刘振亚 等: SM2  数字签名算法的两方门限计算方案框架                                                   2211


                                       表 A2    基于加法密钥拆分的两随机数框架的实例化             (续)

                                                                                 −1
                       w 1       w 2        k = (d 1 +d 2 ) −1      (d 1 w 1 +d 2 w 2 )    s = (1+d) (k +r)−r  序号
                               −2               −1  (  −1  −1  )           −1   −1                  31
                                d k 2       (d 1 +d 2 )      d 1 +d k 1 +d k 2    d 1 +d k 1 +d k 2 +(d 1 +d 2 −1)r
                               2                      1    2               1    2
                                                 (             )
                                 −1            −1     −1                  −1                        32
                               1+d k 2     (d 1 +d 2 )                  d 1 +d k 1 +d 2 +k 2 +(d 1 +d 2 −1)r
                                 2                d 1 +d k 1 +d 2 +k 2    1
                                                      1
                                                (               )
                                 −2           −1     −1      −1          −1      −1                 33
                               1+d k 2    (d 1 +d 2 )      d 1 +d k 1 +d 2 +d k 2    d 1 +d k 1 +d 2 +d k 2 +(d 1 +d 2 −1)r
                                 2                   1       2           1       2
                                                                          −1
                                                     −1
                                d  −1  +k 2    (d 1 +d 2 ) −1     ( d 1 +d k 1 +1+d 2 k 2 )    d 1 +d k 1 +1+d 2 k 2 +(d 1 +d 2 −1)r  34
                               2                     1                    1
                                                 (             )                                    35
                                d  −2  +k 2    (d 1 +d 2 ) −1      d 1 +d −1 +d −1    d 1 +d −1 +d  −1 +d 2 k 2 +(d 1 +d 2 −1)r
                               2                     1   2  +d 2 k 2      1   2
                                  k 2        (d 1 +d 2 ) −1     (1+d 1 k 1 +d 2 k 2 )    1+d 1 k 1 +d 2 k 2 +(d 1 +d 2 −1)r  36
                               −1           (d 1 +d 2 ) −1  (1+d 1 k 1 +k 2 )  1+d 1 k 1 +k 2 +(d 1 +d 2 −1)r  37
                                d k 2
                               2
                               −2               −1  (      −1  )               −1                   38
                                d k 2       (d 1 +d 2 )      1+d 1 k 1 +d k 2    1+d 1 k 1 +d k 2 +(d 1 +d 2 −1)r
                               2                           2                   2
                                 −1
                     d −1  +k 1    1+d k 2    (d 1 +d 2 ) −1     (1+d 1 k 1 +d 2 +k 2 )    1+d 1 k 1 +d 2 +k 2 +(d 1 +d 2 −1)r  39
                                 2
                    1
                                                 (             )
                                 −2            −1           −1                   −1                 40
                               1+d k 2     (d 1 +d 2 )                  1+d 1 k 1 +d 2 +d k 2 +(d 1 +d 2 −1)r
                                                            2
                                 2                1+d 1 k 1 +d 2 +d k 2          2
                                d −1  +k 2    (d 1 +d 2 ) −1     (1+d 1 k 1 +1+d 2 k 2 )    1+d 1 k 1 +1+d 2 k 2 +(d 1 +d 2 −1)r  41
                               2
                                                 (             )
                                d  −2  +k 2    (d 1 +d 2 ) −1      1+d 1 k 1 +d  −1    1+d 1 k 1 +d −1  +d 2 k 2 +(d 1 +d 2 −1)r  42
                               2                         2  +d 2 k 2          2
                                  k 2       (d 1 +d 2 ) −1      ( d −1  )    d −1 +d 1 k 1 +d 2 k 2 +(d 1 +d 2 −1)r
                                                    1  +d 1 k 1 +d 2 k 2  1                         43
                                                   (         )
                               −1                −1  −1                  −1                         44
                                d k 2        (d 1 +d 2 )      d           d  +d 1 k 1 +k 2 +(d 1 +d 2 −1)r
                               2                    1  +d 1 k 1 +k 2     1
                               −2               −1  (  −1  −1  )        −1      −1                  45
                                d k 2       (d 1 +d 2 )      d  +d 1 k 1 +d k 2    d  +d 1 k 1 +d k 2 +(d 1 +d 2 −1)r
                               2                   1       2            1       2
                                                 (             )
                                 −1
                     d −2  +k 1    1+d k 2    (d 1 +d 2 ) −1      d −1    d −1 +d 1 k 1 +d 2 +k 2 +(d 1 +d 2 −1)r  46
                    1            2                 1  +d 1 k 1 +d 2 +k 2  1
                                                (               )
                                 −2           −1  −1         −1       −1         −1                 47
                               1+d k 2    (d 1 +d 2 )      d           d  +d 1 k 1 +d 2 +d k 2 +(d 1 +d 2 −1)r
                                 2                1  +d 1 k 1 +d 2 +d k 2  1     2
                                                             2
                                d −1  +k 2    (d 1 +d 2 ) −1     ( d −1  +d 1 k 1 +1+d 2 k 2 )    d −1 +d 1 k 1 +1+d 2 k 2 +(d 1 +d 2 −1)r  48
                               2                  1                    1
                                                (               )                                   49
                                d  −2  +k 2    (d 1 +d 2 ) −1      d −1  +d 1 k 1 +d  −1    d −1  +d 1 k 1 +d −1  +d 2 k 2 +(d 1 +d 2 −1)r
                               2                  1       2  +d 2 k 2  1      2

                             刘振亚(1998－), 男, 硕士, 主要研究领域为密码                 林璟锵(1978－), 男, 博士, 教授, 博士生导师, 主
                            工程.                                          要研究领域为密码工程.