GMSSL: SM2 Elliptic Curve Public Key Cryptography Algorithm - Public Key Cryptography Algorithm

2021SC@SDUSC

1. Introduction

The public key encryption algorithm stipulates that the sender uses the receiver's public key to encrypt the message into ciphertext, and the receiver uses his own private key to decrypt the received ciphertext and restore it to the original message.

Requires the same three helper functions as the key exchange protocol

Cryptographic hash function: Hash function. The Hash function H takes variable-length data block M as input and generates a fixed-length Hash value h = H(M).

Key derivation function: acts on the shared secret bit string obtained by key exchange, from which the required session key is generated or the key data required for further encryption is generated.

Session key: It is an encryption and decryption key randomly generated to ensure a secure communication session between a user and another computer or between two computers. A session key is carried throughout each session, and this key is transmitted with each message, encrypted with the recipient's public key. Since much of its security relies on its ephemerality, session keys often change frequently. Individual messages may use different session keys.

random number generator

2. Algorithm Details

Encryption Algorithm:

It can be seen that the ciphertext is $C_{1},C_{2},C_{3}$ composed of three parts ( ). Among them, C1 involves the multiplication of points on the elliptic curve, C2 needs to connect the point coordinates with the plaintext before hashing, and C2 needs to use the key derivation function.

One of the steps is to calculate $S=\left [ h \right ]P_{B}$ , this h is called cofactor , sometimes also called cofactor, which is the ratio of the order of the elliptic curve finite field to the base point G. Usually, h is used, and the possibility of exhaustive attack is close to 0.

Decryption algorithm:

flow chart:

3. Key derivation function

Let's take a closer look at this key derivation function

This derivation function needs to call a hash function

① Calculate klen÷v first, and round up to give a chestnut: 9÷2=4.5, round up to get 5.

②The following steps are equivalent to a for function

for (i=1, $i<\left \lceil klen/v \right \rceil$ ,i++,ct++){

$H_{ai}=H_{v}(Z\parallel ct)$

}

if $clen\bmod v=0$ {

$H_{a\left \lceil klen/v \right \rceil}=H_{a\left \lceil klen/v \right \rceil}$

}else{

$H_{a\left \lceil klen/v \right \rceil}$ equal to the bit $H_{a\left \lceil klen/v \right \rceil}$ to the left $keln-v\cdot \left \lfloor klen/v \right \rfloor$

}

③Finally $H_{a1},H_{a2},H_{a3},\cdots ,H_{a\left \lceil klen/v \right \rceil-1},H_{a\left \lceil klen/v \right \rceil}$ connect the calculations

Use a simple example to realize the above process, assuming that we want to output a 9-bit bit string in the end, that is, klen=9, the output of the hash function is only 2 bits each time, that is, v=2, , for(i=1,i $\left \lceil 9/2 \right \rceil=5$ < 5, i++), it will be cycled four times, and the four times will be calculated separately $H_{a1},H_{a2},H_{a3},H_{a4}$ $H_{a1},H_{a2},H_{a3},H_{a4},H_{a5}$ , that is, the bits will be calculated through the four cycles. $\left \lfloor keln/v \right \rfloor*v=\left \lfloor 9/2 \right \rfloor*2=8$ Since 9÷2 is not an integer, the bit string on $H_{a5}$ the left side of the result will be intercepted by the last step. Concatenated to get a 9-bit bit string. $keln-\left \lfloor keln/v \right \rfloor*v=9-\left \lfloor 9/2 \right \rfloor*2=1$ $H_{a1},H_{a2},H_{a3},H_{a4},H_{a5}$