(高清版)GB∕T 38635.2-2020 信息安全技術 SM9標識密碼算法 第2部分：算法

信息安全技術SM9標識密碼算法第2部分：算法2020-04-28發(fā)布2020-11-01實施國家市場監(jiān)督管理總局國家標準化管理委員會I Ⅲ 12規(guī)范性引用文件 13術語和定義 1 2 35.1概述 35.2系統(tǒng)參數(shù)組 45.3輔助函數(shù) 4 6 6 66.3數(shù)字簽名生成算法流程 7 76.5數(shù)字簽名驗證算法流程 8 97.1系統(tǒng)加密主密鑰和用戶加密密鑰的產(chǎn)生 97.2密鑰交換協(xié)議 97.3密鑰交換協(xié)議流程 8密鑰封裝機制及流程 8.1系統(tǒng)加密主密鑰和用戶加密密鑰的產(chǎn)生 8.2密鑰封裝算法 8.3密鑰封裝算法流程 8.4解封裝算法 8.5解封裝算法流程 9加密算法及流程 9.1系統(tǒng)加密主密鑰和用戶加密密鑰的產(chǎn)生 9.2加密算法 9.3加密算法流程 9.4解密算法 9.5解密算法流程 附錄A(資料性附錄)算法示例 Ⅲ本部分為GB/T38635的第2部分。引戶的私鑰由密鑰生成中心(KGC)根據(jù)主密鑰和用戶標識計算得出，用戶的公鑰由用戶標識唯一確定，1GB/T38635的本部分規(guī)定了SM9標識密碼算法中數(shù)字簽名算法、密鑰交換協(xié)議、密鑰封裝機制GB/T17964信息安全技術分組密碼算法的工作模式GB/T32907信息安全技術SM4分組密碼算法GB/T32915信息安全技術二元序列隨機性檢測規(guī)范GB/T38635.1—2020信息安全技術SM9標識密碼算法第1部分：總則開，加密主私鑰由密鑰生成中心(KGC)秘密保存。KGC用加密主私鑰和用戶的標識生成用戶的加密[GB/T38635.1—2020,定義3.1]2使用戶B確信用戶A擁有特定秘密密鑰的保證。一種認證算法作用于特定的密鑰和消息比特串所得出的一段碼字，4符號cf:橢圓曲線階相對于N的余因子。cid:用一個字節(jié)表示的曲線的識別符，其中0x10表示F,(素數(shù)p>21?1)上常曲線(即非超奇異曲dsA:用戶A的簽名私鑰。e:從G?×G?到Gr的雙線性對。G?:階為素數(shù)N的加法循環(huán)群。G?:階為素數(shù)N的加法循環(huán)群。是正整數(shù)，《P>:由元素P生成的循環(huán)群。[x,y]:不小于x且不大于y的整數(shù)的集合。5算法參數(shù)與輔助函數(shù)第6章規(guī)定了一個用橢圓曲線對實現(xiàn)的基于標識的數(shù)字簽名算法。該算法的簽名者持有一個標識和一個相應的簽名私鑰，該簽名私鑰由密鑰第7章規(guī)定了一個用橢圓曲線對實現(xiàn)的基于標識的密鑰交換協(xié)議。參與密鑰交換的發(fā)起方用戶A和響應方用戶B各自持有一個標識和一個相應的加密私鑰，加密私鑰均由密鑰生成中心通過加密主私34數(shù)β(若cid的低4位為2);曲線階的a)初始化一個32比特構成的計數(shù)器ct=0x00000001。b)計算hlen=8×[(5×(log?n))/32]。51)計算Ha;=H,(0x01|Z||ct);e)令Ha=Ha?IlHaz…ⅡHa[nm-1lHa![mmo],按照GB/T38635.1—2020中7.2.4和f)計算h?=(Hamod(n—1))+1。b)計算hlen=8×[(5×(log?n))/32]。c)對i從1～[hlen/v執(zhí)行：1)計算Ha,=H,(0x02||Z||ct);否則令Ha![nao]為Ha[nmo7最左邊的(hlen-(v×Lhlen/v]))e)令Ha=Ha?IlHa?IIHafnm?-1lHa!ru/],按照GB/T38635.1-2020中7.2.4和f)計算h?=(Hamod(n—1))+1。6輸入：比特串K?(比特長度為K?_len的密鑰),比特串Z(待求取消息認證碼的消息)。輸出：長度為v的消息認證碼數(shù)據(jù)比特串K。K=H,(Z|K?)。5.3.6密鑰派生函數(shù)密鑰派生函數(shù)的作用是從一個共享的秘密比特串中派生出密鑰數(shù)據(jù)。在密鑰協(xié)商過程中，密鑰派生函數(shù)作用在密鑰交換所獲共享的秘密比特串上，從中產(chǎn)生所需的會話密鑰或進一步加密所需的密鑰密鑰派生函數(shù)需要調用密碼雜湊函數(shù)。設密碼雜湊函數(shù)為H,(),其輸出是長度恰為v比特的雜湊值。密鑰派生函數(shù)KDF(Z,klen),其中：輸入：比特串Z(雙方共享的數(shù)據(jù)),整數(shù)klen[表示要獲得的密鑰數(shù)據(jù)的比特長度，要求該值小于輸出：長度為klen的密鑰數(shù)據(jù)比特串K。計算步驟為：a)初始化一個32比特構成的計數(shù)器ct=0x00000001。1)計算Ha;=H,(Z|ct);6數(shù)字簽名生成和驗證算法及流程6.1系統(tǒng)簽名主密鑰和用戶簽名密鑰的產(chǎn)生KGC產(chǎn)生隨機數(shù)ks∈[1,N-1]作為簽名主私鑰，計算G?中的元素Pps=[ks]P?作為簽名主公KGC選擇并公開用一個字節(jié)表示的簽名私鑰生成函數(shù)識別符hid。用戶A的標識為IDA,為產(chǎn)生用戶A的簽名私鑰dsa,KGC首先在有限域Fn上計算t?=H?(IDAlhid,N)+ks,若t?=0則需重新產(chǎn)生簽名主私鑰，計算和公開簽名主公鑰，并更新已有用戶的簽名私鑰；否則計算t?=k·t?-1,然后計算dsa=[t?]P?。6.2數(shù)字簽名生成算法設待簽名的消息為比特串M,為了獲取消息M的數(shù)字簽名(h,S),作為簽名者的用戶A應實現(xiàn)以下運算步驟：A1:計算群Gr中的元素g=e(P?,Ppuos);A2:產(chǎn)生隨機數(shù)r∈[1,N-1];A3:計算群Gr中的元素w=g',按照GB/T38635.1—2020中7.2.6和7.2.5給出的細節(jié)將w的數(shù)據(jù)類型轉換為比特串；A4:計算整數(shù)h=H?(M||w,N);A5:計算整數(shù)l=(r—h)modN,若l=0則返回A2;A6:計算群G?中的元素S=[l]dsA;A7:按照GB/T38635.1—2020中7.2.2給出的細節(jié)，將h的數(shù)據(jù)類型轉換為字節(jié)串，按照GB/T38635.1—2020中7.2.8給出的細節(jié)將S的數(shù)據(jù)類型轉換為字節(jié)串，消息M的簽名為(h,S)。7是否B5:計算整數(shù)h?=H?(IDAl|hid,N8數(shù)字簽名驗證算法流程如圖2所示。否是否是否是9用戶A和用戶B的標識分別為IDA和IDp。為產(chǎn)生用戶A的加密私鑰dea,KGC首先在有限域A3:計算群G?中的元素RA=[rA]Qp;用戶B:則計算群Gr中的元素g?=e(RA,dep),g?=e(Ppme,P?)'B,g?=g?'B,按B6:(選項)計算Sp=Hash(0x82||g?|Hash(g?Ilg?IDA|用戶A:則計算群Gr中的元素g?1=e(Ppube,P?)rA,g?1=e(Rp,dea),g?'=(g?)rA,按照(選項)計算S?=Hash(0x82|lg?'l|Hash(g?'lⅡg?'||IDA||A7:計算SKA=KDF(IDAl|IDb|RA||Rblg?'llgz'llg?',klen);A8:(選項)計算SA=Hash(0x83lg?'l|Hash(g?'llg?'||IDAlIDs發(fā)起方用戶A的原始數(shù)據(jù)加密私鑰deA和標識/DA、IDg)第1步：計算Q?=[H?(Dg/hid,N)]P?+Ppwb-否是g?'=e(Pm-,P2)^,g?'=e(Rg,deA),gg'=(8?)否SA=Hash(Ox831|g,I|Hash(g?Ilg?IIDAIDIIRAI并將SA發(fā)送給用戶B響應方用戶B的原始數(shù)據(jù)否是8?=e(RA,den),8?=e(PpmSKs=KDF(IDAIDIRAIRlg|l8?lg,klSn=Hash(0x821|g,|IHash(g?Ig,IDAIDBIRAS?=Hash(0x83|g||Hash(g?lg,IDAIIDIIRAIIRp否協(xié)商失敗KGC產(chǎn)生隨機數(shù)ke∈[1,N-1]作為加密主私鑰，計算G?中的元素Ppmbe=[ke]P?作為加密主公用戶A和B的標識分別為IDA和IDp。為產(chǎn)生用戶A的加密私鑰dea,KGC首先在有限域Fn上已有用戶的加密私鑰；否則計算t?=ke·t?-1,然后計算dea=[t?]P?。為產(chǎn)生用戶KGC首先在有限域Fn上計算t?=H?(IDBllhid,N)+ke,若t?=0則需重新產(chǎn)生加密主私鑰，計算為了封裝比特長度為klen的密鑰給用戶B,作為封裝者的用戶A需要執(zhí)行以下運算步驟：A1:計算群G?中的元素Qp=[H?(IDglhid,N)]P?+Ppuse;A2:產(chǎn)生隨機數(shù)r∈[1,N-1];A3:計算群G?中的元素C=[r]Qp,按照GB/T38635.1—2020中7.2.8和7.2.5給出的細節(jié)將CA4:計算群Gr中的元素g=e(Ppe,P?);A5:計算群Gr中的元素w=g',按照GB/T38635.1—2020中7.2.6和7.2.5給出的細節(jié)將w的數(shù)A6:計算K=KDF(C||w||IDp,klen),若K為全0比特串，則返回A2;密鑰封裝算法流程如圖4所示。第6步：計算：K=KDF(C|MIDs,kem)是否B2:計算群Gr中的元素w1=e(C,dep),按照GB/T38635.1—2020中7.B4:輸出密鑰K'。否否是是K'=是否全0否第4步：輸出密鑰K'KGC產(chǎn)生隨機數(shù)ke∈[1,N-1]作為加密主私鑰，計算G?中的元素Ppube=[ke]P?作為加密主公用戶A和B的標識分別為IDA和IDp。為產(chǎn)生用戶A的加密私鑰dea,KGC首先在有限域Fn上已有用戶的加密私鑰；否則計算t?=ke·t?-1,然后計算dea=[t?]P?。為產(chǎn)生用戶B的加密私鑰deg,KGC首先在有限域Fn上計算t?=H?(IDgllhid,N)+ke,若t?=0則需重新產(chǎn)生加密主私鑰，為了加密明文M給用戶B,作為加密者的用戶A應實現(xiàn)以下運算步驟：A1:計算群G?中的元素QB=[H?(IDbllhid,N)]P?+Ppbe。A2:產(chǎn)生隨機數(shù)r∈[1,N-1]。A3:計算群G?中的元素C?=[r]Qg,按照G1)計算整數(shù)klen=mlen+K?_len,然后計算K=KDF(C?||w||IDp,klen)。令K?為1)計算整數(shù)klen=K?_len+K?_len,然后計算K=KDF(C?||w||IDp,klen)。令0202kk……kklmodk=0A7:計算C?=MAC(K?,C?)。第1步：計算Qg=[H?(IDg|lhid,N)]P?+Pm1)計算kHlen=mlen+K?len,然后計算1)計算klen=K?_len+K?len,然后計算是是否否2)計算C?=MOK2)計算C?=IV|Enc(K?,M,I)設mlen為密文C=C?ⅡC?lC?中C?的比特長度，K?_len為分組密碼算法中密鑰K?的比特長B1:從C中取出比特串C?,按照GB/T38635.1—2020中7.2.4和7.2.9給出的細節(jié)將C?的數(shù)據(jù)類型轉換為橢圓曲線上的點，按照GB/T38635.1—2020中5.5給出的細節(jié)驗證C?∈G?是否成B2:計算群Gr中的元素w1=e(C?,dep),按照GB/T38635.1—2020中7.2.6和7.2.5給出的細節(jié)將w'的數(shù)據(jù)類型轉換為比特串。B3:按加密明文的方法分類進行計算：1)計算整數(shù)klen=mlen+K?_len,然后計算K'=KDF(C?llw'l|IDg,klen)。令K?'為K'1)計算整數(shù)klen=K?_len+K?_len,然后計算K'=KDF(C?|w'||IDp,klen)。令B4:計算u=MAC(K?',C?),否是第2步：計算w?=e(C?,deg)1)計算klen=mlen+K?_len,然后計算K'=KDF(CiIlw'|IDg,klen,令K?為K'最1)計算klen=K?_len+K?_len,然后計算K是否全0K?是否全02)計算M=C?ΦK?2)計算M'=Dec(K?',C?)第4步：計算x=MAC(K?',C?否是為256比特的雜湊值。余因子cf:1群G?的生成元P?=(xp?,yp)群G?的生成元P?=(xp?,Yp?)坐標xp?:(85AEF3D078640C98597B6027B441A01FF1DD2C190F5E93C454806C11D8806141,簽名主私鑰ks:0130E78459D78545CB54C587E02CF480CEOB66簽名主公鑰Ppub=[ks]P?=(xpu,VPubs)實體A的標識IDA:AliceIDA的16進制表示：416C696365在有限域Fn上計算t?=H(IDAl|hid,N)+ksIDAl|hid:416C69636501H(IDAl|hid,N):2ACC468C3926B0BDB2767E99FF26E084DE9t?:2ACD7773BD808842F841D35F87070D795F6AF8F3F08C915E760A451186B3F59F坐標xsA:A5702F05CF1315305E2D6EB64BODEB923DB1AOBCFOCAFF90523AC8754AA69820坐標yasA:78559A844411F9825C109F5EE3F52D72ODD01785392A727BB1556952B2B013D3簽名步驟中的相關值：待簽名消息M:ChineseIBSstandardM的16進制表示：4368696E65736520494253207374616E64617264計算群Gr中的元素g=e(P?,Ppub-s):28B3404A61908F5D6198838BFFE40A22D529A0C66124B67E0E0C2EED7A6993DCE28FE9AA2EB3129A75D31D17194675A1BC56947920898FB4C744E69C4A2E1C8ED72F796D151A17CE2325B943260FC460B9F73CB584B87422330D7936EABA1109FA5A7A7181EE16F243產(chǎn)生隨機數(shù)r:033C8616B06704813203DFD00965022ED15975C662337AED648835DC4B1CBE計算群Gr中的元素w=g:8EAF5D179A1836B359A9D1D9BFC19F2EFCDB829328620962BDA543D25609AE943920679194ED30328BB33FD3F012DB04BA59FE88DB889321CC2373D4F8624EB435B838CCA77B2D0347E65D5E46964412A096F4150D8C5EDE5440DDF,0656FCB663D24731E80292188A2471B8B68AA993899268499D23C89755A1A897,898D60848026B7EFB8FCC1B2442ECF0795計算h=H?(M|w,N)9A1836B359A9D1D9BFC19F2EFCDB829328620962BD3FDF15F2567F5ED30328BB33FD15660BDE485C6B79A7B32B013983F012DB04BA59FE88DB889321CC2373D4C0C35E84F7AB1FF33679BCA575D67654F8624EB435B838CCA77B2D0347E65D5E46964412A096F415E5440DDF0656FCB663D24731E80292188A2471B8B68AA993899268499D23C89755A1A89744643C442ECF0795F8A81CEE99A6248F294C82C90D26BD6A814AAFC8F68E42計算l=(r-h)modN:h:823C4B21E4BD2DFE1ED92C606653E996668563152FC33F55D7BFBB9BD9705ADBS:0473BF96923CE58B6ADOE13E9643A406D8EB98417C50EF1B29CEF9ADB48B6D856712F1C2E0968AB7769F42A9202E3F160C96C160595A1034B51h:2ACC468C3926B0BDB2767E99FF26E084DE9CED8DBC7D5FBF418027B667計算群G?中的元素P=[h]P?+Ppubs=(xp,yp)坐標xp:(511F2C823C7484DDFC16BBC53AAD33B78D2429AFCF7F8AD8B72261B4E1FF73B542A69058F4601AC19F237203686368FEC436C13C2B0761F9F9B6E14A36E4)計算群Gr中的元素u=e(S',P):(A97A171304A0316FC8BA21B911289C4371E73B7D2163AC5B44F3B52588EB69A1,1838972BFOCA86E17147468A869A3261FCC27993291663C49DF9B4A82B122412B749BF144341F2E22564506145E0B775FCC7DBDFC714FC8989E0331838142275EAE6B6305C53DC7E4D8AOB7557920B21FA5F2E75B38C44AE8D62318D2BA35F9494189100BCD82F1B1399B0B14867700701409A66ED452DEC4586735CF3631379501DC756466F6F18E3BC002722531AE,計算群Gr中的元素w'=u·t:8EAF5D179A1836B359A9D1D9BFC19F2EFCDBA543D25609AE943920679194ED30328BB33FD15660BDE485C6B79A7B32B013F012DB04BA59FE88DB889321CC2373D4C0C35E84F7A4F8624EB435B838CCA77B2D0347E65D5E4696440656FCB663D24731E80292188A2471B8B68AA993899268499D23C89755A1A897,44643CEAD40F0965F28E1CD2895C3D118E4F898D60848026B7EFB8FCC1B2442ECF0795F8A81CEE99A6248F294C82C90D26BD,GB/T38635.2—2020A.3密鑰交換方程參數(shù)b:05坐標xp?:(85AEF3D078640C98597B6027B441A01FF1DD2C190F5E93C454806C11D8806141,加密主公鑰Ppub-e=[ke]P?=(xpuse實體A的標識IDA:AliceIDA的16進制表示：416C696365坐標Xdea:(4C5EC9C8CA8DEBA238CC3E500458F5147911F2251A4BDOAA903BB5F8D5F68AFFFD503C768A765731F62FC3CB7B7705456D40830E868CC17IDB的16進制表示：426F62H(IDBllhid,N):9CB1F6288CE0E51043CE72344582FFC301E0A812A7F5F2004B85547A在有限域Fy上計算t?=ke·?-計算QB=[H(IDsIhid,N]P?+Ppub-e=(xQs,Vos)坐標yRA:02A4E50351092133252BA61609779B455DF9C4A0109ACE241485A955D5B81726計算Rg=[rs]QA=(xrB,Vrg)647BA154C3E8E185DFC33657C1F128D480F3F7E373F21693C66FC23724DB26380C526223C705DAF6BA18B763A68623C86A632B05,8C8E9D8D905780D50E779067F2C4B1861CCD9978617267CE4AD9789F79B1CA08F64712E33AEDA3F44(1052D6E9D13E381909DFF7B2B41E13C987D0A9068423B769480DACCE6A06F492,5FFEB92AD870F97DC0893114DA22A44DBC9E7A8B6CA31A0CF04672C5C3B37E4F2FF83DB33D98C036CED9E2D7C9CD3D5AD630DEFAB0B831506298DBC791D0671CACA12236CDF8F39E15AEB96FAEB39606D5B04AC581746A663D,00DD2B7416BAA91172E89D5309D834F78C1E31B4483BB97185931BAD7BE1B9B5,7EBAC0349F8544469E60C32F6075FB0468A610CC2B561A62B62DA36AEFD60850714F49170FD94A0010C6D4B651B64F3A3A5E,2A430968F16086061904CE201847934B11CA0F9E9528F5A9DOCE8F015C9AEA7934FDDA6D3AB48C8571CE2354B79742AA498CB8CDDE6BD1FA5946345A1A652F6)(A76B6777AD87C9124C7D7065F74808DB2E80242FA31FF8E139FAE169A16992F5F029162664CE78B333324B3B0626D64DCE603F332E9593F62B67A6B002DEB6DD2E7D4FAD3F33C38F202DE204,5327490611B2AE6F849CF779B9B74AD9BA6CF397F61326120777CE4692F85DC2,ADC269D1B62332582D823132A971275477A0CF1DCCF4B2BF096D9110F74E2A0128F65B3651E184BCED030661EE4A8D670FBAE26796E8CDB66F388ED6644AF851,885C7F924CC7CB20968AA50E8230A3B39C2BB5DD4D753D94BE5DD9A4272CF827,4A40AC8FC5B7168FA54AD3D0B81A0F8F50C164366CCDEC1C9A40DCE9F035D89EAEB36F4D31BB6713064CDA8835E2AA4529F42129327C6F7E8AB760654D,58D17E448F6D5CBCA66BD7E33810D270DD3B9436B416C696365426F62767A4BED09FFBB5229D9CAA165548FFA8284A315B15FB02A4E50351092133252BA61609779B455DF9C4A0109ACE241485A955D5B817268168903E4A56DC41A1ABFCD30C57DBOF1A838E3A8F2BF8238029E19434C733BB73F21693C66FC23724DB26380C526223C705DAF6BA18B763A68623C86A632B050E779067F2C4B1C8F83A8B59D735BB52AF35F5662F2E57B48C2FF26D2E90A79A1D86B939B1CA08F64712E33AEDA3F44BD6CB633E0F1052D6E9D13E381909DFF7B2B41E13C987D0A972E89D5309D834F78C1E31B4483BB97185931BAD7BE1B9B57EBAC0349F8544469E60C32F6075FB0468A68147FF013537DF792FFCE024F85710CC2B561A62B62DA36AEFD60850714F49170FD92A430968F16086061904CE201847934B11CAOF9E9528F5A9DOCE8F015C9AEA79934F2E80371C70471580BOC7C457A79EA5E7242FA31FF8E139FAE169A14B3BDB4C682BF9B20626D64DCE603F332E95935327490611B2AE6F849CF779B9B74AD9BA6CF397F6E47B0431831706CB5AFCD75754FA79528F65B3651E184BCED030661EE4A8D670FBAE26796E8CDB66F388ED6644AF851885C7F924CC7CB20968AA50E8230A3B39E2AA4529F42129327C6F7E8AB760654D58D17E448F6D5CBCA66BD7E33810D270DD3B9436計算選項Sp=Hash(0x821lgi?|Hash(g?llg3|IDA|IDp|IRAl|RB))1052D6E9D13E381909DFF7B2B41E13C987DO72E89D5309D834F78C1E31B4483BB97185931BAD7BE1B9B57EBAC0349F8544469E60C32F6075FB0468A68147FF013537DF792FFCE024F85710CC2B561A62B62DA36AEFD60850714F49170FD92A430968F16086061904CE201847934B11CAOF9E9528F5A9DOCE8F015C9AEA79934F2E80371C70471580BOC7C457A79EA5E7242FA31FF8E139FAE169A14B3BDB4C682BF9B20626D64DCE603F332E95935327490611B2AE6F849CF779B9B74AD9BA6CF397F6E47B0431831706CB5AFCD75754FA79528F65B3651E184BCED030661EE4A8D670FBAE26796E8CDB6GB/T38635.2—20206F388ED6644AF851885C7F924CC7CB20968AA50E8230A3B39C2BB5DD4D753D94BE5A17C9D11A5A6B148416C696365426F62767A4BED09FFBB5229D9CAA165548FFA8284A315B154887A9AFA5B755FC02A4E50351092133252BA61609779B455DF9C4A0109ACE241485A955D5B81726Hash(g2lg31|IDA|IDB||RB6F6F71EFCEAOE02DF19842228AD50A9EFD7A4B0x82|lgil|Hash(g?llg3||I8228542FB6954C84BE6A5F2988A31CB6817BA0781966FA83D9673A9577D3C0C1345E27C19FC02ED923479C978BD137230506EA6249C891049E3497477913AB89F5E2960F382B1B5C8EE09DE0FA498BA9D1647BA154C3E8E185DFC33657C1F128D480F3F7E3F16801208029E19434C733BB73F21693C66FC23724DB26380C526223C705DAF6BA18B763A68623C86A632B0552AF35F56730BDE5AC861CCD9978617267CE4AD9789F77A9EFD7A4B2F12DAFE2BE354AD0107547選項SB:E122B3BFA8965562AA0A4A92B671A193352F28328A129BFF45C4DD262EBCB9EE密鑰交換步驟A5～A8中的相關值：(28542FB6954C84BE6A5F2988A31CB6817BA0781966FA5E27C19FC02ED9AE37F5BB7BE9C03C2B87DE027539CCF03E6B7D3497477913AB89F5E2960F382B1B5C8EE09DEOFA498BA95C4409D630D343DA40,4FEC93472DA33A4DB6599095COCF895E3A7647BA154C3E8E185DFC33657C1F128D480F3F7E3F16873F21693C66FC23724DB26380C526223C705DAF6BA18B763A68623C86A632B05,8C8E9D8D905780D50E779067F2C4B1C861CCD9978617267CE4AD9789F77739E62F2E57B48C2FF26D2E90A79A1D86B93,9B1CA08F64712E33AEDA3F44計算g?'=e(Rp,deA):(1052D6E9D13E381909DFF7B2B41E13C987D0A9068423B769485FFEB92AD870F97DC0893114DA22A44DBC9E7A8B6CA31A0CF04672C5C3B37E4F2FF83DB33D98C036CED9E2D7C9CD3D5AD630DEFABOB83150620AE7BF3E1AECOCB67A03440906C7DFB3BC00DD2B7416BAA91172E89D5309D834F78C1E31B4483BB97185931BAD7BE1B9B5,7EBAC0349F8544469E60C32F6075FB0468A68147FF013537DF792FFCE024F857,10CC2B561A62B62DA36AEFD60850714F49170FD2A430968F16086061904CE2018242FA31FF8E139FAE169A16992F5F02910626D64DCE603F332E5327490611B2AE6F849CF779B9B74AADC269D1B62332582D823132A971275477A0CF1DCCF4B2BF096D9110F74EB1ED06502333B2AB1AE697EA34F2EF8C6E428F65B3651E184BCED030661EE4A8D670FBAE26796E8CDB66F388ED6644AF851,35D89EAEB36F4D31BB671306計算選項S?=Hash(0x82||gi'|Hash(g?'lg3'|IDA||IDg||RAl|RB))g?'|lg3'||IDAl|IDBl|GB/T38635.2—2020Hash(g?'|lg?||IDA|IDB||RAl|RB):B6F6F71EFCEA0E02DF19842228AD50A9EFD7A4B20x82||gi'|Hash(g?'llg?'||IDAl|ID8228542FB6954C84BE6A5F2988A31CB6817BA0781966FA83D9673A23479C978BD137230506EA6249C891049E3497477913AB89F5E2960F382B1B5C8EE09DED1647BA154C3E8E185DFC33657C1F128D480F3F7E3F16801208029E19434C733BB733724DB26380C526223C705DAF6BA18B763A68623C86A632B0552AF35F56730BDE5AC861CCD9978617267CE4AD9789F77739E62F2E57A9EFD7A4B2F12DAFE2BE354AD0107547選項S?:E122B3BFA8965562AA0A4A92B671A193352F28328A129計算SKA=KDF(IDAllIDpIIRAllRpllgi'lg?'lg?',klen)IDAlIDB||RAIRBllgi'l416C696365426F62767A4BED09FFBB5229D9CAA165548FFA8284A315B15FB02A4E50351092133252BA61609779B455DF9C4A0109ACE241485A955D5B817268168903E4A56DC41A1ABFCD30C57DBOF1A838E3A8F2BF823479C978BD138029E19434C733BB73F21693C66FC23724DB2630E779067F2C4B1C8F83A8B59D71052D6E9D13E381909DFF7B2B41E13C987D072E89D5309D834F78C1E31B4483BB97185931BAD7BE1B9B57EBAC0349F8544469E668A68147FF013537DF792FFCE024F85710CC2B561A62B62DA36AEF2E80371C70471580BOC7C457A79EA5E7242FA31FF8E139F5327490611B2AE6F849CF779B9B74AD9BA6CF397F6E47B0431831706CB5AFCD75754FA79528F65B3651E184BCED030661EE4A8D670FBAE26796E8CDB66F388ED6644AF851885C7F924CC7CB20968AA50E8230A3B39E2AA4529F42129327C6F7E8AB760654D58D1SKA:68B20D3077EA6E2B825315836FD計算選項SA=Hash(0x831lgi'|Hash(g?llg3'|IDAlIDg||RAllRB)):1052D6E9D13E381909DFF7B2B41E13C987D072E89D5309D834F78C1E31B4483BB97185931BAD7BE1B9B57EBAC0349F8544468A68147FF013537DF792FFCE024F85710CC2B561A62B62DA36AEF2A430968F16086061904CE201847934B11CAOF9E9528F5A9DOC571CE2354B79742AA498CB8CDDE6BD1FA5946345AlA652F68228542FB6954C84BE6A5F2988A31CB6817BA0781966FA83D9673A9577D3COC1345E27C19FC02ED9AE37F5BB7BE9C03C9E3497477913AB89F5E2960F382B1B5C8EE09DEOFA498BA95C4409D630D343DA404F4DB6599095COCF895E3A7B993EE5E4EBE3B9AB7D7D5FF2A3D1647BA154C3E8E185DFC33657C1F128D480F3F7E3F16801208029E19434C733BB73F21693C66FC23724DB26380C526223C705DA63A68623C86A632B050F63A071A6D62EA45B59A1942DFF5335D1A232C9C566467CE4AD9789F77739E62F2E57B48C2FFF187A9AFA5B755FC02A4E50351092133252BA61609779B455DF9C4A0109ACE241485A955Hash(g?'lg?'|IDAl|IDBl|RAl|RB):B6F6F71EFCEAOE02DF19842228AD50A9EFD7A4B2F12DAFE2BE354ADO1075470x83|lg?'||Hash(g?'lg3'||IDAl|ID8328542FB6954C84BE6A5F2988A31CB6817BA0781966FA83D9673A23479C978BD137230506EA6249C891049E3497477913AB89F5E2960F382B1B5C8EE09D1647BA154C3E8E185DFC33657C1F128D480F3F7E3F16801208029E19434C73724DB26380C526223C705DAF6BA18B763A68623C86A632B0552AF35F56730BDE5AC861CCD9978617267CE4AD9789F77A9EFD7A4B2F12DAFE2BE354AD0107547密鑰交換步驟B8中的相關值：計算選項S?=Hash(0x831lgi?lHash(g?llg31IDAlIDgl|RAlIRB))1052D6E9D13E381909DFF7B2B41E13C987D072E89D5309D834F78C1E31B4483BB97185931BAD7BE1B9B57EBAC68A68147FF013537DF792FFCE024F85710CC2B561A62B62DA36AEF2E80371C70471580BOC7C457A79EA5E7242FA31FF8E1395327490611B2AE6F849CF779B9B74AD9BA6CF397F6E47B0431831706CB5AFCD75754FA79528F65B3651E184BCED0306616F388ED6644AF851885C7F924CC7CB20968AA50E8230A3B39C2BB5DD4D753D94BE5A17C9D11A5A6B148416C696365426F62767A4BED09FFBB5229D9CAA165548FFA8284A315B4887A9AFA5B755FC02A4E50351092133252BA61609779B455DF9C4A0109ACEHash(g2llg31|IDA|IDB|/RA|Rg):B6F6F71EFCEA0E02DF19842228AD50A9EFD7A4B0x83|lgi|Hash(g?llg?||I8328542FB6954C84BE6A5F2988A31CB6817BA0781966FA83D9673A9577D3COC1345E27C19FC02ED923479C978BD137230506EA6249C891049E3497477913AB89F5E2960F382B1B5C8EE09DEOFA498BA9D1647BA154C3E8E185DFC33657C1F128D480F3F7E3F16801208029E19434C733BB733724DB26380C526223C705DAF6BA18B763A68623C86A632B0530選項S?:6CD5231217E73D80548A1A65DED178493F4282E6E471FE3EF62271EA758470E6基域特征q:B640000002A3A6F1D603AB4FF58EC74521F2934B1A7AEEDBE56F9B27E351457D方程參數(shù)b:05余因子cf:1嵌入次數(shù)k:12群G?的生成元P?=(xp?,yp)坐標xp?:(85AEF3D07864A7CF28D519BE3DA65F3雙線性對的識別符eid:0x04加密主密鑰和用戶密鑰產(chǎn)生過程中的相關值：加密主公鑰Ppub-e=[ke]Pi=(xpube,VPube)加密私鑰生成函數(shù)識別符hid:0x03在有限域Fn上計算t?=H?(IDBI|hid,N)+keH(IDB||hid,N):9CB1F6288CE0E51043CE72344582FFC301E0A812A7F5F2004B85547A24B82716在有限域Fn上計算t?=ke·t?-1t?:864E4D8391948B37535ECFA44C3F8D4E545ADA502FF8229C7C32F529AF406E06坐標Xdeg:(94736ACD2C8C8796CC4785E93827538A62E7F7BFB51DCE087047密鑰封裝步驟A1～A7中的相關值：H?(IDB||hid,N):9CB1F6288CE0E51043CE72344582FFC301E0A812A7F5F2004B85547A24B82716坐標xos:709D165808BOA43E2574E203FA885ABCBAB16A240C4C1916552E7C43D09763B8坐標yog:693269A6BE2456F43333758274786B6051FF87B7F198DA4BAlA2C6E336F51FCC產(chǎn)生隨機數(shù)r:74015F8489CO1EF4270456F9E6475BFB602BDE7F33FD482AB4E3684A67計算C=[r]QB=(xc,yc)坐標yc:1C9B4C435ECA35AB83BB734174C0F78FDE81A53374AFF3B3602BBC5E37BE9A4C計算g=e(Ppub-e,P?):A140EAEF3893D574CB83C01D951A53F51975760BE57F3BBD89817498D215B04320190B1E90CEDF6AC570147A23AE6FOEAE45034E6CA504E3B43C1DD36794217FAlB05AC046C41324443BB424B12C41EAF6D34D925205901F5CBA59CFEBA35224660DB378082BB40152DC35AC774442CC6408FFD68494D9953計算K=KDF(C|lw|IDB,klen)BB7051AC848FDFB9689E5E5C486B1294557189B3CC6408FFD68494D9953D77BF55E30E84697F66745AAF52239E46B048B5FAEBABFA1F7F9BA6B4COC90E65B075F6A2D9ED54C87CDDD2EAA787032320D7FEAA8695AB2BF7F5710861247C2034CCF4A1432DA1876D023AD6D74FF1678FDA3AF37A3D9F613CDE8057988B07151BAC93AF48D78D86C26EA97F24E2DACC84104CCE8791FE90BA61B2049CAAC6AB38EA07F9966173FD9BBF34AAB58EE84CD3777A9FDO0BBCA1DC0A1040465BD723AE513C4BE3EF2CFDC088A935FOB207DEEE9B3B58765B1252A0880952B4FF3C97510B93BBCD98EB70E0192B821D14D69908EE558DF5F5E072131K:4FF5CF86D2AD40C8F4B解封裝步驟B1～B4中的相關值：(8EABOCD6DOC95A6BBB7051AC848FDF78082BB40152DC35AC774442CC6408FFD68494D9953D77BF55AAF52239E46B0373B3168BAB75C32E048B575F6A2D9ED54C87CDDD2EAA787032320205E7AC7247C2034CCF4A1432DA1876D023A8B07151BAC93AF48D78D86C26EA97F24E2DACC84104CCE8791FAAC6AB38EA07F9966173FD9BBF34AAB58EE84CD3777A9FDO0BBCA1DC09CA1040465BD723AE513C4BE3EF2CFDC088A935F04D874A4CE9B3B58765B1252A0880952B43924EABC443B0503510B93BBCD98EB70A018A035E8FB61F271DE1C5B3E781C63508C113B3EAC537805EAE164D732FADO,56BEA27C8624D5064C9C278A193D63F6908EE5581EDEE2C3F465914491DE44CEFB2CB434AB02C308D9DC5E20BB7051AC848FDFB9689E5E5C486B1294557189B338B53B1D78082BB40152CC6408FFD68494D9953D77BF55E30E84697F66745AAF52239E46B048B5FAEBABFA1F7F9BA6B4COC90E65B075F6A2D9ED54C87CDDD2EAA787032320D7FEAA8695AB2BF7F5710861247C2034CCF4A1432DA1876D023AD6D74FF1678FDA3AF37A3D9F613CDE8057988B07151BAC93AF48D78D86C26EA97F24E2DACC84104CCE8791FE90BA61B2049CAAC6AB38EA07F9966173FD9BBF34AAB58EE84CD3777A9FDO0BBCA1DC0A1040465BD723AE513C4BE3EF2CFDC088A935FOB207DEEE9B3B58765B1252A0880952B4FF3C97510B93BBCD98EB70E0192B821D14D693E781C63508C113B3EAC537805EAE164D73908EE558DF5F5E072131GB/T38635.2—2020方程參數(shù)b:05群G?的生成元P?=(xp?,YP?)IDB的16進制表示：426F62在有限域FN上計算t?=ke·t?-1:消息M的16進制表示為：4368696E65736520494245207374616E64617計算Qg=[H(IDp|hid,N]P?+Ppub-e=(xog,Yos)IDB||hid:426F6203H?(IDphid,N):9CB1F6288CEOE51043CE72344582FFC301E0A812A7F5F2004B85547A24B827產(chǎn)生隨機數(shù)r:AACO541779C8FC45E3E2CB25C12B5D2576B2129AE8BB5EE2CBE5EC9E785C計算C?=[r]QB=(xc?,yc)坐標xc?:2445471164490618E1EE20528FF1D545B0F14C8BCAA44544F03DAB5DAC07D8FF坐標yc?:42FFCA97D57CDDCO5EA405F2E586FEB3A6930715532B8000759F13059ED59ACO(9746FC5B231CEDF36F835232A2F80CFBAE061F196BB968E8A16C0AC905F692904AB9436A60C403F4F8BAC4DD3E395A2BCCE25359D033FC654BD6A9EB04320190B1E90CEDF6AC570147A23AE6FOEAE45034E6A504E3B43C1DD36794217FA1B05AC046C4131854C3D3E3A5B5967A64A861FOA2897F7B35D1COE21D84D75C24443BB424B12C41EAF6D34D925205901F5CBA59CFEBA35224660DB3849CE7BC68062182CF5D9F4A98C5A4ED1F