A Blockchain Address Generation Method Based on the Improved SM9 Algorithm

Abstract

In recent years, governments have regarded blockchain technology as a key breakthrough in independent innovation of core technologies and have attached great importance to its development. In current blockchain solutions, the elliptic curve digital signature algorithm (ECDSA) is usually combined with the Keccak Hash Algorithm 256-bit Variant (keccak256) to generate blockchain addresses. Although the ECDSA algorithm is based on the Public Key Infrastructure (PKI) system, which has prominent issues such as complex deployment processes, high operation and maintenance costs, low efficiency, and difficulties in adapting to a large number of users, it still holds an important position and has a broad application foundation in the field of cryptography. This paper aims to circumvent the existing flaws of the PKI system rather than discarding the strong and well-proven PKI system. Instead, it endeavors to explore the application of the Identity-Based Cryptography (IBC) system in blockchain and reduce dependence on foreign cryptographic algorithms. This study adopts the SM9 algorithm based on the IBC and combines it with the SM3 algorithm to generate blockchain addresses. Considering users’ use, this paper improves the original SM9 algorithm based on the original SM9 algorithm, enabling users to perform functions such as signing and encryption with just a single pair of public and private keys. Experimental results indicate that the time consumed by this proposed scheme in blockchain address generation is 1.29 times that of the existing schemes, and the length of the blockchain addresses generated is the same as that of the existing ones.

1. Introduction

In The Report on the Work of the Government, it was emphasized that “Striving to modernize the industrial system and developing new quality productive forces at a faster pace.” [1]. To promote the development of new quality productivity, it is necessary to give full play to the multiplier effect of data elements, such as the multiplicative interaction between data elements and scientific and technological innovation [2], which are typically represented by digital technologies such as big data, blockchain, cloud computing, and artificial intelligence. Blockchain is a distributed bookkeeping technology maintained by multiple parties, utilizing a cryptographic chained block structure to verify and store data and automated script code (smart contracts) to program and manipulate data [3]. Since Satoshi Nakamoto [4] first proposed blockchain technology in 2008, after more than ten years of development, its application fields have become extensive. Swan [5], in the book “Blockchain: A Blueprint for the New Economy”, states that the application of the blockchain is defined as three-tiered: blockchain 1.0–3.0. The technology has increasingly garnered significant attention from various countries. In recent years, China has also issued several white papers regarding the development of blockchain technology. For instance, in 2023, the Academy of Information and Communications Technology released the Blockchain White Paper (2023) [6], which primarily provides an overview of the development of blockchain in the international and domestic contexts, the development of blockchain technology, its applications, regulatory frameworks, as well as the challenges and outlooks of blockchain development of China, among other topics.

There is no national security without network security, and the importance of cryptography as the core underlying technology of blockchain is self-evident. China has introduced and announced some independently designed cryptographic algorithms in recent years, such as the SM2, the SM4, the SM9 [7], and other state secret algorithms, which have been successfully selected as international commercial cryptographic standards with a high degree of security and controllability, which is of great significance for safeguarding China’s national information security. However, China’s blockchain technology is still in its infancy, and the application areas must continue to be explored, researched, developed, and improved.

At present, the majority of cryptographic algorithms are based on the PKI [8] system, such as the Rivest–Shamir–Adleman (RSA) algorithm, the ECDSA, and the ElGamal Cryptographic Algorithms (EGCA) and SM2 algorithm. The PKI system encryption process is shown in Figure 1.

On the contrary, the SM9 algorithm is based on the IBC system [9]. The IBC system encryption process is shown in Figure 2. A comparison of the differences between the PKI and IBC systems is shown in

Table 1. A comparison between the PKI System and the IBC System.

PKI System	IBC System
The public key is a random number.	The public key can be an e-mail address.
The user’s public key is associated with the identity through a certificate.	The public key is the user’s identity.
The sender of information must obtain the receiver’s public key certificate.	The message sender only needs to know the receiver’s identity (e.g., IP address, cell phone number, etc.).
The certificate issuance and management system is complex and challenging to deploy.	There is no need to issue and manage certificates.
Before sending information each time, it is necessary to communicate with the management center to verify the certificate’s validity.	Local offline encryption and decryption.
High implementation cost and low efficiency.	Low cost and high efficiency.

.

The security of the SM9 algorithm mainly relies on the elliptic curve discrete logarithm puzzle and some problems of bilinear pairs, with a level of security equivalent to the security strength of RSA-3072 bits [10], which is resistant to Baby-Step Giant-Step (BSGS) algorithm attack, Pollard’s Rho algorithm attack, and Miyaji–Ochiai–Vanstone (MOV) attack [11], thus ensuring the security of the algorithm during its use. Moreover, the SM9 algorithm authentication process mainly uses the Challenge Handshake Authentication Protocol (CHAP) in challenge/response mode, which is resistant to Trojan horses, password dictionaries, and other attacks [12].

In blockchain systems, blockchain addresses play a crucial role, functioning similarly to bank accounts in the real world. They are primarily used to identify users and facilitate value transfers. Therefore, generating secure and efficient blockchain addresses is of great significance for the stable operation and widespread application of blockchain systems.

Foreign blockchain address generation methods mainly fall into two categories: those based on Elliptic Curve Cryptography (ECC) and those based on hash functions. Regarding the first approach, the traditional Bitcoin address is the Pay-to-Public-Key-Hash (P2PKH) address, which starts with the digit 1. Both Bitcoin’s P2PKH addresses and Ethereum addresses are generated by using the secp256k1 elliptic curve of the ECDSA algorithm. The process involves generating a public key from a private key and then performing a hash operation on the public key [13]. The advantage of this method lies in the simplicity of the generation process and good compatibility. However, its drawback is that the generation of blockchain addresses relies on the user’s public–private key pair generated by a specific elliptic curve, and once the private key is lost, the user’s assets cannot be retrieved.

The second method is mainly adopted by the Bitcoin Pay-to-Script-Hash (P2SH) addresses, which start with the digit 3. To generate these addresses, the Secure Hash Algorithm 256-bit (SHA-256) algorithm and the RACE Integrity Primitives Evaluation Message Digest 160-bit (RIPEMD-160) algorithm are used successively to perform hash operations on the Redeem Script to obtain a hash value, which is then encoded using BaseCheck58 to obtain the final address [14]. This method supports more complex transactions and scripts and offers higher security. Nevertheless, it is more complicated to create and manage compared to P2PKH addresses.

In China, the Chain Maker [15] serves as a reference for blockchain address generation. It is mainly applied in domestic financial and government affairs fields, where high requirements for information security and compliance are imposed. In the Chain Maker, the generation of user blockchain addresses begins with the generation of the Subject Key Id (SKI) based on the user’s public key, which is an identifier used in X.509 certificates to uniquely identify the user’s public key and is employed for the quick search and verification of the public key in the certificate and public-key management systems. Subsequently, the keccak256 algorithm is used to perform a hash operation on the SKI, and the last 20 bytes of the hash value are truncated to obtain the address. This address generation method is essentially based on ECC and is, by default, the same as Ethereum’s address algorithm.

In the original SM9 algorithm, the user holds two pairs of public and private keys, which are used for digital signatures and encrypted communication; it is not very convenient for the user to use in practice, which requires remembering and storing the two private keys, and they must be used separately for each situation. Therefore, based on the high security of the SM9 algorithm, the advantages of the IBC system, and considering the practical needs of users, this paper proposes a blockchain address generation method based on an improved SM9 algorithm. The improved SM9 algorithm enables users to complete operations such as signing, encryption, and decryption with only one pair of public–private keys.

2. Related Work

2.1. Discrete Logarithm Problem over Finite Fields

The set of all nonzero elements in the finite field $F_{q^m}$ (q is odd prime and m ≥ 1) forms a multiplicative cyclic group. Let g be the generator of the multiplicative cyclic group $F_{q^m}$, $y\in F_{q^m}$, and the discrete logarithm problem over finite fields determines an integer x ∈ [0, q^m − 2], such that y = g^x holds in $F_{q^m}$ [16].

2.2. Elliptic Curve Discrete Logarithm Problem

Given an elliptic curve E(F_q^m) (m ≥ 1), a point P ∈ E(F_q^m) of order n and Q ∈ <p>, the elliptic curve discrete logarithm problem determines an integer L ∈ [0, n − 1], such that Q = [L]P holds [16].

2.3. Bilinear Pairs and Related Complex Problems

Bilinear pairs [17], also known as “pairing,” are an important concept in cryptography. The bilinear pairs used are defined on a set of elliptic curve groups [18], mainly Weil, Tate, and Ate [19]. The state secret SM9 cryptographic algorithm chooses the R-Ate pair, which has good security properties and a high computational rate. The bilinear pair involves three different groups and a bilinear mapping as follows:

Let (G₁, +) and (G₂, +) be two additive cyclic groups on the group E(K) of elliptic curves (where K is a finite field including F_q and F_q^k, where q is a prime number and k is a positive integer), and (G_T, ·) be a multiplicative cyclic group, whose orders are all prime N. P₁ and P₂ are the generators of the groups G₁ and G₂, respectively. There exists a homomorphic map ψ from G₂ to G₁ such that ψ(P₂) = P₁, the bilinear pair e is a mapping G₁×G₂→G_T [20] satisfying the following conditions [16]:

• Bilinearity: For any P ∈ G₁, Q ∈ G₂, a, b ∈ Z_N, there is e([a]P, [b]Q) = e(P, Q)^ab.
• Non-degeneracy: e(P₁, P₂) ≠ 1 (unit element of G_T).
• Computability: For any P ∈ G₁ and Q ∈ G₂, there exists an efficient algorithm to compute e(P, Q).

When G₁ and G₂ are unequal, e is an asymmetric bilinear mapping. When G₁ and G₂ are equal, e is a symmetric bilinear mapping. In the SM9 algorithm, asymmetric bilinear mapping is used, where the groups G₁ and G₂ are subgroups of the elliptic curve groups E(F_q) and E(F_q²), respectively. The group G_T is a subgroup of the multiplicative cyclic group formed by all nonzero elements of the finite field $F_{{\mathrm{q}}^{12}}$. The orders of groups G₁, G₂, and G_T are all N > 2¹⁹¹, where N is a prime number. Other system parameters, such as the 256-bit Barreto–Naehrig (BN) curves [21], are selected.

The security of bilinear pairs is mainly based on the intractability of four problems, including Problem 1 [the Bilinear Inverse Diffie–Hellman Problem (BIDH)], Problem 2 [the Deterministic Bilinear Inverse Diffie–Hellman Problem (DBIDH)], Problem 3 [the τ- Bilinear Inverse Diffie–Hellman Problem (τ-BDHI)], and Problem 4 [the τ-Gap-Bilinear Inverse Diffie–Hellman Problem (τ-Gap-BDHI)] [16].

The above four intractability problems are the security basis of the SM9 algorithm.

3. Design Method

3.1. Blockchain Address Generation Process in Ether

At the present time, the blockchain applies the ECC algorithm to randomly generate the corresponding private key for each node, generate the corresponding public key after the elliptic curve, and generate the user blockchain address [22]. A blockchain address is a digital identifier that receives and sends cryptocurrencies in a blockchain network. Depending on the blockchain network used and its purpose, it can be categorized into a Bitcoin address, an Ethereum address, a contact address, etc. The following section focuses on generating the user’s private key, public key, and account address in Ether.

• A pseudo-random number generator first generates a 256 bit random number as the user’s private key.
• Using the elliptic curve digital signature algorithm ECDSA-secp256k1, the user’s private key is mapped to a 65 byte public key. The selected curve equation is y² = x³ + 7 [23].
• The 32 byte user public key hash is calculated using the Keccak-256 hash algorithm.
• Finally, the last 20 bytes of the above hash value are taken as the user’s account address.

The generation process is shown in Figure 3.

3.2. The Improved SM9 Algorithm

The improved SM9 algorithm synthesizes two pairs of system master keys and two pairs of user keys generated by the original SM9 algorithm into a pair of system master keys and a pair of user keys, respectively. The system parameters used in the improved SM9 algorithm are consistent with those used in the original SM9 algorithm.

In the original SM9 algorithm, the system’s signing master public key and encryption master public key are in two additive cyclic groups, G₂ and G₁, respectively. If two pairs of public–private keys of a user are combined into one pair, it is necessary to first merge the system’s two master private keys into one. First, a random number generated by the Key Generation Center (KGC) is used as the system’s master private key (no distinction is made between the system’s signing master private key and the encryption master private key). Then, the system’s master public key is obtained from the system’s master private key (no distinction is made between the system signing master private key and the encrypting master private key here). The improved SM9 algorithm is used to place the system’s master public key in group G₁. Finally, according to the method of user key generation in the original SM9 algorithm, two pairs of user’s public–private keys can be synthesized into one pair of public–private keys (no distinction is made between the user signing and encrypting keys). The user’s private key is in group G₂ and the user’s public key is in group G₁. The specific implementation process is as follows:

• System Master Key Generation

The KGC first randomly selects an integer S_S in the interval [1, N − 1] as the master private key of the system. Subsequently, KGC computes the point P_S = S_S·P₁ in the group G₁, where P₁ is the generator element of the additive cyclic group G₁, and uses P_S as the master public key of the system. In this process, P₁, P₂, and P_S are public, while S_S must be kept secret.

• User Key Generation

The KGC selects a private key generation function identifier hidden for each user, which can be represented by a single byte. Let the identifier of user A be ID_A. The KGC first computes t₁ = H₁(ID_A||hid, N) + S_S over the finite field F_N, where H₁ is a hash function. If the computed t₁ is equal to 0, the KGC must regenerate the master private key and update the master public key as well as the private keys of all generated users. In case t₁ is not equal to 0, the KGC continues to compute t₂ = S_S·t₁⁻¹ (here, t₁⁻¹ denotes the multiplicative inverse element of t₁ in the modulo N sense) and then computes user A’s private key S_A = t₂·P₂, where P₂ is the generating element of the additive cyclic group G₂. Also, the public key Q_A = H₁(ID_A||hid, N) P₁ + P_S for user A is computed and makes Q_A public, while the private key S_A must be kept secret.

Let bit string M sign the message. Algorithm 1 shows the specific algorithmic procedure for user A to obtain message M digital signature (h, S).

Algorithm 1: The improved SM9 signature generation algorithm.

Input: System parameters, System master public key PS, Message M, Private key SA Output: Signature Value (h, S) 1.   g: = e(Ps, P2) 2.   r: = Random([1, N−1]) 3.   w: = gr 4.   h: = H2(M||w, N) 5.   L: = (r-h) mod N 6.   while L==0 do 7.           r: = Random([1, N−1]) 8.           w: = gr 9.           h: = H2(M||w, N) 10.         L: = (r-h) mod N 11. end while 12. S: = [L]·SA 13. return (h, S)

User B uses the following Algorithm 2 to verify the integrity of message M′ and its digital signature (h′, S′), as shown below:

Algorithm 2: The improved SM9 signature verification algorithm.

Input: System Parameters, System Master Public Key Ps, Message M′, Public Key QA Output: Verification Successful or Verification Failed 1.   if h′∈[1, N−1] then 2.           if S′∈G2 then 3.                   g: = e(Ps, P2) 4.                   t: = gh′ 5.                   u: = e(QA, S′) 6.                   w′: = u·t 7.                   h: = H2(M′||w′, N) 8.                   if h = h′ then 9.                           return Verification Successful 10.                 else 11.                         return Verification Failed 12.                 end if 13.         else 14.                 return Verification Failed 15.         end if 16. else 17. return Verification Failed 18. end if

3.2.1. Correctness Proof of the Improved SM9 Algorithm

In the user B verification process, it is necessary to check whether h₂ = h′ is equal or not because h₂ = H₂(M′||w’, N) and h′ = H₂(M||w, N), so it can be transformed to check whether w = w’ is equal or not. The proof process is as follows:

$$\begin{array}{l}{w}^{\prime }=u·t=e(Q_{\mathrm{A}},S^{\prime })·e(P_S,{\mathrm{P}}_2)\\ =e(h_1·{\mathrm{P}}_1+S_S·{\mathrm{P}}_1,L·{t_1}^{-1}·S_S·{\mathrm{P}}_2)·e(S_S·{\mathrm{P}}_1,{\mathrm{P}}_2{)}^h\\ =e({\mathrm{P}}_1,{\mathrm{P}}_2{)}^{L·S_S{(H_1+S_S)}^{-1}·(h_1+S_S)}·e({\mathrm{P}}_1,{\mathrm{P}}_2{)}^{h·S_S}\\ =e({\mathrm{P}}_1,{\mathrm{P}}_2{)}^{S_S·[(r-h)\mathrm{mod}\mathrm{N}+h]}=e({\mathrm{P}}_1,{\mathrm{P}}_2{)}^{r·S_S}\\ =e(P_S,{\mathrm{P}}_2{)}^r=g^r\\ =w\end{array}$$

(1)

3.2.2. Comparison Between the Original SM9 Algorithm and the Improved SM9 Algorithm in Different Aspects

• Public and private key generation aspects of systems

In the original SM9 algorithm, two distinct pairs of system master public–private key pairs are generated. One pair is specifically dedicated to system signing, with the system signature master private key being 32 bytes in length and the corresponding system signature master public key being 128 bytes long. Similarly, the other pair is intended for system encryption, where the system encryption master private key also measures 32 bytes, and the system encryption master public key spans 64 bytes. The improved SM9 algorithm generates a pair of system master public and private keys. Specifically, the system master private key has a length of 32 bytes, while the system master public key measures 64 bytes.

• Public and private key generation aspects of users

In the original SM9 algorithm, two separate pairs of user public–private key pairs are generated. One pair is designed specifically for user signature, with the user signature private key being 64 bytes in length and the corresponding user signature public key being 128 bytes long. The other pair is for user encryption, where the private key measures 128 bytes and the public key is 64 bytes. In stark contrast, the improved SM9 algorithm generates a single pair of user public–private keys. The user private key measures 128 bytes, and the user public key is 64 bytes.

• Signed and encrypted value-generation aspects

Using the original SM9 algorithm, the signature values h and S have lengths of 32 bytes and 64 bytes, respectively, while the encrypted ciphertext value has a length of 97 bytes. In contrast, with the improved SM9 algorithm, the lengths of the signature values h and S are 32 bytes and 128 bytes, respectively, and the length of the encrypted ciphertext value remains 97 bytes.

• A comparison of the original SM9 algorithm and the improved SM9 algorithm in terms of system and user public and private key generation processes and application scenarios.

Figure 4 shows the process of generating system and user public and private keys based on the original SM9 algorithm, along with its corresponding application scenarios. Figure 5 illustrates the process of generating system and user public and private keys based on the improved SM9 algorithm, along with its corresponding application scenarios.

3.2.3. The Blockchain Address Generation Method Based on the Improved SM9 Algorithm

Referring to the above process of generating the user’s account address in Ether, this scheme uses the improved SM9 algorithm to generate the user’s public and private key and account address in the following steps:

• KGC generates a 256 bit (32 byte) random number as the system master private key through a pseudo-random number generator.
• The system master private key is obtained by selecting a BN curve with a parameter of 256 bits, whose equation is y² = x³ + 5 [16]. Then, a 512 bit (64 byte) system master public key is obtained based on other system parameters.
• The system master private key obtains a 1024 bit (128 byte) user private key through user identification and other system parameters. The private key is used for transaction signing, asset management, and encrypted communication.
• The system master public key obtains a 512 bit (64 byte) user public key through user identification and other system parameters.
• The user public key calculates a 256 bit (32 byte) hash value through the state secret SM3 algorithm [24].
• Take the last 20 bytes of the hash value as the blockchain address.

The specific process is shown in Figure 6 below:

3.3. Security Analysis of This Program

In blockchain, it is crucial to ensure the security of the user’s private key because it is directly related to the security of the user’s assets. In the original SM9 algorithm, the user’s private key is calculated by the system master private key based on the user’s identity and system parameters; assuming that the private key of user A is S_A and the identity is ID_A, then the formula for calculating the private key of A is as follows.

S_A = [S_S (H₁(ID_A||hid, N) + S_S)⁻¹]·P₂

(2)

It is known that the public key hash can be derived from the user’s public key. However, the public key cannot be reverse-derived from the public key hash, which is guaranteed by the properties of the hash function: unidirectionality, weak collision, and strong collision [25]. The user’s account address is obtained by taking the last 20 bytes of the public key hash, so the public key cannot be inferred from the account address. Additionally, the user’s identity uniquely determines the user’s public key.

It is challenging for a third-party attacker to calculate the private key of user A by utilizing the public key of user A, the system master public key, and the system parameters when the user keeps his private key secret. The security of the SM9 algorithm is based on the elliptic curve discrete logarithmic puzzle, which satisfies the computational security [26], thus ensuring the security of the user’s private key and assets.

Their relationship is shown in Figure 7.

4. Results

This experiment mainly focuses on the comparative study of the signature and verification time of messages of different lengths, the length of the generated user public and private keys and signature values, and the generation time of the user account address. Specifically, in terms of signing and verification time, the improved SM9 algorithm is compared with the original SM9 algorithm, the 381 bit-parameter Barreto–Lynn–Scott 12 (BLS12-381) algorithm, the SM2 algorithm, and the Schnorr digital signature algorithm (Schnorr algorithm) for messages of different lengths; in terms of the length of the generated user’s public–private key and signature value, the improved SM9 algorithm is compared with the ECDSA algorithm, the BLS12-381 algorithm, the SM2 algorithm, and the Schnorr algorithm; the improved SM9 algorithm is compared with the ECDSA algorithm in terms of account address generation time. In addition, the name of the manufacturer of the device running this software is Lenovo, and the city where it is sourced is Zhengzhou, China. The test environment used in this experiment is described below.

• Processor: Intel(R) Core(TM) i5-10210U CPU @ 1.60GHz 2.11 GHz;
• Memory: 16.0 GB;
• Operating System: 64 bit operating system, x64-based processor;
• Compilation environment: Visual Studio Code 2024, Version: 1.89.

4.1. Efficiency Analysis

4.1.1. A Comparison of the Signing and Verification Times of the Improved SM9 Algorithm with the Original SM9, SM2, BLS12-381, and Schnorr Algorithms

To evaluate the performance of the improved SM9 algorithm in terms of signature generation and verification across varying message lengths, experiments were conducted in this study for message lengths of 256 bytes, 512 bytes, 1024 bytes, and 2048 bytes. For each specified message length, the experiments were independently repeated five times, and the average results from these five trials were calculated to ensure the stability and reliability of the findings. Furthermore, this paper compared and analyzed the performance of the improved SM9 algorithm with the original SM9 algorithm, the BLS12-381 algorithm, and the Schnorr algorithm. The experimental results for signature and verification are shown in Figure 8 and Figure 9, respectively.

The results clearly indicate that, in descending order of time taken for signing messages of varying lengths, the algorithms are as follows: the original SM9 algorithm, the BLS12-381 algorithm, the improved SM9 algorithm, the SM2 algorithm, and the Schnorr algorithm.

During the signature generation process, the original SM9 algorithm necessitates both dot product operations and pairing operations on an elliptic curve. The high computational complexity associated with the pairing operation significantly contributes to the longest signing duration. In contrast, the BLS algorithm primarily involves dot product operations on an elliptic curve. The utilization of the optimized BLS 12-381 elliptic curve enhances the efficiency of the dot product operations, thereby reducing the signing time.

The improved SM9 algorithm builds upon the original SM9 algorithm, enabling users to possess a pair of public and private keys for both signature and encryption functionalities. Additionally, optimizations in code implementation, such as the Miller loop, constant t modulo power operation, multiplication by a large integer, and modulo inverse operation, result in a shorter signing duration compared to the original SM9 algorithm.

The SM2 algorithm involves elliptic curve dot product operations and hash functions in its signature generation process. Due to optimizations in its implementation efficiency, the SM2 algorithm exhibits a relatively shorter signing time.

Finally, the Schnorr algorithm primarily entails a dot product operation and a modulus operation, possessing the lowest computational complexity and consuming the least time among the algorithms examined.

During the signature verification process for diverse messages, each algorithm entails computations similar to those involved in its signature generation phase. The BLS12-381 algorithm and the original SM9 algorithm continue to exhibit longer processing times, whereas the improved SM9 algorithm, the SM2 algorithm, and the Schnorr algorithm demonstrate shorter processing durations.

4.1.2. A Comparative Analysis of Time Efficiency in User Account Address Generation Using the Improved SM9 Algorithm and the ECDSA Algorithm

The ECDSA algorithm combined with the Keccak-256 hash algorithm generates the user account address, and five experiments were conducted to test the time required for its generation. The start time of the timing was the generation of the user’s private key, and the end time was the generation of the user account address. Because the user’s public key is generated by combining the user’s private key with the system parameters, the starting time of the timer was the generation of the user’s private key.

The user’s account address was generated using the improved SM9 algorithm and combined with the SM3 algorithm. Five experiments were conducted to test the time required for its generation. The starting time was the generation of the user’s public key, and the ending time was the generation of the user’s account address. Because the user’s identity generates the user’s public key and the system master public key combined with the system parameters and has no direct relationship with the user’s private key, the starting time was the generation of the user’s public key.

The experiment’s results are shown in

Table 2. A comparison of the time required for generating user account addresses using the ECDSA algorithm and the improved SM9 algorithm.

Number of Tests	Time Taken Using the ECDSA Algorithm/ms	Time Taken Using the Improved SM9 Algorithm/ms
1	3134.7	4073.1
2	3191.4	3963.7
3	3129.8	4243.4
4	3179.6	4057.3
5	3211.0	4080.9

below.

The experiment’s results are shown in Figure 10 below.

It was calculated that the average time taken to execute the ECDSA algorithm is 3169.3µs, whereas the average time for the improved SM9 algorithm is 4083.7 µs. The execution time of the improved SM9 algorithm is 1.29 times longer than that of the ECDSA algorithm. This is because using the improved SM9 algorithm involves two elliptic curve dot product operations and one hash operation when generating the user blockchain address, whereas using the ECDSA algorithm involves one elliptic curve dot product operation and one hash operation. It is worth noting that the length of the user account address generated by the improved SM9 algorithm is equivalent to that generated by the ECDSA algorithm.

4.2. Comparison of Spatial Storage

Table 3. A comparison of the lengths of user’s public keys, private keys, and signature values generated using the improved SM9, SM2, ECDSA, BLS 12-381, and Schnorr algorithms.

Algorithm	User Private Key Length/Byte	User Public Key Length/Byte	Signature Length/Byte
the improved SM9	128	64	160
SM2	32	64	64
ECDSA	32	64	64
BLS12-381	32	48	96
Schnorr	32	32	64

presents the experimental results obtained by comparing the lengths of the generated user public key, private key, and signature value using the improved SM9 algorithm, the SM2 algorithm, the ECDSA algorithm, the BLS12-381 algorithm, and the Schnorr algorithm.

The results indicate that the length of the user private key generated by the improved SM9 algorithm is four times greater than that produced by the other algorithms considered. Additionally, the length of the user public key generated by the improved SM9 algorithm is approximately 1.3 times longer than that generated by the BLS12-381 algorithm, twice as long as that produced by the Schnorr algorithm, and equivalent to the lengths generated by the SM2 and ECDSA algorithms. Furthermore, the length of the signature value produced by the improved SM9 algorithm is 2.5 times longer than those generated by the SM2, ECDSA, and Schnorr algorithms, and approximately 1.6 times longer than that produced by the BLS12-381 algorithm.

4.3. A Comparison of Security and Applicable Scenarios Among the Improved SM9, BLS12-381, SM2, and Schnorr Algorithms

The security of the SM9 algorithm is grounded in the q-strong Diffie–Hellman (q-SDH) assumption, which underpins its Existential Unforgeability under Chosen Message Attack (EUF-CMA) in the random oracle model, and this enables it to effectively withstand forgery attacks and ciphertext attacks [27]. The SM9 algorithm encompasses functionalities such as encryption, signing, key exchange, and key agreement. A notable advantage is its certificateless nature, which reduces the complexity and cost of certificate management, making it suitable for scenarios requiring identity-based encryption (IBE) and multi-party signatures.

The SM2 algorithm, whose security is based on the elliptic curve discrete logarithm problem (ECDLP), is resilient against forgery signature attacks, key replacement attacks, and white-box attacks [28]. It offers functionalities including digital signatures, public key encryption, and key exchange, and is particularly suited for smart cards and resource-constrained devices. In sectors with high demands for autonomy and control, such as national government affairs and finance, the use of national cryptographic algorithms SM9 and SM2 aligns with national security requirements.

The BLS12-381 algorithm derives its security from both the ECDLP and the hardness of computations involving bilinear pairings. It is capable of resisting forgery signature attacks and chosen message attacks [29]. The BLS algorithm boasts short signature lengths and efficient verification processes, along with robust aggregability, rendering it ideal for scenarios requiring extensive signature verification, such as blockchain applications.

The Schnorr algorithm, whose security rests on the discrete logarithm problem over elliptic curves, is resilient against forgery signatures, chosen message attacks, side-channel attacks, and replay attacks [30]. It distinguishes itself with the shortest signature length and minimal computational overhead for both signing and verification, while also supporting signature aggregation. This makes it well suited for scenarios demanding efficient signing and verification processes.

5. Conclusions

This paper presents an improvement upon the state secret SM9 algorithm, enabling users to perform both signing and encryption operations using a single pair of public and private keys. Additionally, the improved SM9 algorithm is integrated with the SM3 algorithm for application in blockchain address generation. This scheme leverages the IBC framework of the SM9 algorithm, eliminating the need for users to obtain digital certificates and thereby significantly simplifying the certificate management process. This is particularly advantageous in environments with a large number of users. Experimental results indicate that, in terms of user account address generation time, this scheme is comparable to the original scheme. This is because both involve computations related to point multiplication on elliptic curves. In terms of space storage, the length of the account addresses generated by this scheme is identical to that of the original scheme.

6. Discussion

The application of the SM9 algorithm, which is based on the IBC system, for generating blockchain addresses holds promise in critical sectors such as national government affairs and finance. This approach facilitates enhanced identity management and information security assurance. For example, on blockchain platforms designed for data sharing and business collaboration among government departments, the SM9 algorithm can generate addresses and perform identity authentication using unique identity identifiers for each department. This eliminates reliance on external certificate authorities and enhances the security and trustworthiness of the information exchanged. Furthermore, the improved SM9 algorithm can be utilized for signature verification of user transactions and encrypted communication among users within the blockchain. This will effectively promote the widespread adoption of China’s national cryptographic algorithm series in the blockchain domain, gradually reducing dependence on foreign cryptographic algorithms. By doing so, it can mitigate security risks associated with potential backdoors in foreign algorithms and trust issues related to certificate authorities, thereby strengthening national information security autonomy and protecting the public’s information security.

However, in the context of the IBC system, the user’s private key is generated by the KGC. If the KGC is attacked or compromised, the security of the entire system will be severely jeopardized, posing a key escrow issue. Additionally, the signing and verification processes of this algorithm are typically more complex than those of traditional algorithms, such as the ECDSA, resulting in slower processing speeds. To enhance performance, the optimization of the bilinear pairing computation algorithm or the adoption of hardware acceleration technologies (e.g., GPUs, FPGAs) can be considered. Finally, integrating the IBC algorithm into existing blockchain systems may necessitate modifications to the existing protocols, which could lead to compatibility issues. Therefore, corresponding work needs to be carried out to ensure the maturity and standardization of the IBC system’s algorithms.

7. Patents

Patent CN118694524A, Ruimin Wang, Haolong Fan, Kezhen Liu, Yuan Feng, Jiaxin Zhang, Dong Pan, Yongsheng Zheng, Jiren Ma, “A Blockchain Address Generation Method Based on an Improved SM9 Algorithm,” 24 September 2024.