init: v1.0.0

2026-05-27 23:03:00 +08:00
commit 8d97f750eb
466 changed files with 80067 additions and 0 deletions
@@ -0,0 +1,51 @@
+# 两方KGC下SM9协同签名
+
+
+## 协同密钥关系
+- 服务端密钥 $k_s \in [1,N-1]$
+- 客户端密钥 $K_c=[k_s^{-1}]ds_A$
+- 用户签名密钥$ds_A = [k_s]K_c$
+
+## 签名密钥生成
+```mermaid
+sequenceDiagram
+    participant Client
+    participant Server
+    participant KGC1
+    participant KGC2
+    Note right of Server: ks <- [1,N-1]
+    Note right of Server: P'1 = [ks^{-1}]P1
+    Server->>Client: P'1
+    Note left of Client: ra <- [1, N-1]
+    Note left of Client: R = [ra]P'1
+    Note right of Server: 以下同[1]中A.3流程（P1替换为P'1)   
+    Client->>KGC1: R
+    KGC1->>Client: t1, T1
+    Client->>KGC2: T1
+    KGC2->>Client: T2
+    Note left of Client: 计算Kc(= A.3中的ds_A)和Ppub-sA
+```
+
+[1]  《SM9标识密码用户私钥分布式生成指南》
+
+## 签名
+
+```mermaid
+sequenceDiagram
+    participant Client
+    participant Server
+    Note left of Client: g=e(P1, Ppub-sA)
+    Note left of Client: r1 <- [1,N-1]
+    Note left of Client: u = g^{r1}
+    Client->>Server:u,M(=SM3(plaintext)), ID
+    Note right of Server: g=e(P1, Ppub-sA)
+    Note right of Server: r2,r3 <- [1, N-1]
+    Note right of Server: w = u^{r2}·g^{r3}
+    Note right of Server: h = H2(M||w,N)
+    Note right of Server: k1 = r2·ks
+    Note right of Server: k2 = (r3-h)·ks
+    Server->>Client:h,k1,k2
+    Note left of Client: S=[r1·k1+k2]Kc
+    Note left of Client: 输出签名(h,S)
+```
+