Research On Cooperative Computing Of SM2 And SM9 Cryptography Based On Secret Sharing And Its Application

In the information age,in order to realize the security and confidentiality of information,cryptography technology is used to encrypt and protect important information.Modern cryptography usually uses the public key cryptosystem to ensure the security of information.In public key cryptosystem,the security of user's key is related to the security of the entire system.In order to protect the key,secret sharing technology is often used.It divides the key or secret related to the key into multiple secret shares.Secret shares are stored separately by a plurality of devices.When a cryptographic operation is required,the plurality of parties storing the secret share calculate separately and then combine to generate the final result of the operation.Two kinds of public key cryptosystem promulgated by the State Cryptographic Administration: the elliptic curve based on public key cryptosystem,SM2 algorithm and the bilinear mapping based on identification cryptosystem,SM9 algorithm,can realize digital signature and data encryption.Research on the protection of national secret algorithms and related keys is of great significance.Based on the SM2 algorithm and the SM9 algorithm,this thesis combines secret sharing technology to do in-depth research.The main research work is as follows:(1)Due to the particularity of the SM2 digital signature algorithm,the usual secret sharing method does not apply to SM2 digital signatures.This thesis studies and proposes a secret shared SM2 digital signature method.At the same time,the secret sharing idea is also applicable to the SM2 decryption algorithm.A secret shared SM2 decryption method is proposed.(2)At present,there are few researches on secret sharing of SM9 algorithm.In this thesis,secret sharing methods for SM9 signature and decryption are proposed for SM9 digital signature algorithm and decryption algorithm: the product-based secret sharing scheme and the summation-based secret sharing scheme.These methods enable multiple devices to collaboratively generate digital signatures or finish decryptions for messages through online interaction without saving the user SM9 identification private key.(3)Based on the above proposed methods,the SM2 and SM9 cryptosystem based on secret sharing is designed.This cryptosystem provides functions of digital signature and decryption based on secret sharing.Devices participating in secret sharing include a CSP client and multiple cryptographic servers.The CSP client initializes private key to obtain the relevant secret shares,distributes secret shares to local and cryptographic server groups,each device encrypts and stores secret shares separately.Cryptographic servers are directed to the CSP client.When digital signature or decryption is required,the respective secret shares are calculated interactively,and the cryptographic function is implemented in the CSP client.(4)For the cryptographic server,it is separated into two modules: cryptographic operation module and request processing module.Among them,the cryptographic operation module designs a pure software mode,runs on the Linux PC host,and communicates with the processing request module in TCP/IP mode.And in order to improve the security of the system,implementation of cryptographic operation module on cryptographic card is designed,and the cryptographic operation module communicates with the processing request module in two ways,PCIE or TCP/IP.