基于国产公钥密码算法的门限签名及解密方案  被引量：10

作　　者：廖会敏 王栋 玄佳兴 杨珂 李丽丽 Liao Huimin;Wang Dong;Xuan Jiaxing;Yang Ke;Li Lili(State Grid Electronic Commerce Co.,Ltd./State Grid Xiong’an Financial Technology Group Co.,Ltd.,Beijing 100053,China;Power Finance and E-commerce Laboratory,State Grid Corporation of China,Beijing 100053,China)

机构地区：[1]国网电子商务有限公司(国网雄安金融科技集团有限公司),北京100053 [2]国家电网有限公司电力金融与电子商务实验室,北京100053

出　　处：《计算机应用与软件》2021年第6期313-317,共5页Computer Applications and Software

基　　金：国家电网公司总部科技项目(5700-201972227A-0-0-00);国家重点研发计划项目(2018YFB0805005)。

摘　　要：公钥密码体系中用户的私钥保护问题至关重要,在智能终端安全存储和使用私钥成为当前面临的问题。在门限密码学的基础上,以密码机为辅助设备,提出基于国产公钥SM2/SM9算法的门限签名和门限解密方案。将私钥分割成两份,一份存储在客户端,一份存储在服务端密码机。当需要使用私钥进行签名或解密运算时,由客户端和服务端密码机分别使用自己的私钥分量进行密码运算,并通过一定的交互过程后得到最终的签名或解密结果。由于密码机的特性,攻击者获得完整私钥的可能性趋近于零,对于密码机无法存储海量私钥分量的问题亦给出解决方案。和以往的门限方案相比,该方案私钥的安全系数更高,更贴近实际的应用场景。In the public key cryptosystem,the user s private key protection problem is very important.How to securely store and use private keys in intelligent terminals has become a current problem.On the basis of threshold cryptography,a cipher machine is used as an auxiliary device,and a threshold signature and threshold decryption scheme based on the Chinese public key SM2/SM9 algorithm is proposed.The private key was divided into two parts:one was stored in the client,and the other was stored in the server s cipher machine.When the private key was used for signature or decryption operation,the client and the server s cipher machine respectively used their own private key components for cryptographic operations,and got the final signature or decryption result after a certain interaction process.Due to the characteristics of the cipher machine,the possibility that the attacker obtains the complete private key approaches zero,and the solution is also solved for the problem that the cipher machine cannot store the massive private key component.Compared with the previous threshold scheme,the security key of the scheme has a higher security factor and is closer to the actual application scenario.

关 键 词：SM2算法 SM9算法 门限签名 门限解密 智能终端 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]