Powered by Google www.ChineseStandard.net Database: 189760 (20 Jul 2024)

GB/T 32918.2-2016 PDF in English


GB/T 32918.2-2016 (GB/T32918.2-2016, GBT 32918.2-2016, GBT32918.2-2016)
Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
GB/T 32918.2-2016English145 Add to Cart 0-9 seconds. Auto-delivery. Information security technology -- Public key cryptographic algorithm SM2 based on elliptic curves -- Part 2: Digital signature algorithm Valid

PDF Preview

Standards related to: GB/T 32918.2-2016

GB/T 32918.2-2016: PDF in English (GBT 32918.2-2016)

GB/T 32918.2-2016
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology - Public key
cryptographic algorithm SM2 based on elliptic curves
- Part 2. Digital signature algorithm
ISSUED ON. AUGUST 29, 2016
IMPLEMENTED ON. MARCH 01, 2017
Issued by. General Administration of Quality Supervision, Inspection and
Quarantine of the People's Republic of China;
Standardization Administration of the People's Republic of
China.
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 6
2 Normative references ... 6
3 Terms and definitions ... 6
4 Symbols and abbreviations ... 7
5 Digital signature algorithm ... 8
6 Digital signature generation algorithm and flow ... 10
7 Digital signature verification algorithm and flow ... 12
Annex A (informative) Examples of digital signature and verification ... 14
Bibliography ... 20
Foreword
GB/T 32918 “Information security technology - Public key cryptographic
algorithm SM2 based on elliptic curves” consists of 5 parts.
- Part 1. General;
- Part 2. Digital signature algorithm;
- Part 3. Key exchange protocol;
- Part 4. Public key encryption algorithm;
- Part 5. Parameter definition.
This Part is Part 2 of GB/T 32918.
This Part was drafted in accordance with the rules given in GB/T 1.1-2009.
This Part was proposed by State Cryptography Administration.
This Part shall be under the jurisdiction of National Information Security
Standardization Technical Committee (SAC/TC 260).
Drafting organizations of this Part. Beijing Huada Information Security
Technology Co., Ltd., People's Liberation Army Information Engineering
University, Chinese Academy of Sciences Data Assurance & Communications
Security Center.
Main drafters of this Part. Chen Jianhua, Zhu Yuefei, Ye Dingfeng, Hu Lei, Pei
Dingyi, Peng Guohua, Zhang Yajuan, Zhang Zhenfeng.
Information security technology - Public key
cryptographic algorithm SM2 based on elliptic curves
- Part 2. Digital signature algorithm
1 Scope
This Part of GB/T 32918 specifies the digital signature algorithm of public key
cryptographic algorithm SM2 based on elliptic curves, including digital signature
generation algorithm and verification algorithm, and gives examples of digital
signature and verification and the corresponding flow.
This Part applies to digital signature and verification in commercial
cryptographic applications, and meets the security requirements for identity
authentication and data integrity and authenticity in a variety of cryptographic
applications. [Translator note. In Chinese, there is only single word
corresponding to mathematic “domain” and “field” (identical in Chinese).
Therefore, in this translation, “field” and “domain” can be replaced each other
where applicable (exchangeable); likewise, limited domain  finite field]
2 Normative references
The following referenced documents are indispensable for the application of
this document. For dated references, only the dated edition cited applies. For
undated references, the latest edition of the referenced document (including all
amendments) applies.
GB/T 32918.1-2016 Information security technology - Public key
cryptographic algorithm SM2 based on elliptic curves - Part 1. General
GB/T 32905-2016 Information security techniques - SM3 cryptographic hash
algorithm
3 Terms and definitions
For the purpose of this document, the following terms and definitions apply.
3.1
message
A bit string of any finite length.
3.2
signed message
A set of data elements consisting of a message and a signed portion of the
message.
3.3
signature key
A secret data element that is unique to the signer during the digital signature
generation process, i.e., signer’s private key.
3.4
signature generation process
A process of entering a message, a signature key and elliptic curve’s system
parameters, and outputting a digital signature.
3.5
distinguishing identifier
Information that makes it possible to identify an entity's identity without
ambiguity.
4 Symbols and abbreviations
For the purpose of this document, the following symbols and abbreviations
apply.
A, B. Two users that use public key cryptosystem.
dA. User A's private key.
E(Fq). A set of all rational points (including the infinity point O) of the elliptic
curve E on Fq.
e. The cryptographic hash algorithm acts on the output value of message M.
e'. The cryptographic hash algorithm acts on the output value of message M'.
Fq. A finite field containing q elements.
signature generation process, the cryptographic hash algorithm is used to
compress 𝑀ഥ (including ZA and the message to be signed M); before the
verification process, the cryptographic hash algorithm is used to compress 𝑀ഥ '
(including ZA and message to be verified M’).
5.2 Elliptic curve’s system parameters
Elliptic curve’s system parameters include the size q of the finite field Fq (when
q = 2m, it also includes the identification of the element representation and the
reduction polynomial); the two elements a, b ∈ Fq of the equation defining the
elliptic curve E(Fq); the base point G = (xG, yG) (G ≠ O) on E(Fq), where xG and
yG are two elements in Fq; the order n of G and other alternatives (such as the
cofactor h of n).
Elliptic curve’s system parameters and their verification shall comply with the
specifications of Clause 5 of GB/T 32918.1-2016.
5.3 User key pairing
User A's key pairing includes its private key dA and public key PA = [dA ] G = (xA,
yA).
The generation algorithm of the user key pairing and the public key verification
algorithm shall comply with the specifications of Clause 6 of GB/T 32918.1-
2016.
5.4 Auxiliary function
5.4.1 General
In the elliptic curve’s digital signature algorithm specified in this Part, two types
of auxiliary functions are involved. the cryptographic hash algorithm and the
random number generator.
5.4.2 Cryptographic hash algorithm
This Part specifies the use of cryptographic hash algorithms approved by State
Cryptography Administration, such as SM3 cryptographic hash algorithm.
5.4.3 Random number generator
This Part specifies the use of random number generators approved by State
Cryptography Administration.
5.5 Other user information
User A as the signer has a distinguishing identifier IDA with a length of entlenA
bits. ENTLA is denoted as a two-byte converted by the integer entlenA. In the
7 Digital signature verification algorithm and flow
7.1 Digital signature verification algorithm
In order to verify the received message M' and its digital signature (r', s'), User
B as the verifier shall implement the following operation steps.
B1. Verify if r' ∈ [1, n - 1] is true, if not, the verification fails;
B2. Verify if s' ∈ [1, n - 1] is true, if not, the verification fails;
B3. Set 𝑀ഥ ' = ZA ǁ M';
B4. Calculate e' = Hv (𝑀ഥ '); convert the data type of e' to an integer according to
the methods given in 4.2.4 and 4.2.3 of GB/T 32918.1-2016;
B5. Convert the data types of r' and s' to integers according to the method given
in 4.2.3 of GB/T 32918.1-2016; calculate t = (r' + s') mod n, if t = 0, the
verification fails;
B6. Calculate the elliptic curve point (x'1, y'1) = [s'] G + [t] PA;
B7. Convert the data type of x'1 to an integer according to the method given in
4.2.8 of GB/T 32918.1-2016; calculate R = (e' + x1') mod n; verify if R = r' is true,
if yes, the verification is passed, otherwise the verification fails.
NOTE. If ZA is not the hash value corresponding to User A, the verification will fail. See Annex
A for an example of digital signature verification process.
7.2 Digital signature verification algorithm flow
The digital signature verification algorithm flow is shown in Figure 2.
Annex A
(informative)
Examples of digital signature and verification
A.1 General
This annex uses the cryptographic hash algorithm given in GB/T 32905-2016.
The input is a message bit string with a length less than 264, and the output is
a hash value of 256 bits in length, denoted as H256 ( ).
In this annex, all numbers in hexadecimal are high on the left and low on the
right.
In this annex, the message uses the code given in GB/T 1988.
Let User A's identity be. ALICE123@YAHOO.COM. Use the code given in GB/T
1988 IDA. 414C 49434531 32334059 41484F4F 2E434F4D. ENTLA = 0090.
A.2 Elliptic curve’s digital signature on Fp
The elliptic curve equation is. y2 = x3 + ax + b
Example 1. Fp-256
Prime number p.
Coefficient a.
Coefficient b.
Base point G = (xG, yG), of which the order is n.
Coordinate xG.
Coordinate yG.
Order n.
Message to be signed M. message digest
......
 
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.