基于SM2的双方共同签名协议及其应用

移动互联网近年来发展迅速,移动智能设备的持有率大大增加,使用范围也不断扩大,保护用户信息安全的重要性也随之提升,但由于设备的计算能力有限,增加了密钥泄露的威胁,移动设备中存储的敏感信息也日益成为攻击目标,导致在移动设备上生成的数字签名在司法举证时难以认定是私钥的所有人签署.随着5G技术和物联网技术的发展,移动设备的应用将更加广泛,该问题亟待解决.5G技术的特点包括高带宽和低延迟,这为该问题的解决提供了可能性.双方共同签名是门限群签名的特殊形式,双方共同签名协议要求签名所用私钥的一部分存储在服务器中,增加了服务器认证用户的机会,进而加强了所生成数字签名的法律效力.SM2是国家密码管理局于2010年发布的椭圆曲线公钥密码算法,是国家公钥密码算法标准GM/T 0003.2-2012,包含了数字签名算法,密钥交换协议和公钥加密算法.基于SM2的共同签名协议依旧较少,缺乏高效的可证明安全的共同签名协议.因此本文提出了一个基于SM2的双方共同签名协议.该协议适用于单个服务节点服务大量客户端的场景,例如5G环境下的物联网场景.技术上看,该协议是可证明安全的,且服务器在进行一次共同签名时可以只进行一次标量乘计算.在基本协议的基础上,考虑实际需求,我们给出了一个扩展的应用协议,增加了服务器对客户端的认证和数字证书颁发的流程.

A two party SM2 signing Protocol and its application

With the rapid development of mobile internet in recent years,the proportion of smartphone,tablet and other intelligent mobile devices is greatly increased and the using range of intelligent mobile devices is also expanding.On the one hand,the expansion of the scale of the intelligent mobile devices users has increased the importance of protecting user information security;on the other hand,due to the limitation of the computing ability of intelligent mobile devices,the threat of key disclosure which stored in those mobile devices increases.In other words,the sensitive information stored in mobile devices is increasingly becoming the attack target.As a result,it is difficult to judge the real signer of a digital signature which is generated on mobile devices at the time of judicial proof which reduces the legal validity of digital signature.With the deep integration and development of 5G technology and internet of things technology,the applications and using range of mobile devices would be more extensive,so the problem needs to be solved urgently.Fortunately,the typical characteristics of 5G technology include high bandwidth and low delay,which provides the possibility to solve the problem,such as improving the computing efficiency at the cost of communication.The two-party signing protocol is a special case of threshold group signature.The two-party signing protocol requires that part of the private key used for signing is stored in the server,which increases the chance for the server to authenticate the user,and in turn strengthens the legal effect of the generated digital signature.SM2 is an elliptic curve public key cryptography algorithm released by the State Cryptography Administration in 2010 and its security mainly depends on the discrete logarithm problem of elliptic curve,and the SM2 algorithm includes digital signature algorithm,key exchange protocol and public key encryption algorithm.SM2 has become China’s public key algorithm standard GM/T 0003.2-2012 and is of great significance to China’s information security construction.Currently,there are still fewer protocols of two-party SM2 signing.The existing works are basically flawed in security provable or efficiency.Therefore,this paper proposes a new two-party signing protocol based on SM2 which could properly achieve the balance of the security provable and efficiency.This protocol is applicable to the scenario where a single service node serves a large number of clients,such as the internet of things scenario in 5G environment.The scheme is provable secure,and the server can perform only a scalar multiplication when it participates in a twoparty signing,which is the advantage of the protocol.Meanwhile,there would be some new requirements in the actual operation of the common signature protocol,such as the signer need to issue a digital certificate for the common public key,or the one party want to authenticate the another party before using the private key part he stored.Therefore based on our algorithm and considering these practical requirements,we present an application protocol,which extends the procedures of client authentication and digital certificate generation.