TWI408938B - Flexible multi - digit signature method - Google Patents

Flexible multi - digit signature method Download PDF

Info

Publication number
TWI408938B
TWI408938B TW98145915A TW98145915A TWI408938B TW I408938 B TWI408938 B TW I408938B TW 98145915 A TW98145915 A TW 98145915A TW 98145915 A TW98145915 A TW 98145915A TW I408938 B TWI408938 B TW I408938B
Authority
TW
Taiwan
Prior art keywords
signature
digit
public key
parameter
client device
Prior art date
Application number
TW98145915A
Other languages
Chinese (zh)
Other versions
TW201123805A (en
Original Assignee
Univ Vanung
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Univ Vanung filed Critical Univ Vanung
Priority to TW98145915A priority Critical patent/TWI408938B/en
Publication of TW201123805A publication Critical patent/TW201123805A/en
Application granted granted Critical
Publication of TWI408938B publication Critical patent/TWI408938B/en

Links

Landscapes

  • Computer And Data Communications (AREA)

Abstract

A multiple digital signature method with flexibility is applied to a network system with a system center and many user devices, and includes the following steps: performing a system key generation procedure to generate a number of system public keys, performing a first multiple digital signature generation procedure for obtaining a first multiple digital signature; performing a signature validation procedure to confirm whether the multiple digital signature is a legal signature; and performing a multiple digital signature generation procedure to produce a multiple digital signature; then, the multiple digital signature sends to the next user device issuing the signature request and repeatedly performing the signature validation procedure until all the user devices issuing signature requests generate corresponding multiple digital signatures.

Description

具彈性之多重數位簽章方法Flexible multi-digit signature method

本發明是有關於一種數位簽章方法,特別是指一種具彈性可動態調整順序之多重數位簽章方法。The invention relates to a digital signature method, in particular to a multi-digit signature method with elastic and dynamic adjustment order.

網路科技發達的時代,利用網路傳送待簽署文件以廣為被企業所使用,而一份待簽署文件往往可能需要多位成員共同簽署,因此,多重數位簽章的技術被開發出來以應用於此。In the era of developed Internet technology, the use of the network to transmit documents to be signed is widely used by enterprises, and a document to be signed may often require multiple members to sign together. Therefore, the technology of multiple digital signatures has been developed for application. herein.

透過數位簽章的方式的確是一種可以提供相當方便、且節省紙張成本的有效且經濟的方式,但是在方便省錢之餘,對於一份待簽署的機密文件而言,網路傳輸卻始終存在著風險性,因此,如同中華民國專利公告號424371所發表的「在不安全通訊通道傳遞群體訊息時簽署群體簽章的方法」等相關研究成果或是專利紛紛被提出,企圖解決多重數位簽章技術的安全性問題,然而,該等技術卻依然伴隨著相當多的缺點,例如:中華民國專利公告號424371所提出之技術在進行多重數位簽署前需先完成廣播動作,此舉將會增加簽署成本,而且其公文傳遞的順序是固定的,較無法彈性應用於各種情況,此外,該技術的演算法複雜度為O (n ),在運算時間上仍有相當大的改善空間。The way of signing through digital signatures is indeed an effective and economical way to provide considerable convenience and save on paper costs, but in order to save money, for a confidential document to be signed, network transmission always exists. Risks, therefore, as in the Republic of China Patent Bulletin No. 424371, the relevant research results or patents have been proposed in the "Methods of Signing Group Signs When Passing Group Messages in Insecure Communication Channels", in an attempt to resolve multiple digital signatures. Technical security issues, however, these technologies are still accompanied by quite a few shortcomings. For example, the technology proposed in the Republic of China Patent Bulletin No. 424371 needs to complete the broadcast action before the multi-digit signing, which will increase the signature. The cost, and the order of its document delivery is fixed, and it can not be flexibly applied to various situations. In addition, the algorithm has a complexity of O ( n ), and there is still considerable room for improvement in computing time.

因此,本發明之目的,即在提供一種具彈性之多重數位簽章方法,適用於一具有一系統中心及多數個用戶端裝 置之網路系統,其包含下列步驟:組配該系統中心,以執行一系統金鑰產生程序並產生多數個系統公開金鑰;組配該系統中心,以接收N個用戶端裝置之簽章產生請求,且配合組配用戶端裝置以執行一第一多重數位簽章產生程序並得到一第一多重數位簽章,其中N>1,且用戶端裝置為N個發出簽章產生請求之用戶端裝置其中之一;組配用戶端裝置,以接收該多重數位簽章並執行一簽章驗證程序,以確認該多重數位簽章是否為一合法簽章;組配該系統中心與該用戶端裝置,以執行一多重數位簽章產生程序並產生一多重數位簽章,然後將該多重數位簽章送至下一個發出簽章產生請求之用戶端裝置;及組配下一個發出簽章產生請求之用戶端裝置重複執行該簽章驗證程序,並根據該簽章驗證程序之結果判斷是否執行該多重數位簽章產生程序,直到所有發出簽章產生請求之用戶端裝置皆產生對應之多重數位簽章;其中,該系統金鑰產生程序包括:組配該系統中心,以選取一第一系統公開金鑰p 、一第二系統公開金鑰q ,及該第三系統公開金鑰g ,其中,該第二系統公開金鑰q 可以被(p -1)整除之,且該第三系統公開金鑰係由該第一系統公開金鑰p 及該第二系統公開金鑰作一模數運算而得到;及組配該系統中心,以根據一用戶私密金鑰x i 、該第一系統公開金鑰p ,及該第三系統公開金鑰g 計算出一第四系統公 開金鑰y i Accordingly, it is an object of the present invention to provide a flexible multi-digit signature method for a network system having a system center and a plurality of client devices, comprising the steps of: assembling the system center to Executing a system key generation program and generating a plurality of system public keys; assembling the system center to receive signature generation requests of N client devices, and cooperating with the client device to perform a first multiple digit The signature generation program obtains a first multiple digit signature, wherein N>1, and the client device is one of N client devices that issue a signature generation request; the user terminal device is assembled to receive the multiple The digital signature is executed and a signature verification procedure is executed to confirm whether the multiple digital signature is a legal signature; the system center and the client device are assembled to execute a multi-digit signature generation program and generate a multi-digit signature generation program Renumbering the signature, and then sending the multi-digit signature to the next client device that issues the signature generation request; and assembling the next client device that issues the signature generation request The signature verification program determines whether to execute the multi-digit signature generation program according to the result of the signature verification program, until all the client devices that issue the signature generation request generate corresponding multi-digit signatures; wherein the system The key generation program includes: assembling the system center to select a first system public key p , a second system public key q , and the third system public key g , wherein the second system discloses the gold The key q can be divisible by ( p -1), and the third system public key is obtained by the first system public key p and the second system public key as a modulo operation; The system center calculates a fourth system public key y i according to a user private key x i , the first system public key p , and the third system public key g .

有關本發明之前述及其他技術內容、特點與功效,在以下配合參考圖式之一個較佳實施例的詳細說明中,將可清楚的呈現。The above and other technical contents, features and advantages of the present invention will be apparent from the following detailed description of the preferred embodiments.

參閱圖1,本發明之具彈性之多重數位簽章方法之一較佳實施例,是適用於以一網路系統來實現。該網路系統包括多數個分別對應每一用戶之用戶端裝置8及一與該等用戶端裝置連接之系統中心9,而本實施例包含:一系統金鑰產生程序1、一第一多重數位簽章產生程序2、一簽章驗證程序3,及一多重數位簽章產生程序4。Referring to Figure 1, a preferred embodiment of the flexible multi-digit signature method of the present invention is suitable for implementation in a network system. The network system includes a plurality of client devices 8 respectively corresponding to each user and a system center 9 connected to the client devices, and the embodiment includes: a system key generation program 1, a first multiple The digital signature generation program 2, a signature verification program 3, and a multi-digit signature generation program 4.

當該網路系統建置完成之後,該系統中心9會執行該系統金鑰產生程序1以產生多數個系統公開金鑰,然後,當該系統中心9接收到第一個用戶n經由對應之用戶端裝置N 8發出簽章產生請求時,該系統中心9及該用戶端裝置N 8會共同執行該第一多重數位簽章產生程序2,直到一第一多重數位簽章SIG N 產生之後,該用戶端裝置N 8經由網路送至下一個向該系統中心9發出簽章產生請求之用戶端裝置N+1 8,該用戶端裝置N+1 8接收到該第一多重數位簽章SIG N 之後,將執行該簽章驗證程序3以驗證該第一多重數位簽章SIG N 是否為合法的簽章,若是,則繼續執行該多重數位簽章產生程序4,若否,則中止本實施例之多重數位簽章方法,最後,當該第一多重數位簽章SIG N 為合法的簽章時,該用戶端裝置N+1 8與該系統中心9共同執行該多重數位簽 章產生程序4以產生一對應之多重數位簽章SIG N +1 ,然後將該簽章SIG N +1 送至下一個向該系統中心9發出簽章產生請求之用戶端裝置N+2 8,並由該用戶端裝置N+2 8重複執行該簽章驗證程序3及該多重數位簽章產生程序4,直到所有向該系統中心9發出簽章產生請求之用戶端裝置8皆完成產生對應之簽章。After the network system is completed, the system center 9 executes the system key generation program 1 to generate a plurality of system public keys, and then, when the system center 9 receives the first user n via the corresponding user When the end device N 8 issues a signature generation request, the system center 9 and the client device N 8 jointly execute the first multiple digit signature generation program 2 until a first multiple digit signature SIG N is generated. The user equipment N 8 is sent to the next client device N+1 8 that issues a signature generation request to the system center 9 via the network, and the user equipment N+1 8 receives the first multiple digit number sign. After the SIG N , the signature verification program 3 will be executed to verify whether the first multiple digit signature SIG N is a valid signature, and if so, the multi-digit signature generation procedure 4 is continued, and if not, then The multi-digit signature method of the embodiment is suspended. Finally, when the first multi-digit signature SIG N is a valid signature, the client device N+1 8 and the system center 9 jointly execute the multi-digit signature. Chapter 4 generates program 4 to generate a corresponding multi-digit sign Chapter SIG N +1 , and then send the signature SIG N +1 to the next client device N+2 8 that issues a signature generation request to the system center 9, and is repeatedly executed by the client device N+2 8 The signature verification program 3 and the multi-digit signature generation program 4 until all the client devices 8 that issue the signature generation request to the system center 9 complete the generation of the corresponding signature.

以下將分別說明每一程序之執行步驟:The steps to perform each procedure are explained below:

系統金鑰產生程序1System key generation program 1

聯合參閱圖1、2,子步驟11是當該系統中心9選取二個大質數(Large prime integer)作為一第一系統公開金鑰p 及一第二系統公開金鑰q ,其中,該第二系統公開金鑰q 可以被(p -1)整除之。Referring to FIG. 1 and FIG. 2, sub-step 11 is when the system center 9 selects two large prime integers as a first system public key p and a second system public key q , wherein the second The system public key q can be divisible by ( p -1).

子步驟12是該系統中心9選取一該第一系統公開金鑰p 之原根(primitive element)g 作為一第三系統公開金鑰,並根據方程式(F .1)計算出一第四系統公開金鑰: Sub-step 12 that the system select a center 9 of the first public key system is a primitive root of p (primitive element) g as a public key system, the third, and in accordance with the disclosed equation (F .1) calculating a fourth system Key:

其中,mod為一模數運算子,x i 為一用戶私密金鑰,y i 為該第四系統公開金鑰。Where mod is a modulo operator, x i is a user private key, and y i is the fourth system public key.

子步驟13是該系統中心9將該第一至第四系統公開金鑰公開,使得該網路系統上的每一用戶皆可經由對應之用戶端裝置8取得該等系統公開金鑰。Sub-step 13 is that the system center 9 exposes the first to fourth system public keys so that each user on the network system can obtain the system public keys via the corresponding client device 8.

第一多重數位簽章產生程序2First multiple digit signature generation program 2

聯合參閱圖1、3,當該系統中心9完成該系統金鑰產生程序1之後,當該系統中心9接收第一位用戶n經由對 應之用戶端裝置N 8所發出之簽章產生請求時,該系統中心9將執行該第一多重數位簽章產生程序2,執行步驟如下:子步驟21是該用戶端裝置N 8隨機選取一第一參數k1及一第二參數t ,並送至該系統中心9。Referring to FIG. 1 and FIG. 3, after the system center 9 completes the system key generation program 1, when the system center 9 receives the signature generation request sent by the first user n via the corresponding client device N8, The system center 9 will execute the first multi-digit signature generation program 2, and the steps are as follows: sub-step 21 is that the user equipment N 8 randomly selects a first parameter k1 and a second parameter t , and sends the System Center 9.

子步驟22是該系統中心9接收該第一參數k 1 及該第二參數t 之後,依據方程式(F .2)、(F .3)分別計算出一第一簽章元素r 1 及一第二簽章元素T Sub-step 22 is that after the system center 9 receives the first parameter k 1 and the second parameter t , a first signature element r 1 and a first are calculated according to the equations ( F . 2 ) and ( F . 3 ) respectively. Two signature elements T :

Tg t (modp ).....(F .3) Tg t (mod p ).....( F .3)

其中,mod為一模數運算子,p 為該第一系統公開金鑰,g 為該第三系統公開金鑰。Where mod is a modulo operator, p is the first system public key, and g is the third system public key.

然後,該系統中心9將該第一簽章元素r 1 及該第二簽章元素T 送至該用戶端裝置N 8。Then, the system center 9 sends the first signature element r 1 and the second signature element T to the client device N 8 .

子步驟23是該用戶端裝置N 8隨機選取一第三簽章元素m 1 之後,根據方程式(F .4)計算出一第四簽章元素m 及一第五簽章元素s 1m 1 +tTx 1 mr 1 +k 1 s 1 (modq ).....(F .4)Sub-step 23 is that after the user equipment N 8 randomly selects a third signature element m 1 , a fourth signature element m and a fifth signature element s 1 : m 1 are calculated according to the equation ( F . 4 ). + tTx 1 mr 1 + k 1 s 1 (mod q ).....( F .4)

其中,mod為一模數運算子,t 為該第二參數,T 為該第二簽章元素,x 1 為該用戶n之用戶私密金鑰,r 1 為該第一簽章元素,k 1 為該第一參數,q 為該第二系統公開金鑰。Where mod is a modulo operator, t is the second parameter, T is the second signature element, x 1 is the user private key of the user n, r 1 is the first signature element, k 1 For the first parameter, q is the public key for the second system.

子步驟24是該用戶端裝置N 8將一包括第一至第五簽章元素之第一多重數位簽章SIG N =(r 1 ,T ,m 1 ,m ,s 1 )經由網路傳送至下一個向該系統中心9發出簽章產生請求之用戶端裝置N+1 8。Sub-step 24 is that the client device N 8 transmits a first multiple digit signature SIG N = ( r 1 , T , m 1 , m , s 1 ) including the first to fifth signature elements via the network. The next user equipment N+1 8 that issues a signature generation request to the system center 9 is issued.

簽章驗證程序3Signature verification procedure 3

聯合參閱圖1、4,當該用戶端裝置N+1 8接收到該用戶端裝置N 8所送出之第一多重數位簽章SIG N 時,便會執行該簽章驗證程序3。Referring to FIG. 1 and FIG. 4, when the client device N+1 8 receives the first multiple digit signature SIG N sent by the client device N 8 , the signature verification program 3 is executed.

子步驟31是該用戶端裝置N+1 8根據方程式(F .5)以驗證該第一多重數位簽章SIG N 或是其他多重數位簽章是否為一合法簽章: Sub-step 31 that the client device N + 1 8 according to the equation (F .5) to verify the digital signature of the first multi-SIG N digital signature, or other multi whether a valid signature:

其中,R 0 =1、s 0 =1、R 1r 1 (modp )。Where R 0 =1, s 0 =1, R 1r 1 (mod p ).

若方程式(F .5)成立則該用戶端裝置N+1 8繼續執行該多重數位簽章產生程序4,若方程式(F .5)不成立則中止本實施例之多重數位簽章方法。If the equation (F .5) was established the client device N + 1 8 continue the multiple digital signature generator 4, when the equation (F .5) is not satisfied aborts multiple digital signature method according to the present embodiment of the embodiment.

多重數位簽章產生程序4Multi-digit signature generation program 4

聯合參閱圖1、5,子步驟41是該用戶端裝置N+1 8隨機選取一第一參數k i (以下i 的數值範圍皆為i =1,2,...,N ,N +1,...),並送至該系統中心9。Referring to FIG. 1 and FIG. 5, sub-step 41 is that the user equipment N+1 8 randomly selects a first parameter k i (the following i ranges of values are i =1, 2, . . . , N , N +1 ,...) and sent to the system center 9.

子步驟42是該系統中心9接收該第一參數k i ,依據方程式(F .2)計算出一暫存簽章元素r i Sub-step 42 is that the system center 9 receives the first parameter k i and calculates a temporary signature element r i according to the equation ( F. 2):

其中,mod為一模數運算子,p 為該第一系統公開金鑰,g 為該第三系統公開金鑰。Where mod is a modulo operator, p is the first system public key, and g is the third system public key.

然後,該系統中心9將該暫存簽章元素r i 送至該用戶端裝置N+1 8。Then, the system center 9 sends the temporary signature element r i to the client device N+1 8.

子步驟43是該用戶端裝置N+1 8隨機選取一第三參數之後,根據方程式(F .6)計算出一第四簽章元素m Sub-step 43 is that the user equipment N+1 8 randomly selects a third parameter. Then, according to Equation (F .6) calculating a fourth signature elements m:

其中,mod為一模數運算子,x i 為該用戶n之用戶私密金鑰,r i 為該暫存簽章元素,k i 為該第一參數,q 為該第二系統公開金鑰。且一第一簽章元素R i 及該第五簽章元素s i 是根據方程式(F .6)中的R i -1s i -1 ,以方程式(F .7)、(F .8)得到:R i R i -1 r i (modp ).....(F .7)Where mod is a modulo operator, x i is the user private key of the user n, r i is the temporary signature element, k i is the first parameter, and q is the second system public key. And a first signature element R i and s i the fifth signature element based on the equation (F .6) R i -1, s i -1, to the equation (F .7), (F .8 ) get: R i R i -1 r i (mod p ).....( F .7)

s i r i s i -1 (modq ).....(F .8) s i r i s i -1 (mod q ).....( F .8)

子步驟44是該用戶端裝置N+1 8根據方程式(F .9)計算出一第三簽章元素m i Sub-step 44 that the client device N + 1 8 Equation (F .9) calculating a third signature element according to m i:

其中,mod為一模數運算子,為該第三參數,r i 為一暫存簽章元素,q 為該第二系統公開金鑰。Where mod is a modulo operator, For the third parameter, r i is a temporary signature element, and q is the second system public key.

子步驟45是該用戶端裝置N+1 8將一包括該第一至第五簽章元素之多重數位簽章SIG i =(R i ,T ,m i ,m ,s i ),i =1,2,...N ,N +1,...Sub-step 45 is that the client device N+1 8 will include a multi-digit signature SIG i =( R i , T , m i , m , s i ) including the first to fifth signature elements, i =1 ,2,... N , N +1,...

經由網路傳送至下一個向該系統中心9發出簽章產生請求之用戶端裝置N+2 8。It is transmitted via the network to the next client device N+2 8 that issues a signature generation request to the system center 9.

由上述可以發現,在本實施例中要實現一多重數位簽章方法時,並不需要事先進行一廣播動作以知會該網路系統上之所有用戶,同時,本實施例並無限定所有向該系統中心提出簽章產生需求之用戶端裝置之順序,因此,在不同的情況下,該系統中心可以彈性的調整該多重數位簽章之傳遞順序,也就是說,對於第N個用戶端裝置而言,其 下一個用戶端裝置N+1並不一定是其下一順位之用戶端裝置,該系統中心可以彈性決定將第N個用戶端裝置對應之多重數位簽章傳遞至網路中任一個向系統中心提出需求且尚未產生對應之多重數位簽章的用戶端裝置;最後,依照上述實施例可以發現,所有提出需求之用戶端裝置可依照該系統中新動態調整之順序產生對應之多重數位簽章,因此,本發明之演算法複雜度為O (1),相較於先前技術而言可以大幅簡化多重數位簽章方法之執行運算成本,綜上所述,故確實能達成本發明之目的。It can be found that, in the embodiment, when a multi-digit signature method is implemented, it is not necessary to perform a broadcast operation in advance to notify all users on the network system, and at the same time, the embodiment does not limit all directions. The system center proposes the order in which the signature generates the user equipment of the demand. Therefore, in different situations, the system center can flexibly adjust the transmission order of the multiple digit signature, that is, for the Nth user equipment. In this case, the next client device N+1 is not necessarily the next-order client device, and the system center can flexibly decide to transmit the multi-digit signature corresponding to the Nth client device to the network. A client device that presents a request to the system center and has not generated a corresponding multi-digit signature; finally, according to the above embodiment, it can be found that all user devices that request the request can generate corresponding multiples according to the order of new dynamic adjustments in the system. Digital signature, therefore, the algorithm complexity of the present invention is O (1), which can greatly simplify the multi-digit signature side compared to the prior art. The cost of performing the calculation of the method, as described above, can indeed achieve the object of the present invention.

惟以上所述者,僅為本發明之較佳實施例而已,當不能以此限定本發明實施之範圍,即大凡依本發明申請專利範圍及發明說明內容所作之簡單的等效變化與修飾,皆仍屬本發明專利涵蓋之範圍內。The above is only the preferred embodiment of the present invention, and the scope of the invention is not limited thereto, that is, the simple equivalent changes and modifications made by the scope of the invention and the description of the invention are All remain within the scope of the invention patent.

1‧‧‧系統金鑰產生程序1‧‧‧System Key Generation Program

11~13‧‧‧子步驟11~13‧‧‧substeps

2‧‧‧第一多重數位簽章產生程序2‧‧‧First multiple digital signature generation procedure

21~24‧‧‧子步驟21~24‧‧‧Substeps

3‧‧‧簽章驗證程序3‧‧‧ Signature verification procedure

31‧‧‧子步驟31‧‧‧Substeps

4‧‧‧多重數位簽章產生程序4‧‧‧Multiple digital signature generation procedures

41~45‧‧‧子步驟41~45‧‧‧Substeps

8‧‧‧用戶端裝置8‧‧‧Customer device

9‧‧‧系統中心9‧‧‧System Center

圖1是本發明具彈性之多重數位簽章方法之流程圖;圖2是一系統金鑰產生程序之流程圖;圖3是一第一多重數位簽章產生程序之流程圖;圖4之一簽章驗證程序之流程圖;及圖5之一多重數位簽章產生程序之流程圖。1 is a flow chart of a flexible multi-digit signature method of the present invention; FIG. 2 is a flowchart of a system key generation program; FIG. 3 is a flow chart of a first multi-digit signature generation program; A flow chart of a signature verification procedure; and a flow chart of a multi-digit signature generation procedure of FIG.

1‧‧‧系統金鑰產生程序1‧‧‧System Key Generation Program

2‧‧‧第一多重數位簽章產生程序2‧‧‧First multiple digital signature generation procedure

3‧‧‧簽章驗證程序3‧‧‧ Signature verification procedure

4‧‧‧多重數位簽章產生程序4‧‧‧Multiple digital signature generation procedures

8‧‧‧用戶端裝置8‧‧‧Customer device

9‧‧‧系統中心9‧‧‧System Center

Claims (14)

一種具彈性之多重數位簽章方法,適用於一具有一系統中心及多數個用戶端裝置之網路系統,其包含下列步驟:組配該系統中心,以執行一系統金鑰產生程序並產生多數個系統公開金鑰;組配該系統中心,以接收N個用戶端裝置之簽章產生請求,且配合組配用戶端裝置i 以執行一第一多重數位簽章產生程序並得到一第一多重數位簽章,其中N>1,且用戶端裝置i 為N個發出簽章產生請求之用戶端裝置其中之一;組配用戶端裝置i +1,以接收該多重數位簽章並執行一簽章驗證程序,以確認該多重數位簽章是否為一合法簽章;組配該系統中心與該用戶端裝置i +1,以執行一多重數位簽章產生程序並產生一多重數位簽章,然後將該多重數位簽章送至下一個發出簽章產生請求之用戶端裝置;及組配下一個發出簽章產生請求之用戶端裝置重複執行該簽章驗證程序,並根據該簽章驗證程序之結果判斷是否執行該多重數位簽章產生程序,直到所有發出簽章產生請求之用戶端裝置皆產生對應之多重數位簽章;其中,該系統金鑰產生程序包括:組配該系統中心,以選取一第一系統公開金鑰p 、 一第二系統公開金鑰q ,及一第三系統公開金鑰g ,其中,該第二系統公開金鑰q 可以被(p -1)整除之,且該第三系統公開金鑰g 係由該第一系統公開金鑰p 及該第二系統公開金鑰q 作一模數運算而得到;及組配該系統中心,以根據一用戶私密金鑰x i 、該第一系統公開金鑰p ,及該第三系統公開金鑰g 計算出一第四系統公開金鑰y i A flexible multi-digit signature method for a network system having a system center and a plurality of client devices, comprising the steps of: assembling the system center to execute a system key generation program and generating a majority a system public key; the system center is configured to receive a signature generation request of the N client devices, and the user equipment i is configured to execute a first multiple digit signature generation program and obtain a first Multi-digit signature, where N>1, and the client device i is one of N client devices that issue a signature generation request; the user equipment i +1 is assembled to receive the multi-digit signature and execute a signature verification procedure to confirm whether the multiple digit signature is a legal signature; assembling the system center with the client device i +1 to execute a multiple digit signature generation program and generate a multiple digit Signing, and then sending the multi-digit signature to the next client device that issues the signature generation request; and assembling the next client device that issues the signature generation request to repeatedly execute the signature verification program, and rooting The result of the signature verification program determines whether the multi-digit signature generation program is executed until all the client devices that issue the signature generation request generate corresponding multi-digit signatures; wherein the system key generation program includes: assembly The system center selects a first system public key p , a second system public key q , and a third system public key g , wherein the second system public key q can be ( p -1) Divisible, and the third system public key g is obtained by the first system public key p and the second system public key q as a modulo operation; and the system center is assembled according to one The user private key x i , the first system public key p , and the third system public key g calculate a fourth system public key y i . 依據申請專利範圍第1項所述之具彈性之多重數位簽章方法,其中,該系統金鑰產生程序還包括組配該系統中心,以公開該等系統公開金鑰於網路系統中。 According to the flexible multi-digit signature method described in claim 1, wherein the system key generation program further comprises assembling the system center to disclose the system disclosure keys in the network system. 依據申請專利範圍第1項所述之具彈性之多重數位簽章方法,其中,該第四系統公開金鑰y i 計算方式如下: 其中,mod為一模數運算子。According to the flexible multi-digit signature method described in claim 1 of the patent application scope, the fourth system public key y i is calculated as follows: Where mod is a modulo operator. 依據申請專利範圍第1項所述之具彈性之多重數位簽章方法,其中,該第一多重數位簽章產生程序包括:組配該用戶端裝置i ,以隨機選取一第一參數k 1 及一第二參數t ,並送至該系統中心;組配該系統中心,以接收該第一參數k 1 及該第二參數t ,並根據該第一參數k 1 、該第二參數t 、該第一系統公開金鑰p 及該第三系統公開金鑰g ,分別計算出一第一簽章元素r 1 及一第二簽章元素T ;及組配該用戶端裝置i ,以接收該第一簽章元素r 1 及該第二簽章元素T 後,隨機選取一第三簽章元素m 1 之後,並 根據該第一參數k 1 、該第二參數t 、該第二系統公開金鑰q 、該第一簽章元素r 1 、該第二簽章元素T ,及該用戶端裝置i 之用戶私密金鑰x 1 ,計算出一第四簽章元素m 及一第五簽章元素s 1According to the flexible multi-digit signature method described in claim 1, wherein the first multi-digit signature generation program includes: assembling the user equipment i to randomly select a first parameter k 1 And a second parameter t is sent to the center of the system; the system center is assembled to receive the first parameter k 1 and the second parameter t , and according to the first parameter k 1 , the second parameter t , The first system public key p and the third system public key g respectively calculate a first signature element r 1 and a second signature element T ; and assemble the client device i to receive the After the first signature element r 1 and the second signature element T , a third signature element m 1 is randomly selected, and according to the first parameter k 1 , the second parameter t , and the second system disclosure gold The key q , the first signature element r 1 , the second signature element T , and the user private key x 1 of the client device i calculate a fourth signature element m and a fifth signature element s 1 . 依據申請專利範圍第4項所述之具彈性之多重數位簽章方法,其中,該第一多重數位簽章產生程序還包括組配該用戶端裝置i ,以將一包括第一至第五簽章元素之第一多重數位簽章送至下一個向該系統中心發出簽章產生請求之用戶端裝置i +1。The flexible multi-digit signature method according to claim 4, wherein the first multi-digit signature generation program further comprises assembling the client device i to include one to fifth The first multi-digit signature of the signature element is sent to the next client device i +1 that issues a signature generation request to the system center. 依據申請專利範圍第4項所述之具彈性之多重數位簽章方法,其中,該第一簽章元素r 1 及該第二簽章元素T 計算方式如下: Tg t (modp )其中,mod為一模數運算子,p 為該第一系統公開金鑰,g 為該第三系統公開金鑰,k 1 為該第一參數,t 為該第二參數。According to the flexible multi-digit signature method described in claim 4, wherein the first signature element r 1 and the second signature element T are calculated as follows: Tg t (mod p ) where mod is a modulo operator, p is the first system public key, g is the third system public key, k 1 is the first parameter, t is the first Two parameters. 依據申請專利範圍第4項所述之具彈性之多重數位簽章方法,其中,該第四簽章元素m 及該第五簽章元素s 1 計算方式如下:m 1 +tTx 1 mr 1 +k 1 s 1 (modq )其中,mod為一模數運算子,t 為該第二參數,T 為該第二簽章元素,x 1 為該用戶n之用戶私密金鑰,r 1 為該第一簽章元素,k 1 為該第一參數,q 為該第二系統公開金鑰 。According to the flexible multi-digit signature method described in claim 4, wherein the fourth signature element m and the fifth signature element s 1 are calculated as follows: m 1 + tTx 1 mr 1 + k 1 s 1 (mod q ) where mod is a modulo operator, t is the second parameter, T is the second signature element, x 1 is the user private key of the user n, r 1 is The first signature element, k 1 is the first parameter, and q is the second system public key. 依據申請專利範圍第1項所述之具彈性之多重數位簽章方法,其中,該簽章驗證程序為該用戶端裝置i +1根據下列方程式以驗證該多重數位簽章的合法性: 其中,R 0 =1、s 0 =1、R 1r 1 (modp )。According to the flexible multi-digit signature method described in claim 1, wherein the signature verification procedure is for the client device i +1 to verify the legitimacy of the multi-digit signature according to the following equation: Where R 0 =1, s 0 =1, R 1r 1 (mod p ). 依據申請專利範圍第1項所述之具彈性之多重數位簽章方法,其中,該多重數位簽章產生程序包括:該用戶端裝置i +1,以隨機選取一第一參數k i ,並將其送至該系統中心;組配該系統中心,以接收該第一參數k i ,並根據該第一系統公開金鑰p 、該第三系統公開金鑰g 以計算出一暫存簽章元素r i ;組配該用戶端裝置i +1,以隨機選取一第三參數,並根據該用戶端裝置i +1之用戶私密金鑰x i 、該暫存簽章元素r i 、該第一參數k i ,該第二系統公開金鑰q 計算出一第四簽章元素m :組配該用戶端裝置i +1,計算出一第一簽章元素R i 及該第五簽章元素s i ;及組配該用戶端裝置i +1,根據該第三參數、該暫存簽章元素r i 、該第二系統公開金鑰q ,以計算出一第三簽章元素m i According to the flexible multi-digit signature method described in claim 1, wherein the multi-digit signature generation process includes: the user equipment i +1 to randomly select a first parameter k i , and Sending to the system center; assembling the system center to receive the first parameter k i , and calculating a temporary signature element according to the first system public key p and the third system public key g r i ; the user equipment i +1 is assembled to randomly select a third parameter And according to the user private key x i of the client device i +1 , the temporary signature element r i , the first parameter k i , the second system public key q calculates a fourth signature element m : the user equipment i +1 is assembled, a first signature element R i and the fifth signature element s i are calculated; and the user equipment i +1 is assembled according to the third parameter The temporary signature element r i and the second system public key q are used to calculate a third signature element m i . 依據申請專利範圍第9項所述之具彈性之多重數位簽章方法,其中,該多重數位簽章產生程序還包括組配該用 戶端裝置i +1,以將一包括該第一至第五簽章元素之多重數位簽章送至下一個向該系統中心發出簽章產生請求之用戶端裝置。According to the flexible multi-digit signature method of claim 9, wherein the multi-digit signature generation program further comprises assembling the client device i +1 to include the first to fifth The multi-digit signature of the signature element is sent to the next client device that issues a signature generation request to the system center. 依據申請專利範圍第9項所述之具彈性之多重數位簽章方法,其中,該四簽章元素m 計算方式如下: 其中,mod為一模數運算子,x i 為該用戶端裝置i +1之用戶私密金鑰,r i 為該暫存簽章元素,k i 為該第一參數,q 為該第二系統公開金鑰,i =1,2,...,N ,N +1,...。According to the flexible multi-digit signature method described in claim 9 of the patent application scope, the four-signature element m is calculated as follows: Where mod is a modulo operator, x i is the user private key of the client device i +1, r i is the temporary signature element, k i is the first parameter, and q is the second system Public key, i = 1, 2, ..., N , N +1, .... 依據申請專利範圍第9項所述之具彈性之多重數位簽章方法,其中,該第一簽章元素R i 計算方式如下:R i R i -1 r i (modp )其中,mod為一模數運算子,r i 為該暫存簽章元素,p 為該第一系統公開金鑰,i =1,2,...,N ,N +1,...。According to the flexible multi-digit signature method described in claim 9 of the patent application scope, the first signature element R i is calculated as follows: R i R i -1 r i (mod p ) wherein mod is A modulo operator, r i is the temporary signature element, p is the first system public key, i = 1, 2, ..., N , N +1, .... 依據申請專利範圍第9項所述之具彈性之多重數位簽章方法,其中,該第五簽章元素s i 計算方式如下:S i r i s i -1 (modq )其中,mod為一模數運算子,r i 為該暫存簽章元素,q 為該第二系統公開金鑰,i =1,2,...,N ,N +1,...。According to the flexible multi-digit signature method described in claim 9 of the patent application scope, the fifth signature element s i is calculated as follows: S i r i s i -1 (mod q ) wherein mod is A modulo operator, r i is the temporary signature element, q is the second system public key, i = 1, 2, ..., N , N +1, .... 依據申請專利範圍第9項所述之具彈性之多重數位簽章方法,其中,該第三簽章元素m i 計算方式如下: 其中,mod為一模數運算子,為該第三參數,r i 為 該暫存簽章元素,q 為該第二系統公開金鑰。According to the flexible multi-digit signature method described in claim 9 of the patent application scope, the third signature element m i is calculated as follows: Where mod is a modulo operator, For the third parameter, r i for the temporary signature elements, q is the second public key system.
TW98145915A 2009-12-30 2009-12-30 Flexible multi - digit signature method TWI408938B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW98145915A TWI408938B (en) 2009-12-30 2009-12-30 Flexible multi - digit signature method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW98145915A TWI408938B (en) 2009-12-30 2009-12-30 Flexible multi - digit signature method

Publications (2)

Publication Number Publication Date
TW201123805A TW201123805A (en) 2011-07-01
TWI408938B true TWI408938B (en) 2013-09-11

Family

ID=45046827

Family Applications (1)

Application Number Title Priority Date Filing Date
TW98145915A TWI408938B (en) 2009-12-30 2009-12-30 Flexible multi - digit signature method

Country Status (1)

Country Link
TW (1) TWI408938B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1996039765A1 (en) * 1995-06-05 1996-12-12 Certco Llc Multi-step digital signature method and system
TW200836118A (en) * 2008-03-21 2008-09-01 Univ Chang Gung User authentication method, system and computer system with atm ic-card system
US20090164793A1 (en) * 2007-12-19 2009-06-25 Fujitsu Limited Digital signature system and digital signing method
TW200952438A (en) * 2008-06-11 2009-12-16 Microsoft Corp Techniques for performing symmetric cryptography

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1996039765A1 (en) * 1995-06-05 1996-12-12 Certco Llc Multi-step digital signature method and system
US20090164793A1 (en) * 2007-12-19 2009-06-25 Fujitsu Limited Digital signature system and digital signing method
TW200836118A (en) * 2008-03-21 2008-09-01 Univ Chang Gung User authentication method, system and computer system with atm ic-card system
TW200952438A (en) * 2008-06-11 2009-12-16 Microsoft Corp Techniques for performing symmetric cryptography

Also Published As

Publication number Publication date
TW201123805A (en) 2011-07-01

Similar Documents

Publication Publication Date Title
CN109818744B (en) Shared secret key generation method and device, computer equipment and storage medium
AU2004218638B2 (en) Use of isogenies for design of cryptosystems
CN111989891B (en) Data processing method, related device and block chain system
CN108551392B (en) A blind signature generation method and system based on SM9 digital signature
US10263773B2 (en) Method for updating a public key
US20070150744A1 (en) Dual authentications utilizing secure token chains
CN110489982B (en) Smart power grid data aggregation and encryption method with forward security
US20120233457A1 (en) Issuing implicit certificates
CN110932865B (en) A Linkable Ring Signature Generation Method Based on SM2 Digital Signature Algorithm
WO2019047418A1 (en) Digital signature method, device and system
CN104468476A (en) Method and device for certificateless multi-proxy signature
CN110880977A (en) Safe and efficient SM9 ring signature generation and verification method
CN107864037A (en) SM9 Combination with Digital endorsement method and device
JP2025000864A (en) Computer-implemented system and method for sharing a common secret
WO2019174402A1 (en) Group membership issuing method and device for digital group signature
WO2022116176A1 (en) Method and device for generating digital signature, and server
CN105187212A (en) Schnorr ring signature scheme with specified verifiability
CN108494561B (en) Aggregation electronic signature method with fixed signature length
CN110677243B (en) Construction method of proxy re-signature scheme supporting heterogeneous public key system
KR101045804B1 (en) Fast verification method and system of identity-based collective signature
JP4973193B2 (en) Restricted blind signature system
CN108667619B (en) A white box implementation method and device for SM9 digital signature
TWI408938B (en) Flexible multi - digit signature method
JP5227816B2 (en) Anonymous signature generation device, anonymous signature verification device, anonymous signature tracking determination device, anonymous signature system with tracking function, method and program thereof
CN110492993B (en) Novel certificateless group signature method

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees