This article is a mirror article of machine translation, please click here to jump to the original article.

Architect_Programmer_Code Agriculture Network»Architect Programming C/C++ The principle of SM2 digital signature verification
View: 12821|Reply: 0

[C] The principle of SM2 digital signature verification

[Copy link]
Posted on 6/26/2019 10:09:45 AM | | |
SM2 is a digital signature algorithm based on elliptic curves, and the explanation of elliptic curves can be seen in the previous Weibo about elliptic curves, and the following is a brief introduction to the process of SM2 signature.
For the information ee to be signed, this is the original information obtained through the hash function after certain processing, the hashing algorithm uses the national secret SM3 algorithm, this process is also skipped, only the key signing and verification process is introduced.

1. The process of signing
Let GG be the reference point on the elliptic curve, dAdA is the private key, PAPA is the public key, PA=dA∗GPA=dA∗G
The signature result (r,s) (r,s) is obtained by digitally signing the EE, and the calculation process is:
First of all, choose the random number kk, of course, the choice of this number is constrained, and it is left alone for now
Calculate r=e+x1r=e+x1, where (x1,y1)=k∗G(x1,y1)=k∗G
Calculate s=(1+dA)−1∗(k−r∗dA)s=(1+dA)−1∗(k−r∗dA)
It can be seen that the front is carried out with a private key.

2. The process of signature verification
Verifying the signature is to use the obtained signature, public key, elliptic curve parameters, etc. to verify the signature, and the main steps of verification are:
First, calculate t=r+st=r+s, if t=0t=0 then it means that it did not pass.
Then the points on the curve (x1,y1) = s∗G+t∗ PA (x1,y1)=s∗G+t∗ PA are calculated by tt and ss
Then calculate R=x1+eR=x1+e, and then verify whether RR and rr are equal, if they are equal, it means that the verification is passed.

3. The principle of verification
Why this can be verified, we might as well derive it:
(x1,y1)=s∗G+t∗PA           =s∗G+(r+s)∗PA            =s∗G+(r+s)∗dA∗G=(1+dA)∗s∗G+r∗dA∗G=(1+dA)∗(1+dA)−1∗(k−r∗dA)∗G+r∗dA∗G=(k−r∗dA)∗G+r∗dA∗G=k∗G(x1,y1)=s∗G+t∗PA           =s∗G+(r+s)∗PA            =s∗G+(r+s)∗dA∗G=(1+dA)∗s∗G+r∗dA∗G=(1+dA)∗(1+dA)−1∗(k−r∗dA)∗G+r∗dA∗G=(k−r∗dA)∗G+r∗dA∗G=k∗G
It can be seen that this point on the elliptic curve obtained according to the public key is consistent with the point at the time of signing.
Then add this x1x1 and the received information to see if it matches the sent signature rr, and it passes.
---------------------
Author: leowang666
Source: CSDN
Original: https://blog.csdn.net/hugewaves/article/details/59205914
Copyright Notice: This article is an original article by the blogger, please attach the blog post link for reprinting!





Previous:【Original】Google AdSense wire transfer collection tutorial
Next:Angular event binding/attribute bindings @HostListener, @HostBinding
Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.
Mail To:help@itsvse.com