with the private key, it must be verified with the public key. Otherwise, verification will fail.
[0087] Please see Figure 1 , Figure 1 This is a schematic diagram of a system architecture provided in an embodiment of this application. For example... Figure 1 As shown, the system may include a business server 100 and a terminal device cluster. The terminal device cluster may include one or more terminal devices; this application does not limit the number of terminal devices. Figure 1 As shown, the terminal device cluster may include terminal device 200a, terminal device 200b, terminal device 200c, ..., terminal device 200n.
[0088] The terminal devices in the cluster can have communication connections with each other. For example, there can be a communication connection between terminal devices 200a and 200b, and between terminal devices 200a and 200c. Simultaneously, any terminal device in the cluster can have a communication connection with the service server 100, for example, terminal device 200a can have a communication connection with the service server 100. The communication connection method is not limited; it can be established directly or indirectly via wired communication, wireless communication, or other methods. This application does not impose any restrictions on this method.
[0089] It should be understood that, such as Figure 1 Each terminal device in the terminal device cluster shown can have an application client installed. When the application client runs on each terminal device, it can interact with the aforementioned... Figure 1The business server 100 shown interacts with the data, i.e., the communication connection described above. The application client can be a video application, social application, instant messaging application, office software application, navigation application, shopping application, financial management application, business application, browser, or other application client with digital signature functionality. This application client can be a standalone client or an embedded sub-client integrated into another client (e.g., a social client, an educational client, or a multimedia client), and there is no limitation on this.
[0090] Taking business applications as an example, the business server 100 can be a collection of multiple servers, including the backend server and data processing server corresponding to the business application. Therefore, each terminal device can transmit data with the business server 100 through the application client corresponding to the business application. For example, each terminal device can upload the message digest of the business message it generates locally to the business server 100 through the application client of the business application. Then, the business server 100 can forward the message digest of the business message to other terminal devices or upload it to the cloud server.
[0091] It is understood that in the specific implementation of this application, data related to user information (such as message summaries of business messages and elliptic curve points Q) are involved. When the embodiments in this application are applied to specific products or technologies, user permission or consent is required, and the collection, use and processing of related data must comply with the relevant laws, regulations and standards of the relevant countries and regions.
[0092] For ease of subsequent understanding and explanation, the embodiments of this application may be... Figure 1 In the terminal device cluster shown, a terminal device is selected as the first signing device, for example, terminal device 200a is selected as the first signing device; a terminal device is selected as the second signing device, for example, terminal device 200b is selected as the second signing device; wherein, the verification device can be one of the terminal devices in the terminal device cluster (different from the first signing device and the second signing device), or it can be the aforementioned business server 100.
[0093] When the first signing device and the second signing device need to jointly sign a business message, the first signing device, possessing a first private key fragment, firstly obtains the message digest and elliptic curve point Q corresponding to the business message. The first private key fragment is a sub-private key independently generated by the first signing device; it is not a complete private key. The first private key fragment and the second private key fragment are combined to form a complete private key (for distinction, this combined private key is called the global private key). The global private key and the global public key mentioned below form a key pair. Further, the first signing device sends both the message digest and the elliptic curve point Q corresponding to the business message to the second signing device, possessing a second private key fragment. Similarly, the second private key fragment is a sub-private key independently generated by the second signing device; it is not a complete private key. The second signing device generates a first signature component of the business message based on the elliptic curve point Q, the message digest, and the second private key fragment, which is equivalent to the signature value r. Then, based on the second private key fragment and the first signature component, it generates a local signature component, i.e., a local signature value s. The second signing device sends both the first signature component and the local signature component to the first signing device.
[0094] Furthermore, the first signing device obtains the first signature component and the partial signature component sent by the second signing device. Based on the first private key fragment, the first signature component, and the partial signature component, the first signing device generates the second signature component. Clearly, in this embodiment, the message digest of the business message is generated by the first signing device, then the second signing device generates the first signature component based on the message digest, and finally the first signing device generates the second signature component based on the first signature component. This achieves true joint signing by both communicating parties, rather than each party independently generating its own signature, and ensures that the business message carries two independent signature values.
[0095] Furthermore, the first signing device sends the first signature component, the second signature component, and the business message as data to be verified to the verification device. The verification device can verify the legitimacy of the obtained data to be verified based on the global public key associated with the first and second private key fragments. For details on the generation of the first and second signature components, the second signature component, the first and second private key fragments, and the global public key, please refer to the following text. Figures 2-5 Description of the respective embodiments.
[0096] It should be noted that the aforementioned business server 100, terminal device 200a, terminal device 200b, terminal device 200c..., and terminal device 200n can all be blockchain nodes in the blockchain network. The data described in the entire text (such as business messages, the first signature component, and the second signature component) can be stored. The storage method can be that the blockchain node generates blocks based on the data and adds the blocks to the blockchain for storage.
[0097] Blockchain is a novel application model of computer technologies such as distributed data storage, peer-to-peer transmission, consensus mechanisms, and encryption algorithms. It is primarily used to organize data chronologically and encrypt it into a ledger, making it tamper-proof and forgery-proof. It also allows for data verification, storage, and updating. Essentially, a blockchain is a decentralized database where each node stores an identical blockchain record. The blockchain network can be categorized into core nodes, data nodes, and light nodes. These three types of nodes together constitute the blockchain network. Core nodes are responsible for the consensus of the entire blockchain network; in other words, they are the consensus nodes. The process of writing transaction data into the ledger in a blockchain network can be as follows: data nodes or light nodes in the blockchain network obtain transaction data and pass it through the network (i.e., nodes pass it like a relay) until the consensus node receives the transaction data. The consensus node then packages the transaction data into a block, performs consensus on the block, and writes the transaction data into the ledger after consensus is achieved. Here, we take a business message, a first signature component, and a second signature component as an example of transaction data. After reaching a consensus on the transaction data, the business server 100 (blockchain node) generates a block based on the transaction data and stores the block in the blockchain network. As for reading the transaction data (i.e., the business message, the first signature component, and the second signature component), the blockchain node can obtain the block containing the transaction data in the blockchain network, and further retrieve the transaction data from the block.
[0098] It is understood that the methods provided in this application embodiment can be executed by computer devices, including but not limited to terminal devices or business servers. The business server can be an independent physical server, a server cluster or distributed system composed of multiple physical servers, or a cloud server providing basic cloud computing services such as cloud databases, cloud services, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDN, and big data and artificial intelligence platforms. Terminal devices include but are not limited to mobile phones, computers, intelligent voice interaction devices, smart home appliances, vehicle terminals, and aircraft. The terminal devices and business servers can be directly or indirectly connected via wired or wireless means, and this application embodiment does not impose any limitations on this connection.
[0099] Further, please see Figure 2 , Figure 2 This is a schematic diagram of a data processing scenario provided in an embodiment of this application. Figure 1 This application's embodiments can be applied to various scenarios, including but not limited to cloud technology, artificial intelligence, smart transportation, and assisted driving. This application's embodiments are applicable to e-commerce, IoT, and cloud computing systems that require protection of signature private keys; they are also applicable to scenarios where two parties collaboratively generate signatures. Specific business scenarios will not be listed here. The implementation process of this data processing scenario can be performed on a business server, on a terminal device, or through interaction between the terminal device and the business server; no limitations are imposed here. For ease of description and understanding, this application's embodiments will be described using an example of implementation on a terminal device, where the terminal device can be one of the aforementioned... Figure 1 Any terminal device in the terminal device cluster of the corresponding embodiment.
[0100] In this embodiment of the application, the two terminal devices used for collaborative signing are referred to as the first signing device and the second signing device, respectively. Figure 2 As shown, the first signing device 201a has a first private key fragment 20a, and the second signing device 201b has a second private key fragment 20b. The first signing device 201a independently generates the first private key fragment 20a, and the second signing device 201b independently generates the second private key fragment 20b. Therefore, under normal circumstances, the first signing device 201a cannot obtain the second private key fragment 20b, and the second signing device 201b cannot obtain the first private key fragment 20a. Similarly, other terminals or servers also cannot obtain the first private key fragment 20a and the second private key fragment 20b. In this embodiment, the first private key fragment 20a and the second private key fragment 20b together correspond to a global public key 20e. This embodiment does not describe the generation process of the first private key fragment 20a, the generation process of the second private key fragment 20b, or the process of obtaining the global public key 20e based on the first private key fragment 20a and the second private key fragment 20b. Please refer to the following text. Figure 3 The description in the corresponding embodiments, and Figure 5 The description in the corresponding embodiments.
[0101] Please see again. Figure 2The first signing device 201a sends the message digest 202a and the elliptic curve point Q corresponding to the business message 20d to the second signing device 201b. This application embodiment does not limit the business scenario, including but not limited to the issuance and cancellation of electronic invoices, the generation, transfer, and on-chaining of digital assets, etc. Therefore, it does not limit the business message; it can be set according to the actual application scenario, as long as there is a need for signing. The process of the first signing device 201a generating the message digest 202a and the elliptic curve point Q will not be described in detail in this application embodiment; please refer to the following text. Figure 3 The description in the corresponding embodiments.
[0102] Please see again. Figure 2 Upon receiving the message digest 202a and elliptic curve point Q sent by the first signing device 201a, the second signing device 201b can perform signature processing on the message digest 202a using the elliptic curve point Q and the second private key fragment 20b, obtaining a first signature component 201c. This first signature component 201c is equivalent to the signature value component r in the signature value (r, s). Further, the second signing device 201b can perform signature processing on the first signature component 201c using the second private key fragment 20b, obtaining a partial signature component 202c. Figure 2 As shown, the second signing device 201b returns both the first signature component 201c and the partial signature component 202c to the first signing device 201a. It should be noted that the partial signature component 202c in this embodiment is not equivalent to the signature value component s in the signature value (r, s). The specific generation process of the first signature component 201c and the partial signature component 202c is not described here; please refer to the following text. Figure 5 The description in the corresponding embodiments.
[0103] Please see again. Figure 2 The first signing device 201a obtains the first signature component 201c and the partial signature component 202c sent by the second signing device 201b. Based on the first private key fragment 20a and the first signature component 201c, the first signing device 201a can perform signature processing on the partial signature component 202c to generate the second signature component 203c. This second signature component 203c is equivalent to the signature value component s in the signature value (r, s), i.e., the signature value (r, s) corresponding to the business message, including the first signature component 201c (i.e., signature value component r) generated by the second signing device 201b and the second signature component 203c (i.e., signature value component s) generated by the first signing device 201a. The specific generation process of the second signature component 203c is not described in detail here; please refer to the following text. Figure 3 The description in the corresponding embodiments.
[0104] Please see again. Figure 2 The first signing device 201a sends a business message 20d carrying a signature value (r, s) as data to be verified to the verification device 201e; it can be understood that the signature value (r, s) includes a first signature component 201c and a second signature component 203c. Based on the global public key 20e associated with the first private key fragment 20a and the second private key fragment 20b, the verification device 201e can verify the legitimacy of the obtained data to be verified. The specific process of legitimacy verification can be as follows: Verification device 201e verifies the signature value (r, s) using the global public key 20e. If the verification fails, it can be determined that the data to be verified is illegal data, and in this case, no business processing is performed on the business message in the data to be verified. If the verification is successful, it can be determined that the signature value (r, s) is obtained by signing the first private key fragment 20a and the second private key fragment 20b (verification device 201e does not know the contents of the global private key, nor does it know the contents of the first private key fragment 20a and the second private key fragment 20b). Further, verification device 201e obtains the first digital digest obtained from the successful verification and obtains the second digital digest corresponding to the business message 20d (in normal scenarios, this is the same as the message digest 202a). (If the first and second digital digests are the same), the verification device 201e compares the first digital digest and the second digital digest. If the first digital digest and the second digital digest are the same, the signature value (r, s) is successfully verified using the global public key, thus determining that the data to be verified is legitimate data. If the first digital digest and the second digital digest are different, the signature value (r, s) is not verified using the global public key, thus determining that the data to be verified is illegitimate data.
[0105] As described above, this application example generates a signature value (r, s) for a business message—that is, a first signature component and a second signature component—through the collaborative processing of a first signing device and a second signing device, thus truly fulfilling the requirement for two parties to jointly participate in the signing. It is understandable that if only the first signing device uses the first private key fragment to participate in signing the business message, and the first signing device sends its generated signature value to the verification device, then when the verification device uses the global public key to verify the signature value generated by the first signing device, the verification will fail because the global public key is associated not only with the first private key fragment but also with the second private key fragment. Therefore, by adopting the embodiment of this application, not only can the risk of leakage caused by only one party keeping the private key be mitigated, i.e., improving the security of the private key, but the security of joint signing can also be improved.
[0106] Further, please see Figure 3 , Figure 3 This is a flowchart illustrating a data processing method provided in an embodiment of this application. Figure 1 This data processing method can be executed by a first signing device having a first private key fragment, wherein the first signing device can be one of the aforementioned... Figure 1 Any terminal device in the aforementioned terminal device cluster, such as terminal device 200a, can also be as described above. Figure 1 The business server 100 described in the document. For example... Figure 3 As shown, the data processing method may include at least the following steps S101-S103.
[0107] Step S101: Send the message digest and elliptic curve point Q corresponding to the business message to the second signature device, so that when the second signature device generates the first signature component of the business message based on the elliptic curve point Q, the message digest and the second private key fragment, it generates a local signature component based on the second private key fragment and the first signature component.
[0108] Specifically, the base point of the elliptic curve is obtained, and a set of candidate private key fragments is generated based on the order of the base point. Candidate private key fragments are then obtained from the set of candidate private key fragments. If a candidate private key fragment meets the private key determination condition, it is determined as the first private key fragment. Based on the first private key fragment and the base point, a local public key is generated, and the local public key is sent to the second signing device so that the second signing device can generate a global public key based on the local public key and the second private key fragment.
[0109] Specifically, a hash value to be compressed is generated based on the first object identifier, the second object identifier, the elliptic curve system parameters, and the global public key; the elliptic curve system parameters include the base point of the elliptic curve; the hash value to be compressed and the business message are compressed to obtain a message digest; a set of random numbers is generated based on the order of the base point, a random number k1 is obtained from the set of random numbers, and an elliptic curve point Q is generated based on the random number k1 and the base point.
[0110] The specific process of obtaining a random number k1 from the random number set and generating an elliptic curve point Q based on the random number k1 and the base point may include: if a first error message for a historical elliptic curve point Q is received from the second signature device, then a random number k1 different from the historical random number k1 is obtained from the random number set; the historical random number k1 belongs to the random number set; the historical elliptic curve point Q is generated based on the historical random number k1 and the base point; and the random number k1 and the base point are multiplied to obtain the elliptic curve point Q.
[0111] Please see also Figure 4 , Figure 4 This is a schematic diagram of a data processing scenario provided in an embodiment of this application. Figure 2 .like Figure 4As shown, the first signature device 40a determines the elliptic curve, or determines the elliptic curve equation. This embodiment does not limit the elliptic curve equation; it can be set according to the actual application scenario. Therefore, this embodiment does not limit the values of the elliptic curve system parameters, which are determined by the elliptic curve equation. The elliptic curve system parameters may include two elements of the elliptic curve equation, namely element a and element b, and may also include the base point G. Further, the first signature device 40a can determine the order n of the base point G. Based on the order n, the first signature device 40a can determine the value range of the first private key fragment. This embodiment defines the value range of the first private key fragment as a set of candidate private key fragments, such as... Figure 4 The set of candidate private key fragments in the dataset is 40b, which can be represented as [2, n-1], where n is the order.
[0112] The first signing device 40a can obtain candidate private key fragments from the candidate private key fragment set 40b, or the first signing device 40a can generate candidate private key fragments (belonging to the candidate private key fragment set 40b) using a random number generator. Further, the first signing device 40a determines whether the candidate private key fragments meet the private key determination conditions, and the determination process can be described by the following formula (1).
[0113] (d1-1)^(-1)mod n (1)
[0114] In formula (1), d1 represents the candidate private key fragment, and mod represents the modulo operation. The first signing device 40a can generate a value through formula (1). If the value is equal to 1, it is determined that the candidate private key fragment does not meet the private key determination condition. At this time, the first signing device 40a obtains an updated candidate private key fragment different from the candidate private key fragment from the candidate private key fragment set 40b, and then judges whether the updated candidate private key fragment meets the private key determination condition. It can be understood that the process of the first signing device 40a judging whether the updated candidate private key fragment meets the private key determination condition is the same as the process of judging whether the candidate private key fragment meets the private key determination condition, so it will not be elaborated here. Please refer to the description of the candidate private key fragment. If the value generated by formula (1) is not equal to 1, the first signing device 40a determines that the candidate private key fragment meets the private key determination condition, so the candidate private key fragment is determined as the first private key fragment. As can be seen from the above description, the first signing device 40a independently generates its own private key fragment (also called a sub-private key).
[0115] Please see again. Figure 4 Based on the first private key fragment and the base point G, the first signing device 40a generates a local public key in the following formula (2).
[0116] P1=d1*G (2)
[0117] In formula (2), P1 represents the local public key.
[0118] Furthermore, the first signing device 40a sends its local public key to the second signing device 40c. It is understood that the second signing device 40c has obtained the same elliptic curve, or elliptic curve equation, as the first signing device 40a; that is, the elliptic curve system parameters obtained by the second signing device 40c are the same as those obtained by the first signing device 40a. In addition, it is understood that the second signing device 40c also independently generates its own private key fragment, i.e., the second private key fragment, and the process by which the second signing device 40c generates the second private key fragment is the same as the process by which the first signing device 40a generates the first private key fragment. Therefore, the process by which the second signing device 40c generates the second private key fragment will not be described in detail here.
[0119] Furthermore, the second signature device 40c can generate a global public key using the following formula (3).
[0120] P=(d2-1)*P1-d2*G (3)
[0121] In formula (3), d2 represents the second private key fragment and P represents the global public key.
[0122] As can be seen from the above, in this embodiment of the application, the first signing device and the second signing device that participate in the signing of the business message independently generate their own sub-private keys (i.e., private key fragments), and then generate a global public key through collaborative operation. Therefore, neither party can calculate the global private key from the parameters generated and obtained by itself, thus improving the security of the global private key used for signing.
[0123] The first signature device has a first object identifier, which identifies a first object associated with the first signature device, including but not limited to a user, organization, or company. Similarly, the second signature device has a second object identifier, which identifies a second object associated with the second signature device. Further, the first signature device uses a common identity identifier shared by the first and second objects (i.e., the first object identifier and the second object identifier). Figure 4 The elliptic curve system parameters and global public key described in the document are used to generate a hash value to be compressed. This process can be represented by the following formula (4).
[0124] ZA=SM3(ENTLA∥ID∥a∥b∥x G ∥y G ∥x p ∥y p (4)
[0125] In formula (4), ID represents the common identity identifier of the first object and the second object, x GRepresents the coordinates of the base point G on the x-axis, y-axis G The x-coordinate represents the coordinates of the base point G on the y-axis. P The x-coordinate represents the global public key, and the y-coordinate represents the coordinate of the public key on the x-axis. P The coordinates of the global public key on the y-axis are represented by ENTLA, which represents the bytes converted from the common identity identifier (i.e., ID) of the first and second objects. The symbol "∥" indicates concatenation. SM3 is a cryptographic hash function standard. ZA represents the hash value to be compressed.
[0126] Furthermore, the first signature device compresses the hash value to be compressed and the business message to obtain a message digest. This process can be represented by the following formula (5).
[0127] e=SM3(ZA∥M) (5)
[0128] Where e represents the message digest and M represents the business message.
[0129] The first signature device has obtained the elliptic curve system parameters. Therefore, based on the order n of the base point G, a set of random numbers can be generated. Then, a random number k1 is obtained from the set of random numbers. Based on the random number k1 and the base point G, an elliptic curve point Q can be generated. The above process can be represented by the following formulas (6) and (7).
[0130] k1∈[1, n-1] (6)
[0131] Q=(x Q y Q )=[k1]*G (7)
[0132] In formula (6), [1, n-1] represents the set of random numbers, and in formula (7), x... Q The coordinates of point Q on the elliptic curve are shown in the x-coordinate and y-coordinate. Q This represents the coordinates of point Q on the elliptic curve along the y-axis. Another feasible implementation is that the first signature device uses a random number generator to generate a random number k1, which belongs to the random number set [1, n-1].
[0133] Furthermore, the first signing device sends both the message digest e and the elliptic curve point Q to the second signing device. The specific process by which the second signing device generates the first signature component of the business message based on the elliptic curve point Q, the message digest, and the second private key fragment, and the specific process by which it generates the partial signature component based on the second private key fragment and the first signature component, will not be described in detail in this embodiment; please refer to the following text. Figure 5 The description in the corresponding embodiments.
[0134] Step S102: Obtain the first signature component and the partial signature component sent by the second signature device, and generate the second signature component based on the first private key fragment, the first signature component and the partial signature component.
[0135] Specifically, the first signature component and the local signature component are tested separately to obtain the first test result; if the first test result is a pass result, the first difference between the first private key fragment and the first value is obtained, and the first total value between the random number k1 and the local signature component is obtained; the random number k1 is used to generate the elliptic curve point Q; based on the first difference, the first total value, the first signature component, and the order of the base point of the elliptic curve, a candidate signature component is generated; the candidate signature component is tested to obtain the second test result, and if the second test result is a pass result, the candidate signature component is determined as the second signature component.
[0136] The specific process of verifying the first signature component and the local signature component to obtain the first verification result may include: verifying the first correlation between the first signature component and the random number set; the random number set is generated based on the order of the base point; if the first correlation indicates that the random number set does not include the first signature component, then the first verification result is determined to be a verification failure result, and a second error message for the first signature component is returned to the second signature device; if the first correlation indicates that the random number set includes the first signature component, then verifying the second correlation between the local signature component and the random number set; if the second correlation indicates that the random number set does not include the local signature component, then the first verification result is determined to be a verification failure result, and a third error message for the local signature component is returned to the second signature device; if the second correlation indicates that the random number set includes the local signature component, then the first verification result is determined to be a verification success result.
[0137] The specific process of generating a candidate signature component based on the first difference, the first total value, the first signature component, and the order of the base point of the elliptic curve may include: multiplying the reciprocal of the difference and the first total value to obtain a second value; obtaining the second difference between the second value and the first signature component; and performing a modulo operation on the second difference and the order of the base point of the elliptic curve, and using the obtained first remainder as the candidate signature component.
[0138] The specific process of verifying the candidate signature component to obtain the second verification result may include: verifying the third correlation between the candidate signature component and the random number set; the random number set is generated based on the order of the base point; if the third correlation indicates that the random number set does not include the candidate signature component, then the second verification result is determined to be a verification failure result, and a fourth error message is returned to the second signature device; if the third correlation indicates that the random number set includes the candidate signature component, then the second verification result is determined to be a verification success result.
[0139] The specific process by which the first signature device examines the first signature component and the local signature component to obtain the first verification result can be represented by the following formulas (8) and (9).
[0140] r∈[1, n-1] (8)
[0141] s1∈[1, n-1] (9)
[0142] In formula (8), r represents the first signature component, and in formula (9), s1 represents the local signature component. That is, the first signature device checks whether the first signature component r belongs to the random number set [1, n-1]. If the first signature component r does not belong to the random number set [1, n-1], it returns a second error message for the first signature component r to the second signature device. This allows the second signature device to obtain a new random number k2 based on the second error message, and generate a new first signature component and a new local signature component based on the new random number k2. Both the new first signature component and the new local signature component are then sent to the first signature device. The processing procedure for the new first signature component and the new local signature component is the same as the processing procedure for the first signature component and the local signature component, so it will not be described again.
[0143] If the first signature component r belongs to the random number set [1, n-1], the first signature device checks whether the local signature component s1 belongs to the random number set [1, n-1]. If the local signature component s1 does not belong to the random number set [1, n-1], the first signature device returns a third error message for the local signature component s1 to the second signature device, so that the second signature device can obtain a new random number k2 based on the third error message, and generate a new first signature component and a new local signature component based on the new random number k2, and send both the new first signature component and the new local signature component to the first signature device. The processing procedure of the first signature device for the new first signature component and the new local signature component is the same as the processing procedure for the first signature component and the local signature component, so it will not be described again.
[0144] If the local signature component s1 belongs to the random number set [1, n-1], the first signature device can generate the candidate signature component by the following formula (10).
[0145] s'=(((d1-1)^(-1))*(k1+s1)-r)mod n (10)
[0146] In formula (10), d1 represents the first private key fragment. In this embodiment, the first value is equal to 1, so (d1-1) represents the first difference, (k1+s1) represents the first total value; ((d1-1)^(-1))*(k1+s1) represents the second value, (((d1-1)^(-1))*(k1+s1)-r) represents the second difference, and s' represents the first remainder, i.e., the candidate signature component.
[0147] The specific process by which the first signature device verifies the candidate signature component s' and obtains the second verification result can be represented by the following formula (11).
[0148] s'∈[1, n-1] (11)
[0149] Formula (11) indicates that the first signing device checks whether the candidate signature component s' belongs to the random number set [1, n-1]. If the candidate signature component s' does not belong to the random number set [1, n-1], the first signing device returns a fourth error message to the second signing device, so that the second signing device can obtain a new random number k2 based on the fourth error message, and generate a new first signature component and a new local signature component based on the new random number k2, and send the new first signature component and the new local signature component to the first signing device. The processing of the new first signature component and the new local signature component by the first signing device is the same as the processing of the first signature component and the local signature component, so it will not be described again.
[0150] If the candidate signature component s' belongs to the random number set [1, n-1], then the first signature device will determine the candidate signature component s' as the second signature component s.
[0151] Step S103: The first signature component, the second signature component, and the business message are sent to the verification device as data to be verified, so that the verification device can verify the legality of the obtained data to be verified based on the global public key associated with the first private key fragment and the second private key fragment.
[0152] Specifically, the verification process by which the verification device uses the global public key to verify the signature value (r, s), i.e., the first signature component r and the second signature component s, can be as follows: The verification device verifies the signature value (r, s) using the global public key, i.e., verifies the first signature component and the second signature component. If the verification fails, it can be determined that the data to be verified is invalid data, and in this case, no business processing is performed on the business message in the data to be verified; if the verification succeeds, it can be determined that the signature value (r, s) is obtained by signing the first private key fragment and the second private key fragment (the verification device does not know the content of the global private key, nor does it know the first private key fragment). The verification device obtains the first digital digest obtained upon successful verification and the second digital digest corresponding to the business message (in normal scenarios, it is the same as the message digest). The verification device compares the first digital digest and the second digital digest. If the first digital digest and the second digital digest are the same, the signature value (r, s) is successfully verified using the global public key, thus determining that the data to be verified is legitimate. If the first digital digest and the second digital digest are different, the signature value (r, s) is not verified using the global public key, thus determining that the data to be verified is illegitimate.
[0153] In this embodiment, the first signing device with the first private key fragment can send both the message digest and the elliptic curve point Q corresponding to the business message to the second signing device. Therefore, when the second signing device generates the first signature component of the business message based on the elliptic curve point Q, the message digest, and the second private key fragment, it can generate a partial signature component based on the second private key fragment and the first signature component. Further, the first signing device obtains the first signature component and the partial signature component sent by the second signing device, and can generate a second signature component based on the first private key fragment, the first signature component, and the partial signature component. Further, the first signing device sends the first signature component, the second signature component, and the business message as data to be verified to the verification device, so that the verification device can perform legality verification on the obtained data to be verified based on the global public key associated with the first private key fragment and the second private key fragment. As described above, the first private key fragment and the second private key fragment in this application embodiment are independent private key fragments owned by two different signing devices, and they both correspond to a global public key. Therefore, the first signing device cannot determine the global private key (which includes the first private key fragment and the second private key fragment) corresponding to the global public key through the first private key fragment. Similarly, the second signing device cannot determine the global private key corresponding to the global public key through the second private key fragment. Therefore, by adopting this application, the risk of private key leakage caused by only one party holding the private key can be reduced, thus improving the security of the private key. In addition, this application embodiment performs the signing operation on the business message through the joint cooperation of the first signing device with the first private key fragment and the second signing device with the second private key fragment. Therefore, the requirement for both parties to participate in the signing can be met, and the security of joint signing can be improved through the first private key fragment and the second private key fragment.
[0154] Please see Figure 5 , Figure 5 This is a flowchart illustrating a data processing method provided in an embodiment of this application. Figure 2 This data processing method can be executed by a second signing device having a second private key fragment, wherein the second signing device can be the one described above. Figure 1 In the aforementioned terminal device cluster, any terminal device that is different from the first signature device, such as terminal device 200b, can also be the one described above. Figure 1 The business server 100 mentioned above (at this time, the first signing device is not the business server 100). For example... Figure 5 As shown, the data processing method may include at least the following steps S201-S203.
[0155] Step S201: Obtain the message digest and elliptic curve point Q corresponding to the service message sent by the first signature device.
[0156] Specifically, the third difference between the second private key fragment and the first value is obtained, and the third difference is multiplied by the local public key to obtain the third value; the local public key is generated by the first signing device based on the first private key fragment; the second private key fragment is multiplied by the base point of the elliptic curve to obtain the fourth value; the difference between the third value and the fourth value is determined as the global public key.
[0157] It is understandable that the second signing device independently generates the second private key fragment, and the process of generating the second private key fragment is the same as the process of the first signing device generating the first private key fragment. Therefore, it will not be described again here; please refer to the above. Figure 3 The description of step S101 in the corresponding embodiment.
[0158] Among them, the third difference is equivalent to (d2-1) in the above formula (3), the third value is equivalent to (d2-1)*P1 in the above formula (3), and the fourth value is equivalent to d2*G in the above formula (3).
[0159] Step S202: Generate the first signature component of the business message based on the elliptic curve point Q, the message digest, and the second private key fragment; generate the local signature component based on the second private key fragment and the first signature component.
[0160] Specifically, if the elliptic curve point Q is found to belong to an elliptic curve, a random number k2 is obtained. The random number k2 is multiplied by the base point of the elliptic curve to obtain the fifth value. The third difference between the second private key fragment and the first value is obtained, and the fourth difference between the elliptic curve point Q and the fifth value is obtained. The fifth value and the fourth difference are multiplied to obtain a candidate elliptic curve point. If the candidate elliptic curve point meets the value selection condition, it is determined as the elliptic curve point T. The elliptic curve point T includes the target coordinate value. The second total value between the target index value and the message digest is obtained. The second total value and the order of the base point are moduloed, and the resulting second remainder is used as the first signature component of the business message.
[0161] The specific process of using the obtained second remainder as the first signature component of the business message may include: obtaining the fifth difference between random number k1 and random number k2; using random number k1 to generate elliptic curve point Q; multiplying the third difference and the fifth difference to obtain the sixth value; obtaining the third total value between the second remainder and the sixth value; if the third total value is not equal to the order of the base point and the second remainder is not equal to the seventh value, then the second remainder is determined as the first signature component of the business message.
[0162] Specifically, obtain the third difference between the second private key fragment and the first value; multiply the reciprocal of the third difference with the first signature component to obtain the eighth value; obtain the sixth difference between the eighth value and the random number k2; associate the random number k2 with the first signature component; perform a modulo operation on the sixth difference and the order of the base point of the elliptic curve; if the obtained third remainder is not equal to the seventh value, then the third remainder is determined as the local signature component.
[0163] After receiving the elliptic curve point Q and message digest sent by the first signing device, the second signing device first checks whether the elliptic curve point Q is a point on the elliptic curve. If the elliptic curve point Q is not a point on the elliptic curve, it returns a fifth error message for the elliptic curve point Q to the first signing device. This allows the first signing device to obtain a new random number k1 based on the fifth error message, generate a new elliptic curve point Q based on k1, and send the new elliptic curve point Q to the second signing device. It can be understood that the process of the first signing device obtaining the new random number k1 is the same as the process of the first signing device obtaining the random number k1, and the process of generating the new elliptic curve point Q based on the new random number k1 is the same as the process of generating the elliptic curve point Q based on the random number k1. It can also be understood that the second signing device's processing of the new elliptic curve point Q is the same as the processing of the elliptic curve point Q.
[0164] If the elliptic curve point Q is a point on the elliptic curve, then a set of random numbers can be generated based on the order n of the base point G. Then, a random number k2 is obtained from the set of random numbers. This process is the same as the process by which the first signing device obtains the random number k1, so it will not be described again here. Furthermore, the second signing device generates candidate elliptic curve points based on the random number k2, the base point G, the elliptic curve point Q, and the second private key fragment. This process can be represented by the following formula (12).
[0165] T'=(x T’ ,y T’ )=[d2-1]*(Q-k2*G) (12)
[0166] In formula (12), T' represents the candidate elliptic curve point, x T’ The x-coordinates and y-coordinates of the candidate elliptic curve point T' are represented by the coordinates of the point T' on the x-axis. T’ This represents the coordinates of the candidate elliptic curve point T' on the y-axis. k2*G represents the fifth value, and Q-k2*G represents the fourth difference.
[0167] Furthermore, the second signature device determines whether the candidate elliptic curve point T' meets the value conditions. If the candidate elliptic curve point T' is at infinity, then the candidate elliptic curve point T' does not meet the value conditions; if the candidate elliptic curve point T' is not at infinity, then the candidate elliptic curve point T' meets the value conditions.
[0168] If the candidate elliptic curve point T' satisfies the value condition, the second signature device will determine the candidate elliptic curve point T' as the elliptic curve point T, where x T’ That is, the target coordinate value x T The second signature device can obtain the first signature component using the following formula (13).
[0169] r = (e + x) T )mod n (13)
[0170] In formula (13), e+x T This represents the second total value. Based on formula (13), the second signature device calculates the third total value using formula (14).
[0171] r+(d2-1)*(k1-k2) (14)
[0172] In formula (14), k1-k2 represents the fifth difference and (d2-1)*(k1-k2) represents the sixth value.
[0173] After calculating formula (14), the second signature device first determines whether r is 0 (i.e., the seventh value mentioned above) and whether the third total value is equal to order n. If r is equal to 0 or the third total value is equal to order n, the second signature device obtains a new random number k2 and generates a new r based on the new random number k2 and formula (13). Based on the new r and formula (14), the second signature device generates a new third total value, and the second signature device judges the new r and the new third total value again. It can be understood that the above process is the same as the process by which the second signature device determines whether r is 0 and whether the third total value is equal to order n, so it will not be described in detail.
[0174] If r is not equal to 0 and the third total value is not equal to order n, then the second signing device determines r as the first signature component. Further, the second signing device generates a local signature component based on the second private key fragment, the first signature component r, the random number k2, and the order n. This process can be represented by the following formula (15).
[0175] s1=(((d2-1)^(-1))*r-k2)mod n (15)
[0176] Where ((d2-1)^(-1))*r represents the eighth value, and (((d2-1)^(-1))*r-k2) represents the sixth difference. If s1 equals 0, i.e., the seventh value, then the second signature device obtains a new random number k2, and based on the new random number k2, re-executes the above formulas (12)-(15). If s1 is not equal to 0, then the second signature device determines s1 as a local signature component.
[0177] Step S203: The first signature component and the partial signature component are both sent to the first signature device, so that when the first signature device generates the second signature component based on the first private key fragment, the first signature component, and the partial signature component, it sends the first signature component, the second signature component, and the business message as data to be verified to the verification device; the verification device is used to verify the legality of the obtained data to be verified based on the global public key associated with the first private key fragment and the second private key fragment.
[0178] Specifically, for the detailed process by which the first signing device generates the second signature component based on the first private key fragment, the first signature component, and the partial signature component, please refer to the above text. Figure 3 The description of step S102 in the corresponding embodiment will not be repeated here.
[0179] The following describes the accuracy of the embodiments of this application. A regular signature is a private key (hereinafter referred to as dA) corresponding to a public key, and the random number in the regular signature is defined as k. When generating the signature value component r in the regular signature using the random number k, it is necessary to determine whether the following formula (16) is true.
[0180] r+k=n (16)
[0181] Where r can still represent the first signature component in the embodiments of this application, and n can still represent the order in the embodiments of this application. The meanings of the symbols in the following formulas (17)-(28) are all the same as those in the above text, so they will not be repeated one by one.
[0182] Combining the above formula (14), that is, to determine whether the third total value is equal to the order n, that is, whether r+(d2-1)*(k1-k2) is equal to n, we can obtain the following formula (17).
[0183] k=(d2-1)*(k1-k2) (17)
[0184] Formula (17) can be transformed into the following formula (18).
[0185] (k1-k2)=k*((d2-1)^(-1)) (18)
[0186] In a conventional signature, the process of generating the second signature component s can be represented by the following formula (19).
[0187] s=(((1+dA)^(-1))*(kr*dA))mod n (19)
[0188] In formula (19), dA represents the private key in a conventional signature. It is a complete private key, which is different from the first private key fragment in the embodiment of this application and also different from the second private key fragment.
[0189] The above formula (19) can be simplified as shown in formula (20).
[0190] s=(((1+dA)^(-1))*(kr*dA))mod n =(((1+dA)^(-1))*(kr*((dA+1)-1)))mod n =(((1+dA)^(-1))*(kr*(dA+1)+r))mod n=(((1+dA)^(-1))*((k+r)-r*(dA+1)))mod n =(((1+dA)^(-1))*(k+r)-r)mod n (20)
[0191] In this embodiment of the application, two private key fragments correspond to one public key. The global private key corresponding to the global public key P is defined as d. The relationship between the global public key P and the global private key d can be expressed by the following formula (21).
[0192] P=d*G (21)
[0193] Combining formula (3) and formula (2) above, we can obtain the following formula (22).
[0194] P=(d2-1)*P1-d2*G=((d2-1)*(d1-1))GG (22)
[0195] Therefore, combining formula (22) and formula (21), we can obtain the following formula (23).
[0196] d*G=((d2-1)*(d1-1))GG (23)
[0197] Furthermore, we can obtain the following formula (24).
[0198] d+1=(d2-1)*(d1-1) (24)
[0199] Combining the formula (7) above, the formula for the point T of the elliptic curve (similar to the formula (12) above) can be transformed into the following formula (25).
[0200] T = (x T ,y T )=[d2-1]*(Q-k2*G)=[(d2-1)*(k1-k2)]*G (25)
[0201] Substituting the above formula (15) into the formula for determining the second signature component (similar to the above formula (10), i.e., when the candidate signature component s' belongs to the random number set [1, n-1], the candidate signature component s' is the second signature component s), we can obtain the following formula (26).
[0202] s=(((d1-1)^(-1))*(k1+((d2-1)^(-1))*r-k2)-r)mod n =(((d1-1)^(-1))*(((d2-1)^(-1))*r+k1-k2)-r)mod n (26)
[0203] Substituting the above formula (17) into formula (26), we can obtain the following formula (27).
[0204] s=(((d1-1)^(-1))*((d2-1)^(-1))*(r+k)-r)mod n (27)
[0205] Substituting the above formula (24) into formula (27), we can obtain the following formula (28).
[0206] s=(((1+d)^(-1))*(r+k)-r)mod n (28)
[0207] Formula (28) is the same as the formula (20) representing the second signature component s in a conventional signature. Therefore, it can be determined that the method described in the embodiments of this application is feasible and accurate.
[0208] In this embodiment, the first signing device with the first private key fragment can send both the message digest and the elliptic curve point Q corresponding to the business message to the second signing device. Therefore, when the second signing device generates the first signature component of the business message based on the elliptic curve point Q, the message digest, and the second private key fragment, it can generate a partial signature component based on the second private key fragment and the first signature component. Further, the first signing device obtains the first signature component and the partial signature component sent by the second signing device, and can generate a second signature component based on the first private key fragment, the first signature component, and the partial signature component. Further, the first signing device sends the first signature component, the second signature component, and the business message as data to be verified to the verification device, so that the verification device can perform legality verification on the obtained data to be verified based on the global public key associated with the first private key fragment and the second private key fragment. As described above, the first private key fragment and the second private key fragment in this application embodiment are independent private key fragments owned by two different signing devices, and they both correspond to a global public key. Therefore, the first signing device cannot determine the global private key (which includes the first private key fragment and the second private key fragment) corresponding to the global public key through the first private key fragment. Similarly, the second signing device cannot determine the global private key corresponding to the global public key through the second private key fragment. Therefore, by adopting this application, the risk of private key leakage caused by only one party holding the private key can be reduced, thus improving the security of the private key. In addition, this application embodiment performs the signing operation on the business message through the joint cooperation of the first signing device with the first private key fragment and the second signing device with the second private key fragment. Therefore, the requirement for both parties to participate in the signing can be met, and the security of joint signing can be improved through the first private key fragment and the second private key fragment.
[0209] Further, please see Figure 6 , Figure 6 This is a schematic diagram of the structure of a data processing device provided in an embodiment of this application. Figure 1 The aforementioned data processing device 1 can operate on a first signing device having a first private key fragment, and can be used to execute the corresponding steps in the methods provided in the embodiments of this application. For example... Figure 6 As shown, the data processing device 1 may include: a first sending module 11, a first generating module 12, and a second sending module 13.
[0210] The first sending module 11 is used to send the message digest and the elliptic curve point Q corresponding to the business message to the second signing device, so that when the second signing device generates the first signature component of the business message based on the elliptic curve point Q, the message digest and the second private key fragment, it generates a local signature component based on the second private key fragment and the first signature component.
[0211] The first generation module 12 is used to obtain the first signature component and the partial signature component sent by the second signature device, and generate the second signature component based on the first private key fragment, the first signature component and the partial signature component.
[0212] The second sending module 13 is used to send the first signature component, the second signature component, and the business message as data to be verified to the verification device, so that the verification device can perform legality verification on the obtained data to be verified based on the global public key associated with the first private key fragment and the second private key fragment.
[0213] The specific functional implementations of the first sending module 11, the first generating module 12, and the second sending module 13 can be found in the above description. Figure 3 Steps S101-S103 in the corresponding embodiment will not be described again here.
[0214] Please see again Figure 6 The data processing device 1 may further include a second generation module 14 and a first determination module 15.
[0215] The second generation module 14 is used to obtain the base point of the elliptic curve, generate a set of candidate private key fragments based on the order of the base point, and obtain candidate private key fragments from the set of candidate private key fragments.
[0216] The first determining module 15 is used to determine the candidate private key fragment as the first private key fragment if the candidate private key fragment meets the private key determination conditions.
[0217] The first determining module 15 is further configured to generate a local public key based on the first private key fragment and the base point, and send the local public key to the second signing device so that the second signing device can generate a global public key based on the local public key and the second private key fragment.
[0218] The specific functional implementation of the second generation module 14 and the first determination module 15 can be found in the above description. Figure 3 Step S101 in the corresponding embodiment will not be described again here.
[0219] Please see again Figure 6 The data processing device 1 may further include a third generation module 16 and a fourth generation module 17.
[0220] The third generation module 16 is used to generate a hash value to be compressed based on the first object identifier, the second object identifier, the elliptic curve system parameters, and the global public key; the elliptic curve system parameters include the base points of the elliptic curve.
[0221] The third generation module 16 is also used to compress the hash value to be compressed and the business message to obtain a message digest.
[0222] The fourth generation module 17 is used to generate a set of random numbers based on the order of the base point, obtain a random number k1 from the set of random numbers, and generate an elliptic curve point Q based on the random number k1 and the base point.
[0223] The specific functional implementation methods of the third generation module 16 and the fourth generation module 17 can be found in the above description. Figure 3 Step S101 in the corresponding embodiment will not be described again here.
[0224] Please see again Figure 6 The fourth generation module 17 may include: a first acquisition unit 171 and a product operation unit 172.
[0225] The first acquisition unit 171 is used to acquire a random number k1 different from the historical random number k1 from the random number set if the first error message sent by the second signature device for the historical elliptic curve point Q is acquired; the historical random number k1 belongs to the random number set; the historical elliptic curve point Q is generated based on the historical random number k1 and the base point.
[0226] The product operation unit 172 is used to perform a product operation on the random number k1 and the base point to obtain the elliptic curve point Q.
[0227] The specific functional implementation of the first acquisition unit 171 and the product operation unit 172 can be found in the above description. Figure 3 Step S101 in the corresponding embodiment will not be described again here.
[0228] Please see again Figure 6 The first generation module 12 may include: a first verification unit 121, a second acquisition unit 122, a candidate generation unit 123, and a second verification unit 124.
[0229] The first verification unit 121 is used to verify the first signature component and the local signature component respectively, and obtain the first verification result.
[0230] The second acquisition unit 122 is used to acquire the first difference between the first private key fragment and the first value, and to acquire the first total value between the random number k1 and the local signature component if the first verification result is a verification pass result; the random number k1 is used to generate the elliptic curve point Q.
[0231] The candidate generation unit 123 is used to generate candidate signature components based on the first difference, the first total value, the first signature component, and the order of the base point of the elliptic curve.
[0232] The second verification unit 124 is used to verify the candidate signature component and obtain the second verification result. If the second verification result is a pass result, the candidate signature component is determined as the second signature component.
[0233] The specific functional implementation of the first verification unit 121, the second acquisition unit 122, the candidate generation unit 123, and the second verification unit 124 can be found in the above description. Figure 3 Step S102 in the corresponding embodiment will not be described again here.
[0234] Please see again Figure 6 The first inspection unit 121 may include: a first inspection subunit 1211, a first determination subunit 1212, a second inspection subunit 1213, and a second determination subunit 1214.
[0235] The first verification subunit 1211 is used to verify the first correlation between the first signature component and the random number set; the random number set is generated based on the order of the base point;
[0236] The first determining subunit 1212 is used to determine the first verification result as a verification failure result if the first association relationship indicates that the random number set does not include the first signature component, and return a second error message for the first signature component to the second signature device;
[0237] The second verification subunit 1213 is used to verify the second association between the local signature component and the random number set if the first association indicates that the random number set includes the first signature component.
[0238] The second determining subunit 1214 is used to determine the first verification result as a verification failure result if the second association relationship indicates that the random number set does not include the local signature component, and return a third error message for the local signature component to the second signature device.
[0239] The second determining subunit 1214 is further configured to determine the first test result as a test pass result if the second association relationship indicates that the random number set includes a local signature component.
[0240] The specific functional implementation methods of the first verification subunit 1211, the first determination subunit 1212, the second verification subunit 1213, and the second determination subunit 1214 can be found in the above description. Figure 3 Step S102 in the corresponding embodiment will not be described again here.
[0241] Please see again Figure 6 The candidate generation unit 123 may include a first operation subunit 1231 and a second operation subunit 1232.
[0242] The first operation subunit 1231 is used to perform a product operation on the reciprocal of the difference and the first total value to obtain the second value and to obtain the second difference between the second value and the first signature component.
[0243] The second operation subunit 1232 is used to perform a remainder operation on the second difference and the order of the base point of the elliptic curve, and the first remainder obtained is used as a candidate signature component.
[0244] The specific functional implementation of the first operation subunit 1231 and the second operation subunit 1232 can be found in the above description. Figure 3 Step S102 in the corresponding embodiment will not be described again here.
[0245] Please see again Figure 6 The second inspection unit 124 may include a third inspection subunit 1241 and a third determination subunit 1242.
[0246] The third verification subunit 1241 is used to verify the third correlation between the candidate signature components and the random number set; the random number set is generated based on the order of the base point;
[0247] The third determining subunit 1242 is used to determine the second test result as a test failure result if the third association relationship indicates that the random number set does not include the candidate signature component, and return the fourth error message to the second signature device.
[0248] The third determining subunit 1242 is also used to determine the second test result as the test pass result if the third association relationship indicates that the random number set includes candidate signature components.
[0249] The specific functional implementation of the third verification subunit 1241 and the third determination subunit 1242 can be found in the above description. Figure 3 Step S102 in the corresponding embodiment will not be described again here.
[0250] In this embodiment, the first signing device with the first private key fragment can send both the message digest and the elliptic curve point Q corresponding to the business message to the second signing device. Therefore, when the second signing device generates the first signature component of the business message based on the elliptic curve point Q, the message digest, and the second private key fragment, it can generate a partial signature component based on the second private key fragment and the first signature component. Further, the first signing device obtains the first signature component and the partial signature component sent by the second signing device, and can generate a second signature component based on the first private key fragment, the first signature component, and the partial signature component. Further, the first signing device sends the first signature component, the second signature component, and the business message as data to be verified to the verification device, so that the verification device can perform legality verification on the obtained data to be verified based on the global public key associated with the first private key fragment and the second private key fragment. As described above, the first private key fragment and the second private key fragment in this application embodiment are independent private key fragments owned by two different signing devices, and they both correspond to a global public key. Therefore, the first signing device cannot determine the global private key (which includes the first private key fragment and the second private key fragment) corresponding to the global public key through the first private key fragment. Similarly, the second signing device cannot determine the global private key corresponding to the global public key through the second private key fragment. Therefore, by adopting this application, the risk of private key leakage caused by only one party holding the private key can be reduced, thus improving the security of the private key. In addition, this application embodiment performs the signing operation on the business message through the joint cooperation of the first signing device with the first private key fragment and the second signing device with the second private key fragment. Therefore, the requirement for both parties to participate in the signing can be met, and the security of joint signing can be improved through the first private key fragment and the second private key fragment.
[0251] Further, please see Figure 7 , Figure 7 This is a schematic diagram of the structure of a data processing device provided in an embodiment of this application. Figure 2 The aforementioned data processing device 2 can operate on a second signing device having a second private key fragment, and this device can be used to execute the corresponding steps in the method provided in the embodiments of this application. For example... Figure 7 As shown, the data processing device 2 may include: a first acquisition module 21, a component generation module 22, and a component transmission module 23.
[0252] The first acquisition module 21 is used to acquire the message digest and elliptic curve point Q corresponding to the business message sent by the first signature device;
[0253] The component generation module 22 is used to generate a first signature component of the business message based on the elliptic curve point Q, the message digest and the second private key fragment, and to generate a local signature component based on the second private key fragment and the first signature component.
[0254] The component sending module 23 is used to send both the first signature component and the partial signature component to the first signing device, so that when the first signing device generates the second signature component based on the first private key fragment, the first signature component, and the partial signature component, it sends the first signature component, the second signature component, and the business message as data to be verified to the verification device; the verification device is used to perform legality verification on the obtained data to be verified based on the global public key associated with the first private key fragment and the second private key fragment.
[0255] The specific functional implementation of the first acquisition module 21, the component generation module 22, and the component transmission module 23 can be found in the above description. Figure 5 Steps S201-S203 in the corresponding embodiment will not be described again here.
[0256] Please see again Figure 7 The data processing device 2 may further include: a second acquisition module 24, a product operation module 25, and a public key determination module 26.
[0257] The second acquisition module 24 is used to acquire the third difference between the second private key fragment and the first value, and to perform a product operation on the third difference and the local public key to obtain the third value; the local public key is generated by the first signing device based on the first private key fragment;
[0258] The product operation module 25 is used to perform a product operation on the second private key fragment and the base point of the elliptic curve to obtain the fourth value;
[0259] The public key determination module 26 is used to determine the difference between the third and fourth values as the global public key.
[0260] The specific functional implementations of the second acquisition module 24, the product operation module 25, and the public key determination module 26 can be found above. Figure 5 Step S201 in the corresponding embodiment will not be described again here.
[0261] Please see again Figure 7 The component generation module 22 may include: a first acquisition unit 221, a second acquisition unit 222, a first determination unit 223, and a third acquisition unit 224.
[0262] The first acquisition unit 221 is used to acquire a random number k2 if the test point Q of the elliptic curve belongs to the elliptic curve, and to perform a product operation on the random number k2 and the base point of the elliptic curve to obtain the fifth value.
[0263] The second acquisition unit 222 is used to acquire the third difference between the second private key fragment and the first value, and to acquire the fourth difference between the elliptic curve point Q and the fifth value.
[0264] The first determining unit 223 is used to perform a product operation on the fifth value and the fourth difference to obtain a candidate elliptic curve point. If the candidate elliptic curve point meets the value conditions, the candidate elliptic curve point is determined as the elliptic curve point T. The elliptic curve point T includes the target coordinate value.
[0265] The third acquisition unit 224 is used to acquire the second total value between the target indicator value and the message digest, perform a modulo operation on the second total value and the order of the base point, and use the obtained second remainder as the first signature component of the business message.
[0266] The specific functional implementation methods of the first acquisition unit 221, the second acquisition unit 222, the first determination unit 223, and the third acquisition unit 224 can be found in the above description. Figure 5 Step S202 in the corresponding embodiment will not be described again here.
[0267] Please see again Figure 7 The third acquisition unit 224 may include: a first acquisition subunit 2241, a second acquisition subunit 2242, and a component determination subunit 2243.
[0268] The first acquisition subunit 2241 is used to acquire the fifth difference between random number k1 and random number k2; random number k1 is used to generate elliptic curve point Q.
[0269] The second acquisition subunit 2242 is used to perform a product operation on the third difference and the fifth difference to obtain the sixth value, and to obtain the third total value between the second remainder and the sixth value.
[0270] The component determination subunit 2243 is used to determine the second remainder as the first signature component of the business message if the third total value is not equal to the order of the base point and the second remainder is not equal to the seventh value.
[0271] The specific functional implementation of the first acquisition subunit 2241, the second acquisition subunit 2242, and the component determination subunit 2243 can be found in the above description. Figure 5 Step S202 in the corresponding embodiment will not be described again here.
[0272] Please see again Figure 7 The component generation module 22 may include: a fourth acquisition unit 225, a fifth acquisition unit 226, and a second determination unit 227.
[0273] The fourth acquisition unit 225 is used to acquire the third difference between the second private key fragment and the first value, and to multiply the reciprocal of the third difference with the first signature component to obtain the eighth value.
[0274] The fifth acquisition unit 226 is used to acquire the sixth difference between the eighth value and the random number k2; the random number k2 is associated with the first signature component;
[0275] The second determining unit 227 is used to perform a remainder operation on the sixth difference and the order of the base point of the elliptic curve. If the obtained third remainder is not equal to the seventh value, then the third remainder is determined as a local signature component.
[0276] The specific functional implementation methods of the fourth acquisition unit 225, the fifth acquisition unit 226, and the second determination unit 227 can be found in the above description. Figure 5 Step S202 in the corresponding embodiment will not be described again here.
[0277] In this embodiment, the first signing device with the first private key fragment can send both the message digest and the elliptic curve point Q corresponding to the business message to the second signing device. Therefore, when the second signing device generates the first signature component of the business message based on the elliptic curve point Q, the message digest, and the second private key fragment, it can generate a partial signature component based on the second private key fragment and the first signature component. Further, the first signing device obtains the first signature component and the partial signature component sent by the second signing device, and can generate a second signature component based on the first private key fragment, the first signature component, and the partial signature component. Further, the first signing device sends the first signature component, the second signature component, and the business message as data to be verified to the verification device, so that the verification device can perform legality verification on the obtained data to be verified based on the global public key associated with the first private key fragment and the second private key fragment. As described above, the first private key fragment and the second private key fragment in this application embodiment are independent private key fragments owned by two different signing devices, and they both correspond to a global public key. Therefore, the first signing device cannot determine the global private key (which includes the first private key fragment and the second private key fragment) corresponding to the global public key through the first private key fragment. Similarly, the second signing device cannot determine the global private key corresponding to the global public key through the second private key fragment. Therefore, by adopting this application, the risk of private key leakage caused by only one party holding the private key can be reduced, thus improving the security of the private key. In addition, this application embodiment performs the signing operation on the business message through the joint cooperation of the first signing device with the first private key fragment and the second signing device with the second private key fragment. Therefore, the requirement for both parties to participate in the signing can be met, and the security of joint signing can be improved through the first private key fragment and the second private key fragment.
[0278] Further, please see Figure 8 , Figure 8 This is a schematic diagram of the structure of a computer device provided in an embodiment of this application. Figure 8As shown, the computer device 1000 may include: at least one processor 1001, such as a CPU; at least one network interface 1004; a user interface 1003; a memory 1005; and at least one communication bus 1002. The communication bus 1002 is used to implement communication between these components. In some embodiments, the user interface 1003 may include a display screen and a keyboard, and the network interface 1004 may optionally include a standard wired interface or a wireless interface (such as a Wi-Fi interface). The memory 1005 may be high-speed RAM or non-volatile memory, such as at least one disk storage device. Optionally, the memory 1005 may also be at least one storage device located remotely from the aforementioned processor 1001. Figure 8 As shown, the memory 1005, which serves as a computer storage medium, may include an operating system, a network communication module, a user interface module, and a device control application program.
[0279] exist Figure 8 In the computer device 1000 shown, the network interface 1004 provides network communication functionality; the user interface 1003 is mainly used to provide an input interface for the user; and the processor 1001 can be used to call the device control application stored in the memory 1005 to achieve:
[0280] The message digest and elliptic curve point Q corresponding to the business message are both sent to the second signature device, so that when the second signature device generates the first signature component of the business message based on the elliptic curve point Q, the message digest and the second private key fragment, it generates a local signature component based on the second private key fragment and the first signature component.
[0281] Obtain the first signature component and the partial signature component sent by the second signature device, and generate the second signature component based on the first private key fragment, the first signature component, and the partial signature component;
[0282] The first signature component, the second signature component, and the business message are sent to the verification device as data to be verified, so that the verification device can verify the legitimacy of the obtained data to be verified based on the global public key associated with the first private key fragment and the second private key fragment.
[0283] Alternatively, processor 1001 can be used to call the device control application stored in memory 1005 to achieve:
[0284] Obtain the message digest and elliptic curve point Q corresponding to the business message sent by the first signature device;
[0285] Based on the elliptic curve point Q, the message digest, and the second private key fragment, a first signature component of the business message is generated, and a local signature component is generated based on the second private key fragment and the first signature component.
[0286] Both the first signature component and the partial signature component are sent to the first signature device, so that when the first signature device generates the second signature component based on the first private key fragment, the first signature component, and the partial signature component, it sends the first signature component, the second signature component, and the business message as data to be verified to the verification device; the verification device is used to verify the legality of the obtained data to be verified based on the global public key associated with the first private key fragment and the second private key fragment.
[0287] It should be understood that the computer device 1000 described in the embodiments of this application can perform the data processing methods or apparatus described in the preceding embodiments, and will not be repeated here. Furthermore, the beneficial effects of using the same methods will also not be repeated.
[0288] This application also provides a computer-readable storage medium storing a computer program. When executed by a processor, the computer program implements the data processing methods or apparatus described in the preceding embodiments, which will not be repeated here. Furthermore, the beneficial effects of using the same methods will also not be repeated.
[0289] The aforementioned computer-readable storage medium can be an internal storage unit of the data processing apparatus or computer device provided in any of the foregoing embodiments, such as a hard disk or memory of the computer device. The computer-readable storage medium can also be an external storage device of the computer device, such as a plug-in hard disk, smart media card (SMC), secure digital (SD) card, flash card, etc., provided on the computer device. Furthermore, the computer-readable storage medium may include both internal and external storage units of the computer device. The computer-readable storage medium is used to store the computer program and other programs and data required by the computer device. The computer-readable storage medium can also be used to temporarily store data that has been output or will be output.
[0290] This application also provides a computer program product, which includes a computer program stored in a computer-readable storage medium. A processor of a computer device reads the computer program from the computer-readable storage medium and executes the computer program, enabling the computer device to perform the data processing methods or apparatus described in the preceding embodiments, which will not be repeated here. Furthermore, the beneficial effects of using the same method will also not be repeated here.
[0291] The terms "first," "second," etc., in the specification, claims, and drawings of this application are used to distinguish different objects, not to describe a specific order. Furthermore, the term "comprising," and any variations thereof, are intended to cover non-exclusive inclusion. For example, a process, method, apparatus, product, or device that includes a series of steps or units is not limited to the listed steps or modules, but may optionally include steps or modules not listed, or may optionally include other step units inherent to these processes, methods, apparatuses, products, or devices.
[0292] Those skilled in the art will recognize that the units and algorithm steps of the various examples described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, computer software, or a combination of both. To clearly illustrate the interchangeability of hardware and software, the components and steps of the various examples have been generally described in terms of functionality in the foregoing description. Whether these functions are implemented in hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art can use different methods to implement the described functions for each specific application, but such implementations should not be considered beyond the scope of this application.
[0293] The above-disclosed embodiments are merely preferred embodiments of this application and should not be construed as limiting the scope of this application. Therefore, any equivalent variations made in accordance with the claims of this application shall still fall within the scope of this application.
Claims
1. A data processing method, characterized in that, The method is performed by a first signing device having a first private key fragment, the method comprising: The message digest and elliptic curve point Q corresponding to the business message are both sent to the second signature device, so that when the second signature device generates the first signature component of the business message based on the elliptic curve point Q, the message digest and the second private key fragment, it generates a local signature component based on the second private key fragment and the first signature component. Obtain the first signature component and the partial signature component sent by the second signature device, and generate the second signature component based on the first private key fragment, the first signature component, and the partial signature component; The first signature component, the second signature component, and the business message are sent to the verification device as data to be verified, so that the verification device can verify the legality of the obtained data to be verified based on the global public key associated with the first private key fragment and the second private key fragment. The step of generating the first signature component of the business message based on the elliptic curve point Q, the message digest, and the second private key fragment includes: If the test shows that the point Q of the elliptic curve belongs to the elliptic curve, then obtain a random number k2, and multiply the random number k2 with the base point of the elliptic curve to obtain the fifth value. Obtain the third difference between the second private key fragment and the first value, and obtain the fourth difference between the elliptic curve point Q and the fifth value; The fifth value and the fourth difference are multiplied to obtain a candidate elliptic curve point. If the candidate elliptic curve point meets the value conditions, the candidate elliptic curve point is determined as elliptic curve point T. The elliptic curve point T includes the target coordinate value. Obtain the second total value between the target coordinate value and the message digest, and perform a modulo operation on the second total value and the order of the base point to obtain the second remainder; Obtain the fifth difference between random number k1 and random number k2; random number k1 is used to generate the elliptic curve point Q. Multiply the third difference and the fifth difference to obtain the sixth value, and obtain the third total value between the second remainder and the sixth value; If the third total value is not equal to the order of the base point, and the second remainder is not equal to the seventh value, then the second remainder is determined as the first signature component of the business message.
2. The method according to claim 1, characterized in that, The method further includes: Obtain the base point of the elliptic curve, generate a set of candidate private key fragments based on the order of the base point, and obtain candidate private key fragments from the set of candidate private key fragments; If the candidate private key fragment meets the private key determination condition, then the candidate private key fragment is determined as the first private key fragment; Based on the first private key fragment and the base point, a local public key is generated, and the local public key is sent to the second signing device so that the second signing device can generate the global public key based on the local public key and the second private key fragment.
3. The method according to claim 1, characterized in that, The method further includes: A hash value to be compressed is generated based on the first object identifier, the second object identifier, the elliptic curve system parameters, and the global public key; the elliptic curve system parameters include the base points of the elliptic curve. The hash value to be compressed and the business message are compressed to obtain the message digest. Based on the order of the base point, a set of random numbers is generated, a random number k1 is obtained from the set of random numbers, and the elliptic curve point Q is generated based on the random number k1 and the base point.
4. The method according to claim 3, characterized in that, The step of obtaining a random number k1 from the random number set and generating the elliptic curve point Q based on the random number k1 and the base point includes: If the first error message for the historical elliptic curve point Q is received from the second signature device, then a random number k1 different from the historical random number k1 is obtained from the random number set; the historical random number k1 belongs to the random number set; the historical elliptic curve point Q is generated based on the historical random number k1 and the base point. The random number k1 and the base point are multiplied to obtain the elliptic curve point Q.
5. The method according to claim 1, characterized in that, The step of generating a second signature component based on the first private key fragment, the first signature component, and the partial signature component includes: The first signature component and the local signature component are examined respectively to obtain the first examination result; If the first test result is a pass result, then obtain the first difference between the first private key fragment and the first value, and obtain the first total value between the random number k1 and the local signature component; the random number k1 is used to generate the elliptic curve point Q; Candidate signature components are generated based on the first difference, the first total value, the first signature component, and the order of the base point of the elliptic curve. The candidate signature component is tested to obtain a second test result. If the second test result is the test pass result, the candidate signature component is determined as the second signature component.
6. The method according to claim 5, characterized in that, The step of verifying the first signature component and the local signature component respectively to obtain a first verification result includes: Examine the first correlation between the first signature component and the random number set; the random number set is generated based on the order of the base point; If the first association indicates that the random number set does not include the first signature component, then the first verification result is determined to be a verification failure result, and a second error message for the first signature component is returned to the second signature device; If the first association indicates that the random number set includes the first signature component, then examine the second association between the local signature component and the random number set; If the second association indicates that the random number set does not include the local signature component, then the first verification result is determined to be the verification failure result, and a third error message for the local signature component is returned to the second signature device; If the second association indicates that the random number set includes the local signature component, then the first test result is determined to be the test pass result.
7. The method according to claim 5, characterized in that, The step of generating candidate signature components based on the first difference, the first total value, the first signature component, and the order of the base point of the elliptic curve includes: Multiply the reciprocal of the difference with the first total value to obtain a second value, and then obtain the second difference between the second value and the first signature component. The second difference and the order of the base point of the elliptic curve are moduloed, and the resulting first remainder is used as the candidate signature component.
8. The method according to claim 5, characterized in that, The step of verifying the candidate signature components to obtain a second verification result includes: Examine the third correlation between the candidate signature components and the random number set; the random number set is generated based on the order of the base point; If the third association indicates that the random number set does not include the candidate signature component, then the second verification result is determined to be a verification failure result, and a fourth error message is returned to the second signature device; If the third association indicates that the random number set includes the candidate signature component, then the second test result is determined to be the test pass result.
9. A data processing method, characterized in that, The method is performed by a second signing device having a second private key fragment, and the method includes: Obtain the message digest and elliptic curve point Q corresponding to the business message sent by the first signature device; If the test shows that the point Q of the elliptic curve belongs to the elliptic curve, then obtain a random number k2, and multiply the random number k2 with the base point of the elliptic curve to obtain the fifth value. Obtain the third difference between the second private key fragment and the first value, and obtain the fourth difference between the elliptic curve point Q and the fifth value; The fifth value and the fourth difference are multiplied to obtain a candidate elliptic curve point. If the candidate elliptic curve point meets the value conditions, the candidate elliptic curve point is determined as elliptic curve point T. The elliptic curve point T includes the target coordinate value. Obtain the second total value between the target coordinate value and the message digest, and perform a modulo operation on the second total value and the order of the base point to obtain the second remainder; Obtain the fifth difference between random number k1 and random number k2; random number k1 is used to generate the elliptic curve point Q. Multiply the third difference and the fifth difference to obtain the sixth value, and obtain the third total value between the second remainder and the sixth value; If the third total value is not equal to the order of the base point, and the second remainder is not equal to the seventh value, then the second remainder is determined as the first signature component of the business message, and a local signature component is generated based on the second private key fragment and the first signature component. Both the first signature component and the partial signature component are sent to the first signature device, so that when the first signature device generates the second signature component based on the first private key fragment, the first signature component, and the partial signature component, it sends the first signature component, the second signature component, and the business message as data to be verified to the verification device; the verification device is used to verify the legality of the obtained data to be verified based on the global public key associated with the first private key fragment and the second private key fragment.
10. The method according to claim 9, characterized in that, The method further includes: Obtain the third difference between the second private key fragment and the first value, and multiply the third difference with the local public key to obtain the third value; the local public key is generated by the first signing device based on the first private key fragment. The fourth value is obtained by multiplying the second private key fragment and the base point of the elliptic curve. The difference between the third value and the fourth value is determined as the global public key.
11. The method according to claim 9, characterized in that, The step of generating a local signature component based on the second private key fragment and the first signature component includes: Obtain the third difference between the second private key fragment and the first value, and multiply the reciprocal of the third difference with the first signature component to obtain the eighth value; Obtain the sixth difference between the eighth numerical value and the random number k2; the random number k2 is associated with the first signature component. Perform a remainder operation on the sixth difference and the order of the base point of the elliptic curve. If the resulting third remainder is not equal to the seventh value, then the third remainder is determined as a local signature component.
12. A data processing apparatus, characterized in that, The device operates on a first signing device having a first private key fragment, the device comprising: The first sending module is used to send the message digest and the elliptic curve point Q corresponding to the business message to the second signature device, so that when the second signature device generates the first signature component of the business message based on the elliptic curve point Q, the message digest and the second private key fragment, it generates a partial signature component based on the second private key fragment and the first signature component. The first generation module is used to obtain the first signature component and the partial signature component sent by the second signature device, and generate a second signature component based on the first private key fragment, the first signature component and the partial signature component. The second sending module is used to send the first signature component, the second signature component, and the business message as data to be verified to the verification device, so that the verification device can perform legality verification on the obtained data to be verified based on the global public key associated with the first private key fragment and the second private key fragment. The step of generating the first signature component of the business message based on the elliptic curve point Q, the message digest, and the second private key fragment includes: If the test shows that the point Q of the elliptic curve belongs to the elliptic curve, then obtain a random number k2, and multiply the random number k2 with the base point of the elliptic curve to obtain the fifth value. Obtain the third difference between the second private key fragment and the first value, and obtain the fourth difference between the elliptic curve point Q and the fifth value; The fifth value and the fourth difference are multiplied to obtain a candidate elliptic curve point. If the candidate elliptic curve point meets the value conditions, the candidate elliptic curve point is determined as elliptic curve point T. The elliptic curve point T includes the target coordinate value. Obtain the second total value between the target coordinate value and the message digest, and perform a modulo operation on the second total value and the order of the base point to obtain the second remainder; Obtain the fifth difference between random number k1 and random number k2; random number k1 is used to generate the elliptic curve point Q. Multiply the third difference and the fifth difference to obtain the sixth value, and obtain the third total value between the second remainder and the sixth value; If the third total value is not equal to the order of the base point, and the second remainder is not equal to the seventh value, then the second remainder is determined as the first signature component of the business message.
13. A data processing apparatus, characterized in that, The device operates on a second signature device having a second private key fragment, the device comprising: The first acquisition module is used to acquire the message digest and elliptic curve point Q corresponding to the business message sent by the first signature device; The component generation module is used to obtain a random number k2 if the elliptic curve point Q is found to belong to the elliptic curve, and to perform a product operation on the random number k2 and the base point of the elliptic curve to obtain a fifth value. The component generation module is further configured to obtain a third difference between the second private key fragment and the first value, and to obtain a fourth difference between the elliptic curve point Q and the fifth value. The component generation module is further configured to perform a product operation on the fifth value and the fourth difference to obtain a candidate elliptic curve point. If the candidate elliptic curve point meets the value selection condition, the candidate elliptic curve point is determined as an elliptic curve point T. The elliptic curve point T includes the target coordinate value. The component generation module is further configured to obtain a second total value between the target coordinate value and the message digest, and to perform a modulo operation on the second total value and the order of the base point to obtain a second remainder; The component generation module is further configured to obtain a fifth difference between a random number k1 and a random number k2; the random number k1 is used to generate the elliptic curve point Q. The component generation module is further configured to perform a product operation on the third difference and the fifth difference to obtain a sixth value, and obtain a third total value between the second remainder and the sixth value; The component generation module is further configured to determine the second remainder as the first signature component of the business message if the third total value is not equal to the order of the base point and the second remainder is not equal to the seventh value, and generate a local signature component based on the second private key fragment and the first signature component. The component sending module is used to send both the first signature component and the partial signature component to the first signing device, so that when the first signing device generates a second signature component based on the first private key fragment, the first signature component, and the partial signature component, it sends the first signature component, the second signature component, and the business message as data to be verified to the verification device; the verification device is used to perform legality verification on the obtained data to be verified based on the global public key associated with the first private key fragment and the second private key fragment.
14. A computer device, characterized in that, include: Processor, memory, and network interface; The processor is connected to the memory and the network interface, wherein the network interface is used to provide data communication functions, the memory is used to store computer programs, and the processor is used to invoke the computer programs to cause the computer device to perform the method according to any one of claims 1 to 11.
15. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a computer program adapted to be loaded and executed by a processor to cause a computer device having the processor to perform the method of any one of claims 1-11.
16. A computer program product, characterized in that, The computer program product includes a computer program stored in a computer-readable storage medium, the computer program being adapted to be read and executed by a processor to cause a computer device having the processor to perform the method of any one of claims 1-11.