Abstract: Aiming at the private key protection of the software password module of a mobile intelligent terminal in the open environment, a twoparty cooperative signature scheme CECDSA is designed. Based on the standard ECDSA signature algorithm, the scheme realizes the key pair and cooperative signature of both parties, and gives the correctness proof. Neither party can obtain a complete private key, and thus cannot forge a signature, which fully guarantees the security of ECDSA algorithm in open environments such as intelligent terminals. Based on the zeroknowledge proof of the elliptic curve discrete logarithm problem, a simulation protocol is constructed, and the security analysis of the scheme is given. The implementation and performance evaluation of the scheme is given. Compared with the existing twoparty ECDSA collaboration schemes, the scheme has advantages in computing efficiency and traffic under the semihonest model and the malicious model. This scheme can protect the security of private key storage and operation in the software password module, and is applicable to the privacy protection and identity authentication of sensitive data in Internet fields such as the Internet of vehicles and the Internet of things.

Key words: publickey cryptography, ECDSA algorithm, private subkey, collaborative signature, collaborative computing

摘要： 针对开放环境下移动智能终端软件密码模块的私钥保护问题，设计了一种两方协同签名方案CECDSA.该方案基于标准ECDSA签名算法，实现了双方协同产生密钥对和协同签名，并给出了正确性证明.攻击任何一方均无法获取完整私钥，进而无法伪造签名，充分保证了ECDSA算法在智能终端等开放环境下的安全性.基于椭圆曲线离散对数问题的零知识证明构造模拟协议，给出了该方案的安全性分析，并给出了方案的实现和性能评估.与现有两方ECDSA协同方案比较，在半诚实模型下和恶意模型下，该方案的运算效率和通信量均具有优势.该方案可在软件密码模块中保护私钥存储安全和运行安全，适用于车联网、物联网等互联网领域的敏感数据隐私保护及身份认证.

关键词: 公钥密码, ECDSA算法, 子私钥, 协同签名, 协同计算