信息网络安全 ›› 2022, Vol. 22 ›› Issue (5): 1-10.doi: 10.3969/j.issn.1671-1122.2022.05.001

• 等级保护 • 上一篇    下一篇

基于SM2签名的批验签高效实现方案

李莉(), 白鹭, 涂航, 张标   

  1. 武汉大学空天信息安全与可信计算教育部重点实验室,武汉 430072
  • 收稿日期:2022-02-13 出版日期:2022-05-10 发布日期:2022-06-02
  • 通讯作者: 李莉 E-mail:lil@whu.edu.cn
  • 作者简介:李莉(1976—),女,湖北,副教授,博士,主要研究方向为应用密码学、区块链、物联网安全|白鹭(1998—),女,湖北,硕士研究生,主要研究方向为应用密码学|涂航(1975—),男,湖北,副教授,博士,主要研究方向为密码学、嵌入式安全、物联网安全|张标(1996—),男,安徽,硕士研究生,主要研究方向为物联网安全、匿名认证
  • 基金资助:
    国家重点研发计划(2018YFC1604004)

Eff icient Implementation Scheme of Batch Verif ication Based on SM2 Signatures

LI Li(), BAI Lu, TU Hang, ZHANG Biao   

  1. Key Laboratory of Aerospace Information Security and Trusted Computing of Ministry of Education, Wuhan University, Wuhan 430072, China
  • Received:2022-02-13 Online:2022-05-10 Published:2022-06-02
  • Contact: LI Li E-mail:lil@whu.edu.cn

摘要:

数字货币交易需要验证多个签名,使用批验签可以缩短计算时间、降低计算负载。文章提出一种高效的SM2批验签方案,利用半标量乘法计算第一签名值对应的椭圆曲线上的点乘运算结果,使用同余多项式和结式验证批量签名的正确性。文章所提方案对点乘算法、半标量点乘算法、多参数求逆算法和结式计算进行优化设计,并在恩智浦安全智能卡控制器N7121上进行实验。实验结果表明,在系统频率为96 MHz、CPU频率和密码协处理器频率分别为48 MHz和96 MHz、密码协处理器可访问内存空间为4 kB的情况下,文章所提方案同时验签7个SM2签名的模乘数小于13000次,运行时间为128.17 ms,与逐一验证单个签名的方案相比,文章所提方案的计算速度可提升2.1倍。

关键词: 数字签名, SM2, 批验签, 数字货币

Abstract:

Multiple signatures need to be verified in digital currency transactions, and batch verification can shorten the calculation time and reduce calculation load. This paper proposed an efficient SM2 batch verification scheme, which used semi-scalar multiplication to calculate the result of point multiplication on the elliptic curve corresponding to the first signature value, and used congruence polynomials and the resultant to verify the correctness of batch signatures. This scheme optimized the design of the point multiplication algorithm, the seminumeric point multiplication algorithm, the multi-parameter inversion algorithm and the resultant calculation, and was implemented on the NXP secure smart card controller N7121 platform. Experimental results show that when the system clock frequency is 96 MHz, the CPU clock frequency and the cryptoclock coprocessor frequency are 48 MHz and 96 MHz respectively, and the memory space that the crypto coprocessor can access is 4 kB, modular multiplications of 7 SM2 signatures at once is less than 13000. The running time is 128.17 ms. Compared with verifying individual signatures one by one, the calculation speed of the proposed scheme can be increased by 2.1 time.

Key words: digital signature, SM2, batch verification, digital currency

中图分类号: