基于SOTP加密保护签名私钥的SM2签名方案  

作　　者：韩庆迪 陆思奇 HAN Qing-Di;LU Si-Qi(Department of Information Science and Engineering,Ocean University of China,Qingdao 266100,China;State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China;Henan Key Laboratory of Network Cryptography Technology,Zhengzhou 450001,China)

机构地区：[1]中国海洋大学信息科学与工程学部,青岛266100 [2]数学工程与先进计算国家重点实验室,郑州450001 [3]网络密码技术河南省重点实验室,郑州450001

出　　处：《密码学报（中英文）》2024年第5期991-1002,共12页Journal of Cryptologic Research

摘　　要：数字签名算法本身的安全性可由数学理论保证,但应用安全性问题并未完全解决,如何安全存储签名私钥就是一个难题,尤其是移动端保护和使用签名私钥的问题.本文设计了一个用户可自主签名,性能高且能保证签名私钥安全性的SM2签名方案.该方案基于SOTP技术对签名私钥进行加密,使得用户的私钥始终处于加密保护状态,并且签名时用户可直接用加密私钥进行签名,不需要解密私钥.同时,私钥保护不是固定不变的,SOTP技术提供加密私钥时的随机数,用户可以定期或依据需求不定期地更新加密私钥的随机数,攻击者无法使用分析手段来获取私钥信息.在本方案中,用户可以自主地进行签名生成,其他人进行验证,使用过程与SM2签名算法几乎完全相同.本文对设计的方案提供了完整的正确性证明和安全性证明,相关功能、性能分析表明所提方案可以有效保护SM2签名私钥.本方案在保证签名效率的同时也保护了签名私钥,在移动端私钥保护方面有着广泛的应用前景.The security of the digital signature algorithm can be guaranteed by mathematical theory,but the security of using it is not completely solved,and how to store the signature private key securely is a difficult problem,particularly in protecting and using signature private keys in mobile terminals.This study designs a signature scheme that can be signed by users independently,with high performance and guaranteed security of the signature private key.The scheme is based on SOTP technology to encrypt the signature private key,therefore,the user’s private key is always in the encrypted protection state,and the user can directly sign with the encrypted private key when signing,and without decrypting the private key.Meanwhile,the private key protection is not fixed,SOTP technology provides a random number for encrypting the private key,the user can update the random number regularly or according to the demand from time to time,and the attacker cannot use the analysis means to obtain information of the private key.In this scheme,users can autonomously sign and others verify by using a process almost identical to the SM2 signature algorithm.This study also provides a complete correctness proof and a security proof for the designed scheme.The related functional and performance analysis shows that the proposed scheme can effectively protect SM2 signature private keys.This scheme ensures the signature efficiency and protects the signature private key,and has a wide application prospect of private key protection in mobile terminals.

关 键 词：SM2签名算法 Z算法 私钥保护 数字签名 随机预言机 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]