基本信息:
- 专利标题: 一种基于随机数未知的SM2签名算法安全性验证方法
- 专利标题(英):SM2 signature algorithm security verification method based on random number unknown
- 申请号:CN201510239377.7 申请日:2015-05-12
- 公开(公告)号:CN104836670A 公开(公告)日:2015-08-12
- 发明人: 陈华 , 曹伟琼 , 郑晓光 , 韩绪仓 , 李大为 , 罗鹏 , 冯婧怡 , 李国友 , 高顺贤 , 朱少峰
- 申请人: 中国科学院软件研究所 , 北京中电华大电子设计有限责任公司 , 国家密码管理局商用密码检测中心
- 申请人地址: 北京市海淀区中关村南四街4号
- 专利权人: 中国科学院软件研究所,北京中电华大电子设计有限责任公司,国家密码管理局商用密码检测中心
- 当前专利权人: 中国科学院软件研究所,北京中电华大电子设计有限责任公司,国家密码管理局商用密码检测中心
- 当前专利权人地址: 北京市海淀区中关村南四街4号
- 代理机构: 北京君尚知识产权代理事务所
- 代理人: 司立彬
- 主分类号: H04L9/32
- IPC分类号: H04L9/32 ; H04L9/08 ; H04L9/00
The invention discloses an SM2 signature algorithm security verification method based on an random number unknown. The method comprises the following steps: (1) signing N+1 messages M respectively by adopting an SM2 signature algorithm, and injecting an error into every SM2 signing in order that identical errors occur in signing results s of identical set bit parts of a random number k used in every signing; (2) subtracting error signing results s in other N signing respectively from the error signing result of first signing with reference to an equation of the error signing result s of first signing to obtain an equation set, namely, a lattice attack model; and (3) solving the lattice attack model, recovering all bits of the random number k used in every signing, substituting the recovered bits into an equation for calculating corresponding signing results s to obtain a private key dA, and judging that the SM2 signature algorithm is unsafe if the private key dA is a correct private key. Through adoption of the method, the security capability of the SM2 signature algorithm in attack resistance can be analyzed more effectively and comprehensively.
公开/授权文献:
- CN104836670B 一种基于随机数未知的SM2签名算法安全性验证方法 公开/授权日:2017-12-08
IPC结构图谱:
| H | 电学 |
| --H04 | 电通信技术 |
| ----H04L | 数字信息的传输,例如电报通信 |
| ------H04L9/00 | 保密或安全通信装置 |
| --------H04L9/32 | .包括用于检验系统用户的身份或凭据的装置 |