Method and device for generating, signing and verifying based on lm-ots public and private key pair
By dividing the private key and signature components in the LM-OTS algorithm into two groups and performing parallel hash calculations, the problem of excessively long hash calculation time is solved, and an efficient process of public-private key pair generation, signing, and verification is achieved.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- SIENGINE TECH CO LTD
- Filing Date
- 2026-04-17
- Publication Date
- 2026-06-23
AI Technical Summary
The existing LM-OTS algorithm consumes too much time in hash calculations during the generation, signing, and verification of public and private key pairs, which severely restricts the overall performance of the algorithm and makes it difficult to meet the real-time requirements of high-performance scenarios.
The private key and signature components are divided into two groups, and parallel hash calculations are performed using different hash calculation units to achieve parallel processing of the public and private key pair generation, signing, and verification processes.
Without compromising algorithm security or increasing storage space, it significantly reduces the time consumed by hash calculations and optimizes the efficiency of public-private key pair generation, signing, and verification.
Smart Images

Figure CN122053066B_ABST
Abstract
Description
Technical Field
[0001] The present invention relates to the field of information security technology, and particularly to a method, device, equipment and readable storage medium for generating, signing and verifying signatures based on LM-OTS public and private key pairs. Background Art
[0002] With the continuous development of information security technology, digital signature algorithms play a crucial role in identity authentication and data integrity protection. As a signature scheme based on hash functions, the LM-OTS (Leighton-Micali One-Time Signature) algorithm is provably secure and can resist quantum computing attacks. The core of this algorithm lies in using hash functions for generating public and private key pairs, signing, and signature verification.
[0003] However, in existing implementation schemes of the LM-OTS algorithm, the processes of generating public and private key pairs, signing, and signature verification all involve a large number of hash calculation operations. Specifically, the private key contains multiple private key components, and the signature contains multiple signature components. In the prior art, when processing these components, the time consumed by hash calculations is too long, severely restricting the overall performance of the algorithm and making it difficult to meet the real-time requirements in high-performance scenarios.
[0004] Therefore, how to optimize the hash calculation process in the LM-OTS algorithm has become a technical problem that needs to be solved urgently by those skilled in the art. Summary of the Invention
[0005] Embodiments of the present invention provide a method, device, equipment and readable storage medium for generating, signing and verifying signatures based on LM-OTS public and private key pairs, so as to solve the technical problem that in the prior art, the time consumed by hash calculations in the method for generating LM-OTS public and private key pairs is too long, severely restricting the overall performance of the algorithm.
[0006] In a first aspect, a method for generating LM-OTS public and private key pairs is provided, including the following steps:
[0007] Respond to a public and private key pair generation instruction to obtain a private key, where the private key contains multiple private key components;
[0008] Divide the multiple private key components into a first group of private key components and a second group of private key components, perform parallel hash calculations on the first group of private key components and the second group of private key components using different hash calculation units to obtain corresponding multiple public key components, and then perform hash calculations on the multiple public key components obtained by the parallel hash calculations to obtain a public key.
[0009] In some embodiments, the private key contains p private key components x[i], (0≤i<p), and the dividing the multiple private key components into a first group of private key components and a second group of private key components includes:
[0010] Divide p private key components x[i] (0 ≤ i < p) into a first group of private key components and a second group of private key components: The first group of private key components is x[0], …, x p / 2 -1]; The second group of private key components is x p / 2 , …, x[p - 1].
[0011] In some embodiments, the SHA-256 or SM3 algorithm is used for parallel hash calculation or hash calculation.
[0012] In a second aspect, a device for generating LM-OTS public and private key pairs is provided, including:
[0013] A first response unit, configured to respond to a public and private key pair generation instruction and obtain a private key, where the private key includes multiple private key components;
[0014] A first calculation unit, configured to divide multiple private key components into a first group of private key components and a second group of private key components, perform parallel hash calculation on the first group of private key components and the second group of private key components by using different hash calculation units, obtain corresponding multiple public key components, and perform hash calculation on the multiple public key components obtained by the parallel hash calculation to obtain a public key.
[0015] In a third aspect, a method based on LM-OTS signature is provided, including the following steps:
[0016] Respond to a signature instruction, obtain a private key, a message, and a random number, where the private key includes multiple private key components;
[0017] Perform hash calculation on the private key, the message, and the random number to obtain a hash value, and calculate the checksum of the hash value;
[0018] Calculate multiple target iteration counts according to the hash value and the corresponding checksum;
[0019] Divide multiple private key components into a first group of private key components and a second group of private key components, perform parallel hash calculation on the first group of private key components and the second group of private key components by using different hash calculation units according to multiple target iteration counts, obtain corresponding multiple signature components, and splice the multiple signature components obtained by the parallel hash calculation to obtain a signature.
[0020] In a fourth aspect, a device based on LM-OTS signature is provided, including:
[0021] A second response unit, configured to respond to a signature instruction and obtain a private key, a message, and a random number, where the private key includes multiple private key components;
[0022] The second calculation unit is used to perform hash calculations based on the private key, message, and random number to obtain a hash value, and to calculate the checksum of the hash value;
[0023] The third calculation unit is used to calculate the number of iterations for multiple targets based on the hash value and the corresponding checksum.
[0024] The fourth calculation unit is used to divide multiple private key components into a first group of private key components and a second group of private key components. Different hash calculation units perform parallel hash calculations on the first group of private key components and the second group of private key components according to multiple target iterations to obtain multiple corresponding signature components. The multiple signature components obtained by parallel hash calculation are then concatenated to obtain a signature.
[0025] Fifthly, a method for signature verification based on LM-OTS is provided, including:
[0026] In response to the signature verification command, obtain the public key, signature, and message, wherein the signature contains multiple signature components;
[0027] The hash value is obtained by hashing the public key, signature, and message, and then the checksum of the hash value is calculated.
[0028] Calculate the number of iterations for multiple targets based on the hash value and the corresponding checksum;
[0029] Multiple signature components are divided into a first group of signature components and a second group of signature components. Different hash calculation units are used to perform parallel hash calculations on the first group of signature components and the second group of signature components according to multiple target iterations to obtain multiple corresponding public key components. The multiple public key components obtained by parallel hash calculation are then hashed to obtain the public key.
[0030] Determine if the calculated public key matches the obtained public key: if yes, the signature verification is successful; otherwise, the signature verification fails.
[0031] Sixthly, a device for LM-OTS-based signature verification is provided, comprising:
[0032] The third response unit is used to respond to the signature verification command and obtain the public key, signature, and message, wherein the signature contains multiple signature components.
[0033] The fifth calculation unit is used to perform hash calculations based on the public key, signature, and message to obtain a hash value, and to calculate the checksum of the hash value;
[0034] The sixth calculation unit is used to calculate the number of iterations for multiple targets based on the hash value and the corresponding checksum;
[0035] The seventh computing unit is used to divide multiple signature components into a first group of signature components and a second group of signature components, and to use different hash computing units to perform parallel hash calculations on the first group of signature components and the second group of signature components according to multiple target iterations to obtain multiple corresponding public key components. The multiple public key components obtained by parallel hash calculation are then hashed to obtain the public key.
[0036] The signature verification unit is used to determine whether the calculated public key is consistent with the obtained public key: if they are consistent, the signature verification is successful; otherwise, the signature verification fails.
[0037] In a seventh aspect, a computer device is provided, comprising: a memory and a processor, wherein the memory stores at least one instruction, the at least one instruction being loaded and executed by the processor to implement the aforementioned method for generating, signing, and verifying public-private key pairs based on LM-OTS.
[0038] Eighthly, a computer-readable storage medium is provided, the computer-readable storage medium storing computer instructions, which, when executed by a computer, cause the computer to perform the aforementioned method for generating, signing, and verifying public-private key pairs based on LM-OTS.
[0039] The beneficial effects of the technical solution provided by this invention include:
[0040] This invention provides a method, apparatus, device, and readable storage medium for generating public-private key pairs based on LM-OTS, as well as for signing and verifying signatures. The method for generating public-private key pairs divides a private key containing multiple private key components into a first group of private key components and a second group of private key components, and uses different hash calculation units to perform parallel hash calculations on the two groups of private key components. Without reducing the security of the algorithm or increasing the additional storage area, the parallel processing of the key generation process is achieved, significantly reducing the time consumed by hash calculations, thereby greatly optimizing the efficiency of public-private key pair generation. Attached Figure Description
[0041] To more clearly illustrate the technical solutions in the embodiments of the present invention, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the accompanying drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0042] Figure 1 A flowchart illustrating a method for generating public-private key pairs based on LM-OTS, provided in an embodiment of the present invention;
[0043] Figure 2Another flowchart illustrating a method for generating public-private key pairs based on LM-OTS provided in this embodiment of the invention;
[0044] Figure 3 A schematic diagram of a device for generating public-private key pairs based on LM-OTS provided in an embodiment of the present invention;
[0045] Figure 4 A flowchart illustrating a method based on LM-OTS signature provided in an embodiment of the present invention;
[0046] Figure 5 This is another flowchart illustrating a method based on LM-OTS signature provided in an embodiment of the present invention;
[0047] Figure 6 A schematic diagram of a device based on LM-OTS signature provided in an embodiment of the present invention;
[0048] Figure 7 A flowchart illustrating a method for LM-OTS-based signature verification provided in an embodiment of the present invention;
[0049] Figure 8 This is another schematic diagram of a method for verifying signatures based on LM-OTS provided in an embodiment of the present invention;
[0050] Figure 9 A schematic diagram of a device based on LM-OTS signature verification provided in an embodiment of the present invention;
[0051] Figure 10 This is a schematic diagram of the structure of a computer device provided in an embodiment of the present invention. Detailed Implementation
[0052] To make the objectives, technical solutions, and advantages of the embodiments of the present invention clearer, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.
[0053] This invention provides a method for generating public-private key pairs based on LM-OTS, which solves the technical problem that the hash calculation time is too long in existing methods for generating public-private key pairs based on LM-OTS, which seriously restricts the overall performance of the algorithm.
[0054] See Figure 1As shown, an embodiment of the present invention provides a method for generating LM-OTS public and private key pairs, including the following steps:
[0055] Step S101, in response to a public and private key pair generation instruction, obtain a private key, where the private key includes multiple private key components.
[0056] Step S102, divide the multiple private key components into a first group of private key components and a second group of private key components, and perform parallel hash calculations on the first group of private key components and the second group of private key components using different hash calculation units to obtain corresponding multiple public key components, and then perform a hash calculation on the multiple public key components obtained by the parallel hash calculation to obtain a public key. Preferably, the SHA-256 or SM3 algorithm is used for the parallel hash calculation or the hash calculation.
[0057] Specifically, the private key includes p private key components x[i], (0 ≤ i < p), and the dividing the multiple private key components into a first group of private key components and a second group of private key components includes:
[0058] Divide the p private key components x[i] (0 ≤ i < p) into a first group of private key components and a second group of private key components: the first group of private key components is x[0], …, x p / 2 -1]; the second group of private key components is x p / 2 , …, x[p - 1].
[0059] For the flow of the method for generating LM-OTS public and private key pairs provided by an embodiment of the present invention, reference can also be made to Figure 2 as shown.
[0060] Step1: Analyze the command to determine whether it is a command for generating LM-OTS public and private key pairs.
[0061] Step2: If so, read multiple private key components x[i], (0 ≤ i < p).
[0062] Step3: Divide the multiple private key components x[i] into a first group of private key components and a second group of private key components, and send them into hash calculation unit core0 and hash calculation unit core1 respectively for parallel hash calculation to obtain corresponding multiple public key components.
[0063] Step4: Write the calculated multiple public key components into the static random access memory SRAM. During the actual calculation process, it will be judged whether the private key component x[i] has been calculated. If not, continue to execute Step2~Step3 until all private key components x[i] have been calculated;
[0064] Step 5: Read multiple public key components from the static random access memory (SRAM) and perform hash calculation using the hash calculation unit core0 to obtain the public key K.
[0065] Step 6: Public and private key pair generation complete.
[0066] The specific calculation process for Step 3 above is as follows:
[0067] Calculate (y[0], y[1], ,y[ p / 2 -1])
[0068] for 0≤i< p / 2 do
[0069] tmp ←x[i]
[0070] for 0≤j<2^w-1
[0071] tmp ←H_0 (I||u32str(q)||u16str(i)||u8str(j)||tmp)
[0072] end
[0073] y[i]←tmp
[0074] end
[0075] Calculate (y[ p / 2 ],y[ p / 2 +1], ,y[p-1])
[0076] for p / 2 ≤i <p do
[0077] tmp ←x[i]
[0078] for 0≤j<2^w-1
[0079] tmp ←H_1 (I||u32str(q)||u16str(i)||u8str(j)||tmp)
[0080] end
[0081] y[i]←tmp
[0082] end
[0083] Where y[i] is the public key component, (0≤i) <p)。
[0084] In summary, the method for generating public-private key pairs based on LM-OTS in this embodiment of the invention divides a private key containing multiple private key components into a first group of private key components and a second group of private key components, and uses different hash calculation units to perform parallel hash calculations on the two groups of private key components. This achieves parallel processing of the key generation process without reducing algorithm security or increasing additional storage area, significantly reducing the time consumed by hash calculations, and thus greatly optimizing the efficiency of public-private key pair generation.
[0085] See Figure 3 As shown, this embodiment of the invention also provides an apparatus for generating LM-OTS public-private key pairs, including: a first response unit and a first calculation unit.
[0086] The first response unit is used to respond to the public-private key pair generation instruction and obtain the private key, which contains multiple private key components.
[0087] The first computing unit is used to divide multiple private key components into a first group of private key components and a second group of private key components. Different hash computing units are used to perform parallel hash calculations on the first group of private key components and the second group of private key components to obtain multiple corresponding public key components. The multiple public key components obtained by parallel hash calculation are then hashed again to obtain the public key.
[0088] See Figure 4 As shown, this embodiment of the invention also provides a method based on LM-OTS signature, including the following steps:
[0089] Step S201: In response to the signature instruction, obtain the private key, message, and random number, wherein the private key contains multiple private key components;
[0090] Step S202: Perform hash calculation based on the private key, message, and random number to obtain the hash value, and calculate the checksum of the hash value;
[0091] Step S203: Calculate the number of iterations for multiple targets based on the hash value and the corresponding checksum;
[0092] Step S204: Divide the multiple private key components into a first group of private key components and a second group of private key components. Utilize different hash calculation units to perform parallel hash calculations on the first group of private key components and the second group of private key components according to multiple target iterations to obtain multiple corresponding signature components. Then, concatenate the multiple signature components obtained from the parallel hash calculations to obtain a signature. Preferably, the SHA-256 or SM3 algorithm is used for parallel hash calculations or hash calculations.
[0093] Specifically, the private key includes p private key components x[i], (0 ≤ i < p), and the dividing of the multiple private key components into a first group of private key components and a second group of private key components includes:
[0094] Divide the p private key components x[i] (0 ≤ i < p) into a first group of private key components and a second group of private key components: The first group of private key components is x[0], …, x[p / 2 - 1]; the second group of private key components is x[p / 2], …, x[p - 1].
[0095] For the process of the method based on LM-OTS signature provided by the embodiments of the present invention, reference can also be made to Figure 5 as shown.
[0096] Step1: Analyze the command to determine whether it is a command for LM-OTS signature.
[0097] Step2: If so, read the private key, message, and random number.
[0098] Step3: Perform hash calculation based on the private key, message, and random number to obtain a hash value Q and the corresponding checksum τ(Q). Specifically, the 128-bit random value I in the private key, the 32-bit node number q in the private key, the fixed value 8181 in hexadecimal, the 256-bit random number C (the random number C is generated), and the message are sent to the hash calculation unit core0 to calculate the hash value Q, and then τ(Q) is calculated according to the hash value Q and the checksum bit width w. The calculation process of the hash value Q is: Q = H(I||q||0x8181||C||M), and then the corresponding checksum τ(Q) is calculated according to the hash value Q.
[0099]
[0100] Where, coef represents the function of converting a string to an unsigned integer, and coef(Q, i, w) represents the unsigned integer corresponding to the i-th w-bit of the byte sequence Q. It can be understood that the hash value Q is evenly divided into 256 / w sequences of w bits, and the unsigned integer represented by each bit sequence is coef(Q, i, w). The difference between each bit sequence and the maximum value is , and τ(Q) can be expressed as the sum of the differences between 256 / w bit sequences and the maximum value.
[0101] Step4: Calculate multiple target iteration counts a according to the hash value Q and the corresponding checksum τ(Q). Shift the checksum τ(Q) value calculated in Step3 to the left by r bits, where r represents the shift parameter, and then use the data concatenation operation || to concatenate the shifted checksum to the tail of the hash value Q to obtain the concatenated byte sequence S, that is, S ← Q||u16str(τ(Q) r); Finally, the coef(S,i,w) function is called to extract the unsigned integer value corresponding to the i-th w-th bit segment in the byte sequence S, denoted as the target iteration number a, i.e., a←coef(S,i,w). The target iteration number a determines the number of hash iteration operations that the private key component needs to perform.
[0102] Step 5: Divide the multiple private key components x[i] into the first group of private key components and the second group of private key components, and send them into the hash calculation unit core0 and the hash calculation unit core1 respectively for parallel hash calculation to obtain the corresponding multiple signature components.
[0103] Step 6: Write the calculated signature components into Static Random Access Memory (SRAM). During the actual calculation process, it will be checked whether the private key component x[i] has been calculated. If not, continue to execute Step 4~Step 5 until all private key components x[i] have been calculated.
[0104] Step 7: Read multiple signature components from the Static Random Access Memory (SRAM) and concatenate them according to the LM-OTS format to obtain the signature.
[0105] Step 8: Signature complete.
[0106] The specific calculation process for Steps 4 and 5 above is as follows:
[0107] Calculate (z[0], z[1], ,z[ p / 2 -1])
[0108] S←Q || u16str(τ(Q) r)
[0109] for 0≤i< p / 2 do
[0110] a ←coef(S,i,w)
[0111] tmp ←x[i]
[0112] for a≤j<2^w-1
[0113] tmp ←H_0 (I||u32str(q)||u16str(i)||u8str(j)||tmp)
[0114] end
[0115] z[i]←tmp
[0116] end
[0117] Calculate (z[ p / 2 ],z[ p / 2 +1], ,z[p-1])
[0118] S←Q || u16str(τ(Q) r)
[0119] for p / 2 ≤i <p do
[0120] a ←coef(S,i,w)
[0121] tmp ←x[i]
[0122] for a≤j<2^w-1
[0123] tmp ←H_1 (I||u32str(q)||u16str(i)||u8str(j)||tmp)
[0124] end
[0125] z[i]←tmp
[0126] end
[0127] Where z[i] is the signature component, (0≤i) <p)。
[0128] In summary, the LM-OTS signature method in this embodiment of the invention divides a private key containing multiple private key components into a first group of private key components and a second group of private key components, and uses different hash calculation units to perform parallel hash calculations on the two groups of private key components. This achieves parallel processing of the signature process without reducing algorithm security or increasing additional storage area, significantly reducing the time consumed by hash calculations, and thus greatly optimizing signature efficiency.
[0129] See Figure 6 As shown, this embodiment of the invention also provides an apparatus based on LM-OTS signature, including: a second response unit, a second calculation unit, a third calculation unit, and a fourth calculation unit.
[0130] The second response unit is used to respond to the signature instruction and obtain the private key, message and random number, wherein the private key contains multiple private key components.
[0131] The second calculation unit is used to perform hash calculations based on the private key, message, and random number to obtain a hash value, and to calculate the checksum of the hash value.
[0132] The third calculation unit is used to calculate multiple target iteration counts according to the hash value and the corresponding checksum.
[0133] The fourth calculation unit is used to divide multiple private key components into a first group of private key components and a second group of private key components, and use different hash calculation units to perform parallel hash calculations on the first group of private key components and the second group of private key components according to multiple target iteration counts, obtain the corresponding multiple signature components, and splice the multiple signature components obtained by the parallel hash calculation to obtain a signature.
[0134] See Figure 7 As shown, an LM-OTS signature verification-based method provided by an embodiment of the present invention includes the following steps:
[0135] Step S301, in response to a signature verification instruction, obtain a public key, a signature, and a message, where the signature includes multiple signature components;
[0136] Step S302, perform a hash calculation on the public key, the signature, and the message to obtain a hash value, and calculate the checksum of the hash value;
[0137] Step S303, calculate multiple target iteration counts according to the hash value and the corresponding checksum;
[0138] Step S304, divide the multiple signature components into a first group of signature components and a second group of signature components, and use different hash calculation units to perform parallel hash calculations on the first group of signature components and the second group of signature components according to multiple target iteration counts, obtain the corresponding multiple public key components, and perform a hash calculation on the multiple public key components obtained by the parallel hash calculation to obtain a public key;
[0139] Step S305, determine whether the calculated public key is consistent with the obtained public key: if so, the signature verification is successful; if not, the signature verification fails.
[0140] Specifically, the signature includes p signature components z[i], (0 ≤ i < p), and the dividing the multiple signature components into a first group of signature components and a second group of signature components includes:
[0141] Dividing the p signature components z[i] (0 ≤ i < p) into a first group of signature components and a second group of signature components: the first group of signature components is z[0], …, z p / 2 -1]; the second group of signature components is z p / 2 [[ID=3८]]], …, z[p - 1].
[0142] The process of an LM-OTS signature verification-based method provided by an embodiment of the present invention can also be seen in Figure 8 shown.
[0143] Step 1: Parse the command to determine if it is a signature verification command.
[0144] Step 2: If so, read the public key, signature, and message.
[0145] Step 3: Perform hash calculations based on the public key, signature, and message to obtain the hash value Q and the corresponding checksum τ(Q). Specifically, the 128-bit random value I in the public key, the 32-bit node number q in the public key, the fixed hexadecimal value 8181, the 256-bit random number C in the signature, and the message are sent to the hash calculation unit core0 to calculate the hash value Q' (similar to calculating the hash value Q). Then, τ(Q') is calculated based on the hash value Q' (similar to calculating the hash value τ(Q)).
[0146] Step 4: Calculate multiple target iteration counts a' based on the hash value Q' and the corresponding checksum τ(Q'). Shift the checksum τ(Q') calculated in Step 3 to the left by r bits, where r represents the shift parameter. Then, use the data concatenation operation || to append the shifted checksum to the end of the hash value Q', resulting in the concatenated byte sequence S', i.e., S'←Q'|| u16str(τ(Q')). r); Finally, the coef(S',i,w) function is called to extract the unsigned integer value corresponding to the i-th w-bit segment in the byte sequence S', denoted as the target iteration number a', i.e., a'←coef(S',i,w). The target iteration number a' determines the number of hash iterations required for each signature component.
[0147] Step 5: Send the multiple signature components z[i] into the hash calculation unit core0 and hash calculation unit core1 respectively for parallel hash calculation to obtain the corresponding multiple public key components.
[0148] Step 6: Write the calculated public key components into Static Random Access Memory (SRAM). During the actual calculation process, it will be checked whether the signature component z[i] has been calculated. If not, Steps 4 and 5 will be repeated until all signature components z[i] have been calculated.
[0149] Step 7: Read the multiple public key components calculated in the static random access memory (SRAM), and use the hash calculation unit core0 to perform hash calculation to obtain the public key K'.
[0150] Step 8: Compare the calculated public key K' with the input public key K. If they match, the signature verification is successful; otherwise, the signature verification fails.
[0151] Step 9: Verification complete.
[0152] The specific calculation process for Steps 4 and 5 above is as follows:
[0153] Calculate (z'[0], z'[1], ,z'[ p / 2 -1])
[0154] for 0≤i< p / 2 do
[0155] a' ←coef(S',i ,w)
[0156] tmp ←z[i]
[0157] for a'≤j<2^w-1
[0158] tmp ←H_0 (I||u32str(q)||u16str(i)||u8str(j)||tmp)
[0159] end
[0160] z'[i]←tmp
[0161] end
[0162] Calculate (z'[ p / 2 ],z'[ p / 2 +1], ,z'[p-1])
[0163] for p / 2 ≤i <p do
[0164] a' ←coef(S',i ,w)
[0165] tmp ←z[i]
[0166] for a'≤j<2^w-1
[0167] tmp ←H_1 (I||u32str(q)||u16str(i)||u8str(j)||tmp)
[0168] end
[0169] z'[i]←tmp
[0170] end
[0171] Where z'[i] is the calculated public key component, (0≤i) <p)。
[0172] In summary, the LM-OTS-based signature verification method in this embodiment of the invention divides a signature containing multiple signature components into a first group of signature components and a second group of signature components, and uses different hash calculation units to perform parallel hash calculations on the two groups of signature components. This achieves parallel processing of the signature verification process without reducing algorithm security or increasing additional storage area, significantly reducing the time consumed by hash calculations, and thus greatly optimizing signature verification efficiency.
[0173] See Figure 9 As shown, this embodiment of the invention also provides an apparatus for signature verification based on LM-OTS, including: a third response unit, a fifth calculation unit, a sixth calculation unit, a seventh calculation unit, and a signature verification unit.
[0174] The third response unit is used to respond to the signature verification command, obtain the public key, signature, and message, wherein the signature contains multiple signature components.
[0175] The fifth calculation unit is used to perform hash calculations based on the public key, signature, and message to obtain a hash value, and to calculate the checksum of the hash value.
[0176] The sixth calculation unit is used to calculate the number of iterations for multiple targets based on the hash value and the corresponding checksum.
[0177] The seventh computing unit is used to divide multiple signature components into a first group of signature components and a second group of signature components. Different hash computing units perform parallel hash calculations on the first group of signature components and the second group of signature components according to multiple target iterations to obtain multiple corresponding public key components. The multiple public key components obtained by parallel hash calculation are then hashed to obtain the public key.
[0178] The signature verification unit is used to determine whether the calculated public key is consistent with the obtained public key: if they are, the signature verification is successful; otherwise, the signature verification fails.
[0179] This invention also provides a computer device, including: a memory, a processor, and a network interface connected via a system bus. The memory stores at least one instruction, which is loaded and executed by the processor to implement all or part of the steps of the aforementioned method for generating, signing, and verifying public-private key pairs based on LM-OTS.
[0180] The network interface is used for network communication, such as sending assigned tasks. Those skilled in the art will understand that... Figure 10The structure shown is merely a block diagram of a portion of the structure related to the present invention and does not constitute a limitation on the computer device to which the present invention is applied. A specific computer device may include more or fewer components than those shown in the figure, or combine certain components, or have different component arrangements.
[0181] A processor can be a CPU, or other general-purpose processors, digital signal processors (DSPs), application-specific integrated circuits (ASICs), field-programmable gate arrays (FPGAs), or other programmable logic devices, discrete gate or transistor logic devices, or discrete hardware components. A general-purpose processor can be a microprocessor, or any conventional processor. The processor is the control center of a computer device, connecting all parts of the computer device through various interfaces and lines.
[0182] Memory can be used to store computer programs and / or modules. The processor, by running or executing the computer programs and / or modules stored in the memory, and executing data stored in the memory, realizes various functions of the computer device. Memory can mainly include a program storage area and a data storage area. The program storage area can store the operating system, application programs required for at least one function (such as video playback, image playback, etc.), etc.; the data storage area can store data created based on the use of the mobile phone (such as video data, image data, etc.). In addition, memory can include high-speed random access memory, and can also include non-volatile memory, such as hard disks, RAM, plug-in hard disks, SmartMedia Cards (SMC), Secure Digital (SD) cards, Flash Cards, at least one disk storage device, flash memory device, or other volatile solid-state storage devices.
[0183] This invention also provides a computer-readable storage medium storing a computer program thereon. When the computer program is executed by a processor, it implements all or part of the steps of the aforementioned method for generating, signing, and verifying public-private key pairs based on LM-OTS.
[0184] The embodiments of the present invention can implement all or part of the aforementioned processes, or they can be accomplished by a computer program instructing related hardware. The computer program can be stored in a computer-readable storage medium, and when executed by a processor, it can implement the steps of the various methods described above. The computer program includes computer program code, which can be in the form of source code, object code, executable files, or certain intermediate forms. The computer-readable medium can include: any entity or device capable of carrying computer program code, recording media, USB flash drives, portable hard drives, magnetic disks, optical disks, computer memory, read-only memory (ROM), random access memory (RAM), electrical carrier signals, telecommunication signals, and software distribution media, etc. It should be noted that the content included in the computer-readable medium can be appropriately added to or subtracted according to the requirements of legislation and patent practice in the jurisdiction. For example, in some jurisdictions, according to legislation and patent practice, computer-readable media do not include electrical carrier signals and telecommunication signals.
[0185] Those skilled in the art will understand that embodiments of the present invention can be provided as methods, systems, servers, or computer program products. Therefore, the present invention can take the form of a completely hardware embodiment, a completely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention can take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage and optical storage) containing computer-usable program code.
[0186] It should be noted that, in this document, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or system. Unless otherwise specified, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or system that includes that element.
[0187] The serial numbers in the above embodiments of the present invention are for descriptive purposes only and do not represent the superiority or inferiority of the embodiments.
[0188] This invention is described with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, special-purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, generate instructions for implementing the flowchart illustrations and / or block diagrams. Figure 1 One or more processes and / or boxes Figure 1 A device that provides the functions specified in one or more boxes.
[0189] The above description is merely a specific embodiment of the present invention, enabling those skilled in the art to understand or implement the invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be implemented in other embodiments without departing from the spirit or scope of the invention. Therefore, the present invention is not to be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novel features of the invention herein.
Claims
1. A method for generating a pair of public and private keys based on LM-OTS, characterized in that, It includes the following steps: In response to a public-private key pair generation instruction, obtain a private key, where the private key includes multiple private key components; Divide the multiple private key components into a first group of private key components and a second group of private key components, and use different hash calculation units to perform parallel hash calculations on the first group of private key components and the second group of private key components to obtain corresponding multiple public key components, and then perform a hash calculation on the multiple public key components obtained by the parallel hash calculation to obtain a public key.
2. The method for generating a LM-OTS based public-private key pair according to claim 1, characterized in that, The private key includes p private key components x[i], (0 ≤ i < p), and the dividing the multiple private key components into a first group of private key components and a second group of private key components includes: The p private key components x[i] (0≤i p / 2 -1]; and the second group of private key components is x[ p / 2 ],..., x[p-1].
3. The method for generating a public-private key pair based on LM-OTS according to claim 1, wherein: The SHA-256 or SM3 algorithm is used for parallel hash calculation or hash calculation.
4. An apparatus for generating based on an LM-OTS public-private key pair, characterized by It includes: A first response unit for responding to a public-private key pair generation instruction and obtaining a private key, where the private key includes multiple private key components; A first calculation unit for dividing the multiple private key components into a first group of private key components and a second group of private key components, using different hash calculation units to perform parallel hash calculations on the first group of private key components and the second group of private key components to obtain corresponding multiple public key components, and then performing a hash calculation on the multiple public key components obtained by the parallel hash calculation to obtain a public key.
5. A method based on LM-OTS signature characterized in that, It includes the following steps: In response to a signature instruction, obtain a private key, a message, and a random number, where the private key includes multiple private key components; Perform a hash calculation on the private key, the message, and the random number to obtain a hash value, and calculate the checksum of the hash value; Calculate multiple target iteration counts based on the hash value and the corresponding checksum; Divide the multiple private key components into a first group of private key components and a second group of private key components, and use different hash calculation units to perform parallel hash calculations on the first group of private key components and the second group of private key components according to the multiple target iteration counts to obtain corresponding multiple signature components, and splice the multiple signature components obtained by the parallel hash calculation to obtain a signature.
6. An apparatus based on LM-OTS signature, characterized by It includes: A second response unit for responding to a signature instruction and obtaining a private key, a message, and a random number, where the private key includes multiple private key components; A second calculation unit for performing a hash calculation on the private key, the message, and the random number to obtain a hash value, and calculating the checksum of the hash value; A third calculation unit for calculating multiple target iteration counts based on the hash value and the corresponding checksum; A fourth calculation unit for dividing the multiple private key components into a first group of private key components and a second group of private key components, using different hash calculation units to perform parallel hash calculations on the first group of private key components and the second group of private key components according to the multiple target iteration counts to obtain corresponding multiple signature components, and splice the multiple signature components obtained by the parallel hash calculation to obtain a signature.
7. A method for verifying a signature based on LM-OTS, characterized in that, It includes the following steps: In response to a signature verification instruction, obtain a public key, a signature, and a message, where the signature includes multiple signature components; Perform a hash calculation on the public key, the signature, and the message to obtain a hash value, and calculate the checksum of the hash value; Calculate multiple target iteration counts based on the hash value and the corresponding checksum; Multiple signature components are divided into a first group of signature components and a second group of signature components. Different hash calculation units are used to perform parallel hash calculations on the first group of signature components and the second group of signature components according to multiple target iterations to obtain multiple corresponding public key components. The multiple public key components obtained by parallel hash calculation are then hashed to obtain the public key. Determine if the calculated public key matches the obtained public key: if yes, the signature verification is successful; otherwise, the signature verification fails.
8. An apparatus for verifying a signature based on LM-OTS, the apparatus comprising: include: The third response unit is used to respond to the signature verification command and obtain the public key, signature, and message, wherein the signature contains multiple signature components. The fifth calculation unit is used to perform hash calculations based on the public key, signature, and message to obtain a hash value, and to calculate the checksum of the hash value; The sixth calculation unit is used to calculate the number of iterations for multiple targets based on the hash value and the corresponding checksum; The seventh computing unit is used to divide multiple signature components into a first group of signature components and a second group of signature components, and to use different hash computing units to perform parallel hash calculations on the first group of signature components and the second group of signature components according to multiple target iterations to obtain multiple corresponding public key components. The multiple public key components obtained by parallel hash calculation are then hashed to obtain the public key. The signature verification unit is used to determine whether the calculated public key is consistent with the obtained public key: if they are consistent, the signature verification is successful; otherwise, the signature verification fails.
9. A computer device, comprising: include: A memory and a processor, wherein the memory stores at least one instruction, which is loaded and executed by the processor to implement the method of any one of claims 1 to 3, 5, and 7.
10. A computer-readable storage medium, characterized in that: The computer-readable storage medium stores computer instructions that, when executed by a computer, cause the computer to perform the method of any one of claims 1 to 3, 5, and 7.