CN111385350A - Quantum computation resistant blockchain transaction method and system based on one-time-varying secret sharing and routing device - Google Patents

Abstract

The invention discloses a quantum computation resistant blockchain transaction method and system based on one-time variable secret sharing and routing devices, which comprises a blockchain network consisting of more than one intranet in communication connection, wherein each intranet is provided with a plurality of users and routing devices, the users are in communication connection with the routing devices in the intranet where the users are located, and each routing device is provided with a blockchain client side for providing CA service; the routing device issues key fobs and keys for users in the intranet where the routing device is located, and the keys of the users are stored in a secret sharing mode in a distributed mode. The invention is used as a transaction initiator and a routing device to perform bidirectional verification firstly, then to send a signature transaction formally after the verification is passed, and the user and the routing device need to sign respectively to complete a complete transaction signature.

Description

Quantum computation resistant blockchain transaction method and system based on one-time-varying secret sharing and routing device

Technical Field

The invention relates to the technical field of blockchain information security, in particular to a quantum computation resistant blockchain transaction method and system based on one-time-varying secret sharing and routing devices.

Background

The block chain is a brand new distributed infrastructure and a calculation paradigm, stores data by using an ordered chain data structure, updates the data by using a consensus algorithm, and ensures data security by using a cryptography technology. In blockchain based transactions, ensuring data security for the transaction and privacy for the customer is a necessary condition for the blockchain to be able to develop further. For this reason, cryptography, and in particular public key cryptography, is widely used in blockchains.

As most people know, quantum computers have great potential in password cracking. The asymmetric (public key) encryption algorithms, such as the RSA encryption algorithm, which are mainstream today, are mostly based on two mathematical challenges, namely factorization of large integers or computation of discrete logarithms over a finite field. Their difficulty in breaking is also dependent on the efficiency with which these problems are solved. On a traditional computer, the two mathematical problems are required to be solved, and the time is taken to be exponential (namely, the cracking time increases in exponential order along with the increase of the length of the public key), which is not acceptable in practical application. The xiuer algorithm tailored for quantum computers can perform integer factorization or discrete logarithm calculation within polynomial time (i.e. the cracking time increases at the speed of k power along with the increase of the length of a public key, wherein k is a constant irrelevant to the length of the public key), thereby providing possibility for the cracking of RSA and discrete logarithm encryption algorithms.

The patent document with publication number 109660344a discloses a quantum computation resistant blockchain transaction method based on an asymmetric key pool routing device, wherein each user and each routing device are respectively provided with a key fob, and a private key of the routing device of the own party, an asymmetric key pool, a random number of a public key pointer of the routing device and an intranet public key set are stored in the key fob of the routing device; the user key card stores the private key of the own user and the public key of the routing device; asymmetric key pools in all the routing device key cards are the same, and user public keys of all users in the intranet are stored in the intranet public key set. However, in this method, if the key fob is lost or stolen, it may be directly used and damage the rights and interests corresponding to the user account. For example, the user account is transferred with the right, and the right is stolen.

Further, patent document CN107944255A discloses a key management method for a block chain, in which two pairs of keys are allocated to each user who joins the block chain, a pair of backup keys is generated in a key management center, and for each user in the block chain, although two pairs of keys are configured, the key management center generates a pair of backup keys, and for each pair of master keys, a pair of slave keys, and a pair of backup keys, the key management center defines a multiple signature verification script for the block chain transaction process by setting weights for the master key pair, the slave key pair, and the backup key pair, respectively. After the key pair is lost or stolen, the content of the key is easily acquired by an enemy, and the key management method has great risk and cannot realize reliable protection on the privacy and information safety of the user.

In summary, the problems of the prior art are as follows:

1. after the key fob is lost or stolen, the key fob may be hacked to obtain the internal key. If the private key of the blockchain system is known to the enemy, the ownership of the blockchain account corresponding to the private key is lost. If the public key of the asymmetric key system is known by an enemy, if the enemy owns the quantum computer, the private key is cracked through the public key, and the ownership corresponding to the private key is lost.

2. After the key fob is lost or stolen, it may be directly used and may damage the rights and interests corresponding to the user account. For example, the user account is transferred with the right, and the right is stolen.

Disclosure of Invention

The technical purpose is as follows: in order to solve the technical problems, the invention provides an anti-quantum computation blockchain system based on one-time-varying secret sharing and routing devices,

the technical scheme is as follows: in order to realize the technical purpose, the invention adopts the following technical scheme:

a quantum computation resistant blockchain transaction method based on one-time-varying secret sharing and routing devices is characterized in that: the block chain network comprises a block chain network formed by more than one intranet in communication connection, wherein each intranet is provided with a plurality of users and routing devices, the users are in communication connection with the routing devices in the intranet where the users are located, and each routing device is provided with a block chain client side for providing registration and authentication services;

each user and each routing device are respectively provided with a key fob, the routing devices issue the key fobs and keys for the users in the intranet where the routing devices are located, the private keys of each user are stored in a distributed mode in a secret sharing mode (2,2), and each private key obtains a group of private key secret components; each private key secret component comprises a random number and a private key component, a corresponding public key component is calculated according to the private key component, and the private key component and the public key component are respectively stored in a key fob of the routing device and a corresponding user key fob;

the method comprises the following transaction steps:

the user is used as a transaction initiator, before sending transaction content to a routing device of an intranet where the user is located, bidirectional verification is carried out between the user and the routing device, and the next step is carried out if the verification is passed;

the user sends a user transaction including a first signature to a routing device of an intranet where the user is located, wherein the first signature is obtained by taking out a private key component stored in a key card of the user and calculating generated transaction content;

the routing device judges the received user transaction and verifies the first signature;

the routing device calculates a second signature for the user transaction passing the verification, wherein the second signature is obtained by taking out a private key component stored in the key card of the routing device and calculating the received transaction content;

the routing device calculates a third signature according to the first signature and the second signature;

the routing device sending the client transaction including the third signature to other routing devices in the blockchain network in a broadcast manner;

and after finding that the client transaction is successfully submitted to the blockchain, the routing device sends a transaction notification to the initiator user.

Preferably, the method for issuing the key fob by the routing device is as follows:

the routing device issues a first private key and a plurality of second private keys for each user, the private keys are stored in a distributed mode in a secret sharing mode (2,2), a key pointer function, a key coefficient pointer function and a random number Nonce are stored in the user key fob and the routing device key fob, key components are extracted according to the key pointer function and the key coefficient pointer function, and transaction information of each transaction of the users in the intranet in which the routing device key fob is located is stored in the routing device key fob;

in each transaction process, a first private key component used by a user or a routing device is a fixed value, a second private key component is a calculated value only used for the transaction, the second private key component directly used for the transaction is recorded as the calculated value second private key component, the calculated value second private key component is obtained by searching the second private key component stored in the current key fob and calculating, each public key component is obtained by calculating according to the corresponding private key component, and a complete public key or private key used in the transaction process is obtained by calculating the corresponding public key component or private key component by adopting a secret sharing recovery method.

Preferably, the method for issuing the key fob by the routing device is as follows:

the routing device carries out (2,2) secret sharing on each private key of the user to obtain a corresponding random number I, a random number II, a first private key component I, a first private key component II, a plurality of groups of second private key components I and second private key components II, and a corresponding public key component is obtained through calculation according to each private key component;

storing the hash value of the random number two into a random number pool of the user key fob, storing the first public key component one, the multiple groups of second public key components one and the first public key component two into a public key pool of the user key fob, storing the first private key component one and the multiple groups of second private key components one into a private key pool of the user key fob, and storing the CA signature into a certificate pool of the user key fob; the CA signature is obtained by adopting a CA private key to carry out combined signature on the user ID and the first public key;

and storing the first random number and the second random number into a random number pool of the routing device key fob, storing the first public key component two, the multiple groups of the second public key component two and the public keys of all the routing devices into a public key pool of the routing device key fob, storing the first private key component two and the multiple groups of the second private key component two into a private key pool of the routing device key fob, and storing the private key of the routing device and the CA public key into a private area of the routing device key fob.

Preferably, the user who is the transaction initiator comprises the steps of:

in the process of bidirectional verification between a user and a routing device, calculating to obtain a first calculated value second public key component, a first calculated value second private key component and a complete calculated value second public key for the transaction;

generating transaction content, wherein the transaction content comprises but is not limited to a timestamp and an address of a transaction initiator, and the address of the transaction initiator comprises a hash value of a second public key of the user and an ID (identity) of a routing device in the same intranet;

dividing the calculated value second public key into a second public key x component and a second public key y component, calculating the second public key x component to obtain a first intermediate verification parameter, calculating a hash value of the combination of the first intermediate verification parameter and the transaction content and taking the hash value as a transaction content ciphertext I, and calculating a first signature according to the first private key component I, the calculated value second private key component I and the transaction content ciphertext I;

the user transaction including the transaction content and the first signature is sent to a routing device located on the same intranet as the routing device.

Preferably, the routing device located in the same intranet as the originating device includes:

in the bidirectional verification process of the routing device and the user, obtaining a calculated value second public key component II, a calculated value second private key component II, a first public key component I, a calculated value second public key component I and a calculated value second public key for the transaction;

judging whether the user ID belongs to the routing device and whether the routing device ID is the routing device ID;

judging whether the timestamp in the transaction content is reasonable or not;

and if the judgment is passed, verifying the first signature:

dividing the calculated value of the second public key into a second public key x component and a second public key y component, calculating the second public key x component to obtain a second intermediate verification parameter, calculating a hash value of the combination of the second intermediate verification parameter and the transaction content and taking the hash value as a transaction content ciphertext II, and comparing the value calculated according to the first public key component I, the calculated value of the second public key component I and the transaction content ciphertext II with the value of the first signature;

after the verification is passed, the routing device calculates transaction information and temporarily stores the key information in the local;

preferably, the routing device located in the same intranet as the originating device includes a transaction step:

after the verification is passed, the routing device calculates to obtain a second signature according to the second first private key component, the second calculated value, the second private key component and the second transaction content ciphertext;

the routing device calculates a third signature according to the first signature and the second signature, and encrypts a combination of the first public key of the user and the second transaction content ciphertext by using a private key of the routing device to obtain a second ciphertext;

and the routing device sends client transactions including the third signature to other routing devices in the blockchain network in a broadcasting mode, wherein the client transactions include transaction contents, the third signature, the CA signature and the second ciphertext.

Preferably, the routing device located in the same intranet as the originating device includes a transaction step:

after the routing device finds that the client transaction is successfully submitted to the blockchain, notification content is generated;

and calculating a hash value of the combination of the second intermediate verification parameter, the notification content and the Nonce, using the hash value as a transaction notification ciphertext, calculating a notification signature according to the second first private key component, the second calculated private key component and the transaction notification ciphertext, and sending the notification content and the notification signature to a corresponding user.

Preferably, the other routing devices in the blockchain network, which verify the client transaction, include the steps of:

acquiring the ID of the routing device where the initiator is located from the client transaction, then taking out the corresponding public key of the routing device from the local public key pool, and decrypting the second encrypted text to obtain a first public key and a second transaction content ciphertext;

verifying the CA signature by adopting a local CA public key;

calculating to obtain a new calculated value second public key according to the transaction content ciphertext II, the first public key and the third signature, further obtaining a new calculated value second public key x component, calculating the new second public key x component to obtain a third intermediate verification parameter, calculating a hash value of the combination of the third intermediate verification parameter and the transaction content to obtain a transaction content ciphertext III, comparing the transaction content ciphertext III with the transaction content ciphertext II obtained by decryption, and verifying whether the transaction content ciphertext III is the same or not;

and after the verification is passed, the transaction verification is successful, and the transaction is placed into a local cache transaction pool.

Preferably, the bidirectional authentication comprises the steps of:

the user generates a first encrypted message and a first message authentication code and sends the first encrypted message and the first message authentication code to a routing device;

the routing device verifies the first message authentication code;

the routing device sends a third ciphertext and a second message authentication code to the user;

the user verifies the second message authentication code; wherein the content of the first and second substances,

the first encrypted text is obtained by adopting the combination encryption of a first public key component pair, namely a first public key component I, a calculated value, a second public key component I and a Nonce, an offset is added in the encryption process, and the offset is obtained by calculation according to a random number II and a timestamp;

the first message authentication code is obtained by adopting the hash value of a random number two to calculate the combination of a timestamp, a first public key component I, a calculated value, a second public key component I and a Nonce;

when the first encrypted text is decrypted, the routing device calculates the offset by taking out the random number two from the key fob of the routing device and combining the time stamp, and then decrypts the random number two according to the offset and the first private key component two to obtain a first public key component I, a calculated value second public key component I and a Nonce;

when the first message authentication code is verified, the routing device performs combined calculation by using a random number two-pair timestamp, a first public key component I, a calculated value second public key component I and a Nonce to obtain a message authentication code, and judges whether the obtained message authentication code is consistent with the first message authentication code;

the second message authentication code is obtained by calculating a timestamp and a calculated value second public key by using a hash value of a random number two, the third ciphertext is obtained by encrypting the calculated value second public key by using a first public key component, and an offset is added in the encryption process, wherein the offset is the hash value of the Nonce and the timestamp;

when the third encrypted text is decrypted, the hash value of the Nonce and the timestamp is calculated by the user to serve as an offset, and the third encrypted text is decrypted according to the offset and the first private key component to obtain a calculated value second public key;

when the second message authentication code is verified, the user calculates the time stamp and the calculated value by using the hash value of the random number two, the obtained message authentication code is compared with the second message authentication code, if the obtained message authentication code is consistent with the second message authentication code, the verification is passed, and the bidirectional verification is finished.

The invention also provides a quantum computation resistant blockchain transaction system based on the one-time-to-one secret sharing and routing device, which is characterized in that: the block chain network comprises a block chain network formed by more than one intranet in communication connection, wherein each intranet is provided with a plurality of users and routing devices, the users are in communication connection with the routing devices in the intranet where the users are located, and each routing device is provided with a block chain client side for providing registration and authentication services;

each user and each routing device are respectively provided with a key fob, the routing devices issue the key fobs and keys for the users in the intranet where the routing devices are located, the private keys of each user are stored in a distributed mode in a secret sharing mode (2,2), and each private key obtains a group of private key secret components; each private key secret component comprises a random number and a private key component, a corresponding public key component is calculated according to the private key component, and the private key component and the public key component are respectively stored in a key fob of the routing device and a corresponding user key fob;

each user and the routing device respectively comprise a memory and a processor, wherein the memory stores a computer program, and the processor realizes the quantum computation resistant block chain transaction method of the secret sharing and routing device when executing the computer program.

Has the advantages that:

1. after the key fob is lost or stolen, the key fob cannot be cracked violently to obtain the internal key. If the adversary acquires the user's key fob, the user's key fob has PK stored therein_a、PK_b、SK_aThe SK, PK cannot be recovered using secret sharing, i.e. without any valid identity-related key information. If the adversary acquires the routing device key fob, x is stored in the routing device key fob_a、x_b、PK_b、SK_bThe SK, PK cannot be recovered using secret sharing, i.e. without any valid identity-related key information. Because the private key of the blockchain system cannot be known by an enemy, and a plurality of identical user key fobs are issued at the same time as backups each time the user key fobs are issued, the private key cannot be maliciously acquired, and the private key cannot be lost, so that all rights and interests of the blockchain account corresponding to the private key are greatly protected.

2. Before a user formally sends a message containing transaction content to a routing device, the user and the routing device perform bidirectional authentication, in the bidirectional authentication process, the user and the routing device use a key component stored by a key card of the user and operate the sent or received message, a key used for operation comprises a one-time variable key component, and the one-time variable key component is obtained by searching key components stored in a plurality of local key areas and is calculated, so that the use safety of the key is further improved.

3. After the key fob is lost or stolen, it is not easily used and ownership of the blockchain account is transferred. The user end must deal in the intranet controlled by the corresponding routing device, that is, the user signature and the routing device are required to sign to complete the complete transaction signature; the enemy can not trade in the external network, namely the enemy can not obtain the signature of the routing device after signing in the external network, so that the enemy can not obtain a complete trade signature. Thus, the ownership of the blockchain account corresponding to the key fob is greatly protected.

Drawings

FIG. 1 is a block diagram of a system according to an embodiment of the present invention;

FIG. 2 is a block diagram of a key block of a user-side key fob according to the present invention;

fig. 3 is a diagram of a key zone structure of a routing device key fob of the present invention.

Detailed Description

Description of the System

The system structure diagram of the embodiment of the invention is shown in fig. 1, and the cryptographic system for the communication between the user side and the routing device uses an ECC system.

When the routing device issues a key fob for a user, the domain parameters of the elliptic curve including q, a, b, P and n are selected first. q represents the size of the finite field Fq; the variables a and b being elliptic curves y²＝x³A coefficient of + ax + b, satisfies 4a³+27b²Not equal to 0; p is the base point generator. After the elliptic curve is generated, a base point generator P is selected, which satisfies that the order is an integer n. The generated private key sk and public key pk satisfy pk sk P. The relevant parameters q, a, b, P, n of the algorithm are written to the key fob designated area.

The secret sharing of (2,2) is performed for the private key SK of each user side. When secret sharing of (t, n) is carried out on information m, n is the number of fragments of m for splitting shared secret, t is the minimum number of fragments required for recovering m, and t is more than or equal to 2 and less than or equal to n.

Generating two secret shared random numbers x_a,x_bFor the secret key SK, two secrets are calculated, i.e. the secret component is (x)_a,SK_a)，(x_b,SK_b)。

SK can be recovered by collecting 2 groups of secrets, and the specific steps are as follows:

2 sets of secret lagrangian parameters

Wherein

To obtain

In the case of an ECC system: PK_a＝SK_a*P，PK_b＝SK_bP. The PK is SK P

Each routing device manages key fob issuance for multiple users within the local network. Each time a user key fob is issued, several identical user key fobs are issued at the same time as backups and managed by the administrator, preventing the user key fobs from being lost.

Let the mth user key fob be affiliated with the nth routing device.

Generating a random number SK upon key fob issuance to a user_MainAnd SK_TempAs a private key, and (2,2) secret sharing is performed to obtain (x)_a，SK_aMain)，(x_b，SK_bMain)，(x_a，SK_aTemp)，(x_b，SK_bTemp) And respectively storing the data into the routing device and the key card of the user, wherein the specific storage mode is as follows:

the structure of the key area of the key card at the user end is shown in fig. 2. The specific structure is described as follows:

random number hash value Hx_b＝H(x_b) H (#) is a hash operation;

public key pool including PK_aRegion and PK_bA zone;

the pool of secret shared private keys comprises SK_aA zone;

in the signature pool, the value of the CA signature area unit is SIG_CA＝SIGN_RsA(IDM||PK_Main，SK_CA). Wherein IDM is ID, SIGN of Mth user_RSA(m, sk) denotes RSA signing of the message m using the private key sk. Because IDM PK_MainPK of (1)_MainNot known to the enemy, so that the enemy cannot pass through the SIG_CASolving SK_CA。

The key fob is obtained in a secure manner (e.g., by registration of devices on the intranet, secure introduction of corresponding keys into the key fob).

PK in key fob_Main/SK_MainIs fixed, PK_Temp/SK_TempAnd the key is searched in the key area and calculated. Since all keys are handled by secret sharing, what is actually stored is a set of Hx_b/PK_aMain/SK_aMain/PK_bMain/SIG_CAMultiple groups of PK_aTemp/SK_aTemp。

The structure of the key card key area of the routing device is shown in fig. 3 (M users, N routing devices).

Each user corresponds to a group x in the key area_a/x_b/PK_bMain/SK_bMainMultiple groups of PK_bTemp/SK_bTemp。

The routing device public key pool stores RSA public keys of all routing devices, and the public key of the routing device can be acquired from the routing device public key pool according to the ID of the routing device. The RSA public key described here does not include the RSA algorithm parameter ModN, i.e. the product of two large prime numbers.

The private zone of the routing device key fob may be an area of higher security within the present key fob, such as within a secure chip. Or it may be a private zone key fob controlled with a routing device key fobAnd can ensure that there is no hostile wired communication connection such as a USB connection, or controlled with a routing device key fob and can ensure that there is no hostile wireless communication connection such as an NFC connection. The private area of the routing device key fob stores the private key SK of the routing device and the public key PK of the CA_CAAnd an RSA algorithm parameter ModN. If the ModN is acquired by an enemy, the enemy can decompose the ModN into a product of two large texels by using a quantum computer and then crack an RSA public key and a private key; the RSA algorithm is stored in a private part and is not acquired by an enemy, so that the RSA algorithm has stronger capability of resisting quantum computing attack.

And (3) transaction flow:

each routing device has a blockchain client. The blockchain data is not stored in the user, but in the routing device. The routing device does not initiate a transaction, which is initiated by the user.

A user reads blockchain transaction data from a routing device; for example, the routing device can share the information to the intranet user in a document sharing or database mode; because of the public link, the data does not need to be kept secret.

Step 1: mth user generates userSig_a。

1.1：

The user acquires the current timestamp Time, and calculates RK ═ h (Time).

According to KN key pointer functions { F }_Pi，i∈[1，KN]}, KN key coefficient pointer functions { F_Ui，i∈[1，KN]Acquisition position Pi ═ F_Pi(RK)，i∈[1，KN]F, key coefficient [ mu i ═ F }_Ui(RK)，i∈[1，KN]}。

From PK according to position Pi_aRegion, SK_aRespectively taking out KN secret keys { PK_aTempi，i∈[1，KN]}、{SK_aTempi，i∈[1，KN]And calculate

Computing using ECIES algorithmsTo obtain EPK_a＝ENC(PK_aMain||PK_aTemp||Nonce，PK_bMain)＝{EPK_aR，EPK_ac，EPK_at}. For EPK_aRCalculating the offset to obtain EPK'_a＝{EPK_aR-HG(Hx_b||Time)，EPK_ac，EPK_at}. Where HG is a hash function that maps integers to elliptic curve points.

Using Hx_bFor Time PK_aMain||PK_aTempObtaining MAC by calculating message authentication code by | Nonce_a＝MAC(Time||PK_aMain||PK_aTemp||Nonce，Hx_b). Where MAC (m, k) denotes the calculation of a message authentication code for message m using key k.

The User sends IDM Time EPK to the Nth routing device'_a||SIG_CA||MAC_a。

1.2：

The routing device judges the rationality of the IDM, namely whether the IDM belongs to the routing device.

The routing device determines the rationality of the Time. Calculate RK ═ h (time).

From PK in a manner consistent with that described above_bRegion, SK_bZone taking out

Using x_bCalculating to obtain HG (Hx)_bTime), further recovering EPK'_aIs EPK_aUsing SK_bMainDecrypting EPK_aObtaining PK_aMain||PK_aTemp| Nonce. Comparing the nonces, stopping if the nonces do not accord with the local nonces.

Using Hx_bFor Time PK_aMain||PK_aTemp'MAC is obtained by calculating message authentication code | | Nonce'_a＝MAC(Time||PK_aMain||PK_aTemp||Nonce，Hx_b) With the received MAC_aAnd performing comparison authentication.

According to(x_a，PK_aTemp)，(x_b，PK_bTemp) PK recovery_Temp(ii) a According to (x)_a，PK_aMain)，(x_b，PK_bMain) PK recovery_Main. The principle is as follows:

because of the public key of the ith public key unit

So that the sum of KN public keys

Thus, it is possible to provide

In the same way

CA public key PK using private area_CAVerification SIG_CA＝SIGN_RSA(IDM||PK_Main，SK_CA) Thus proving IDM | | | PK_MainThe correctness of the operation.

Calculating to obtain EPK by using ECIES algorithm_T＝ENC(PK_Temp，PK_aMain)＝{EPK_TR，EPK_Tc，EPK_Tt}。

The routing device takes out the current Nonce of the IDM. The method comprises the following specific steps: each routing device locally stores per-transaction txlnfo (tid (Nonce), where tid (h (tx)) of each affiliated user. All transactions of the user can be searched from the blockchain data according to tid, and the Nonce of the last transaction of the IDM can be read from Txinfo of the latest transaction of the IDM, and the Nonce is read after + 1.

For EPK_TCalculating the offset to obtain EPK'_T＝{EPK_TR-HG(Nonce||Time)，EPK_Tc，EPK_Tt}。

Using Hx_bFor Time PK_TempCalculating message authentication code to obtain MAC_b＝MAC(Time||PK_Temp，Hx_b)。

Will Time EPK'_T||MAC_bAnd sending the data to a User.

1.3：

The User finds the previous request according to the Time, HG (Nonce Time) is obtained by using Nonce calculation, and EPK 'is further recovered'_TIs EPK_TUsing SK_aMainDecrypting EPK_TObtaining PK_Temp。

Using Hx_bFor Time PK_TempCompute message authentication code to MAC'_b＝MAC(Time||PK_Temp，Hx_b) With the received MAC_bAnd performing comparison authentication.

After the authentication is passed, the User generates a transaction Tx, which can be expressed as Tx Time From To Value Data. Wherein, From is the address of the transaction initiator, which can be represented as From ═ IDM | | | IDN, IDN is the serial number of the corresponding routing device; to is the address of the transfer or the address of the smart contract, which is stored and run in the key fob; value is the amount of the transfer; data is a transaction Data field, and can be the participation required by the intelligent contract, the incidental information of the transaction and the like.

PK_TempCan be expressed as (PK)_Tempx，PK_Tempy)。

Calculating TxsigR_a＝PK_Tempx(mod q)，TxsigE_a＝H(TxsigR_a||Tx)，userSig_a＝SK_aTemp+SK_aMain*TxsigE_a(mod q)。

The User sends userTx to the nth routing device, which may be expressed as userTx ═ Tx, userSig_a}。

Step 2: nth routing device verifies userSig_a。

The routing device judges the rationality of the IDM/IDN, namely whether the IDM belongs to the routing device and whether the IDN is the ID of the routing device.

The routing device determines the rationality of the Time.

And the routing device judges whether the account balance is enough to carry out the transaction in the local world state database.

The routing device takes out the current Nonce of the IDM.

PK_Temp＝(PK_Tempx，PK_Tempy) Calculating TxsigR_b＝PK_Tempx(mod q)，TxsigE_b＝H(TxsigR_b||Tx)。

Due to userSig_a＝SK_aTemp+SK_aMain*TxsigE_a(mod q)，PK_aTemp＝SK_aTemp*P，PK_aMain＝SK_aMain*P，TxsigR_b＝TxsigR_a，TxsigE_b＝TxsigE_aTherefore, if userSig_aP and PK_aTemp+PK_aMain*TxsigE_bIf they are equal, the pair userSig is completed_aAnd (4) verifying.

After the verification is passed, the nth routing device temporarily stores Txinfo and the related key for subsequent signature.

And step 3: the nth routing device generates Txsig.

The Nth routing device calculates userSig_b＝SK_bTemp+SK_bMain*TxsigE_b(mod q)。

Obtaining complete signature Txsig ═ SK_Temp+SK_Main*TxsigE_b(mod q)＝(λ_a*SK_aTemp+λ_b*SK_bTemp)+(λ_a*SK_aMain+λ_b*SK_bMain)*TxsigE_b(mod q)＝λ_a*(SK_aTemp+SK_aMain*TxsigE_a(mod q))+λ_b*(SK_bTemp+SK_bMain*TxsigE_b(mod q))＝λ_a*userSig_a+λ_b*userSig_b。

And 4, step 4: the nth routing device initiates the transaction.

The public and private keys of the Nth routing device are PK_NAnd SK_N。

Calculating clientTx { Tx, Txsig, ENC_RSA(PK_Main||TxsigE_b，SK_N)，SIG_CA}。ENC_RSA(m, sk) representsThe message m is RSA encrypted using the private key sk.

The nth routing device transmits the clientTx to the blockchain Client of each routing device through a broadcasting mechanism of the blockchain.

And 5: each routing device verifies the transaction.

The routing device receives the clientTx, acquires the IDN From the From, and acquires the public key PK of the routing device From the public key pool of the routing device according to the IDN_NDecrypting ENC_RSA(PK_Main||TxsigE_b，SK_N) Obtaining PK_Main||TxsigE_b。

With PK_MainVerifying the signature Txsig, which comprises the following specific steps:

(1) CA public key PK using private area_CAVerification SIG_CA＝SIGN_RSA(IDM||PK_Main，SK_CA) Thus proving IDM | | | PK_MainThe correctness of the test;

(2) calculate PK'_Temp＝Txsig*P-PK_Main*TxsigE_b(ii) a The principle is as follows: txsig P-PK_Main*TxsigE_b＝(SK_Temp+SK_Main*TxsigE_b(mod q))*P-PK_Main*TxsigE_b＝PK_Temp+PK_Main*TxsigE_b-PK_Main*TxsigE_b＝PK_Temp。

To obtain PK'_Temp＝(PK′_Tempx，PK′_Tempy)。

(2) Calculating TxsigR'_b＝PK′_Tempx(mod q), further calculating TxsigE'_b＝H(TxsigR′_b| Tx). Prepared from TxsigE'_bAnd the decrypted TxsigE_bAnd (6) carrying out comparison.

And after the verification is passed, the transaction verification is successful, and the transaction is placed into a local cache transaction pool.

The transaction created by the User under the router or the transaction broadcast by other routers is cached in the cache transaction pool, and each router continuously accumulates the transactions in the cache transaction pool.

Step 6: the miners form blocks.

And the miners collect a certain amount of effective transactions from the cache transaction pool, calculate to obtain the POW certificate and broadcast the release block.

And 7: the routing device performs the transaction.

The routing device invokes the smart contract to perform the transaction and changes the local world state database.

And 8: the nth routing means issues a transaction notification to the mth user key fob that presented the transaction.

And the Nth routing device finds that the transaction of the tid is successfully submitted to the block chain, and generates a transaction notification Notify to the Mth user. The notification content Notify is encrypted by ECIES, and ENtf ═ ENC (Notify, PK) is calculated_aMain)＝{ENtf_R，ENtf_c，ENtf_t}. For ENtf_RCalculating the offset to obtain ENtf ═ { ENtf_R-HG(Hx_b||tid)，ENtf_c，ENtf_t}. Resulting in Ntf tid ENtf'.

If the notification content Notify may not be encrypted, Ntf | | | Notify.

Fetching the TxInfo and related key, PK temporarily stored in the Nth routing device_Temp＝(PK_Tempx，PK_Tempy) Calculating TxsigR_b＝PK_Tempx(mod q)，NtfsigE_b＝H(TxsigR_b| Ntf | | Nonce), calculate NotifySig_b＝SK_bTemp+SK_bMain*NtfsigE_b(mod q). Let clientNtf ═ Ntf, NotifySig_bAnd sending the M user.

The Nth routing device locally stores tid | Nonce of the Mth user key card in the transaction.

And step 9: mth user key fob verification NotifySig_b。

After the user receives the clientNtf, the user can determine the PK_Temp＝(PK_Tempx，PK_Tempy) Calculating TxsigR_a＝PK_Tempx(modq)，NtfsigE_a＝H(TxsigR_a||Ntf||Nonce)。

Due to NotifySig_b＝SK_bTemp+SK_bMain*NtfsigE_b(mod q)，PK_bTemp＝SK_bTemp*P，PK_bMain＝SK_bMain*P，NtfsigE_b＝NtfsigE_aTherefore, if NotifySig_bP and PK_bTemp+PK_bMain*NtfsigE_aIf they are equal, the NotifySig pair is completed_bAnd (4) verifying.

If the verification is successful, then Nonce + 1.

If Notify is encrypted, HG (Hxb | | | tid) is obtained by using xb calculation, and ENtf' is further recovered to be ENtf, wherein the ENtf is obtained by adding HG (Hxb | | | | tid) to ENtfR-HG (Hxb | | | tid); using SK_aMainDecrypting ENtf yields Notify.

The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.

The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. A quantum computation resistant blockchain transaction method based on one-time-varying secret sharing and routing devices is characterized in that: the block chain network comprises a block chain network formed by more than one intranet in communication connection, wherein each intranet is provided with a plurality of users and routing devices, the users are in communication connection with the routing devices in the intranet where the users are located, and each routing device is provided with a block chain client side for providing registration and authentication services;

each user and each routing device are respectively provided with a key fob, the routing devices issue the key fobs and keys for the users in the intranet where the routing devices are located, the private keys of each user are stored in a distributed mode in a secret sharing mode (2,2), and each private key obtains a group of private key secret components; each private key secret component comprises a random number and a private key component, a corresponding public key component is calculated according to the private key component, and the private key component and the public key component are respectively stored in a key fob of the routing device and a corresponding user key fob;

the method comprises the following transaction steps:

the user is used as a transaction initiator, before sending transaction content to a routing device of an intranet where the user is located, bidirectional verification is carried out between the user and the routing device, and the next step is carried out if the verification is passed;

the user sends a user transaction including a first signature to a routing device of an intranet where the user is located, wherein the first signature is obtained by taking out a private key component stored in a key card of the user and calculating generated transaction content;

the routing device judges the received user transaction and verifies the first signature;

the routing device calculates a second signature for the user transaction passing the verification, wherein the second signature is obtained by taking out a private key component stored in the key card of the routing device and calculating the received transaction content;

the routing device calculates a third signature according to the first signature and the second signature;

the routing device sending the client transaction including the third signature to other routing devices in the blockchain network in a broadcast manner;

and after finding that the client transaction is successfully submitted to the blockchain, the routing device sends a transaction notification to the initiator user.

2. The quantum computation resistant blockchain transaction method based on one-time-varying secret sharing and routing device of claim 1, wherein: the method for issuing the key card by the routing device comprises the following steps:

the routing device issues a first private key and a plurality of second private keys for each user, the private keys are stored in a distributed mode in a secret sharing mode (2,2), a key pointer function, a key coefficient pointer function and a random number Nonce are stored in the user key fob and the routing device key fob, key components are extracted according to the key pointer function and the key coefficient pointer function, and transaction information of each transaction of the users in the intranet in which the routing device key fob is located is stored in the routing device key fob;

in each transaction process, a first private key component used by a user or a routing device is a fixed value, a second private key component is a calculated value only used for the transaction, the second private key component directly used for the transaction is recorded as the calculated value second private key component, the calculated value second private key component is obtained by searching the second private key component stored in the current key fob and calculating, each public key component is obtained by calculating according to the corresponding private key component, and a complete public key or private key used in the transaction process is obtained by calculating the corresponding public key component or private key component by adopting a secret sharing recovery method.

3. The quantum computation resistant blockchain transaction method based on one-time-varying secret sharing and routing device of claim 2, wherein the method for issuing the key fob by the routing device is as follows:

the routing device carries out (2,2) secret sharing on each private key of the user to obtain a corresponding random number I, a random number II, a first private key component I, a first private key component II, a plurality of groups of second private key components I and second private key components II, and a corresponding public key component is obtained through calculation according to each private key component;

storing the hash value of the random number two into a random number pool of the user key fob, storing the first public key component one, the multiple groups of second public key components one and the first public key component two into a public key pool of the user key fob, storing the first private key component one and the multiple groups of second private key components one into a private key pool of the user key fob, and storing the CA signature into a certificate pool of the user key fob; the CA signature is obtained by adopting a CA private key to carry out combined signature on the user ID and the first public key;

and storing the first random number and the second random number into a random number pool of the routing device key fob, storing the first public key component two, the multiple groups of the second public key component two and the public keys of all the routing devices into a public key pool of the routing device key fob, storing the first private key component two and the multiple groups of the second private key component two into a private key pool of the routing device key fob, and storing the private key of the routing device and the CA public key into a private area of the routing device key fob.

4. The quantum computation resistant blockchain transaction method based on one-time-varying secret sharing and routing device according to claim 3, wherein the user as a transaction initiator comprises the steps of:

in the process of bidirectional verification between a user and a routing device, calculating to obtain a first calculated value second public key component, a first calculated value second private key component and a complete calculated value second public key for the transaction;

generating transaction content, wherein the transaction content comprises but is not limited to a timestamp and an address of a transaction initiator, and the address of the transaction initiator comprises a hash value of a second public key of the user and an ID (identity) of a routing device in the same intranet;

dividing the calculated value second public key into a second public key x component and a second public key y component, calculating the second public key x component to obtain a first intermediate verification parameter, calculating a hash value of the combination of the first intermediate verification parameter and the transaction content and taking the hash value as a transaction content ciphertext I, and calculating a first signature according to the first private key component I, the calculated value second private key component I and the transaction content ciphertext I;

the user transaction including the transaction content and the first signature is sent to a routing device located on the same intranet as the routing device.

5. The quantum computation resistant blockchain transaction method based on one-time-varying secret sharing and routing device according to claim 4, wherein the routing device located in the same intranet as the originating device comprises the steps of:

in the bidirectional verification process of the routing device and the user, obtaining a calculated value second public key component II, a calculated value second private key component II, a first public key component I, a calculated value second public key component I and a calculated value second public key for the transaction;

judging whether the user ID belongs to the routing device and whether the routing device ID is the routing device ID;

judging whether the timestamp in the transaction content is reasonable or not;

and if the judgment is passed, verifying the first signature:

dividing the calculated value of the second public key into a second public key x component and a second public key y component, calculating the second public key x component to obtain a second intermediate verification parameter, calculating a hash value of the combination of the second intermediate verification parameter and the transaction content and taking the hash value as a transaction content ciphertext II, and comparing the value calculated according to the first public key component I, the calculated value of the second public key component I and the transaction content ciphertext II with the value of the first signature;

after the verification is passed, the routing device calculates transaction information and temporarily stores the key information in the local;

6. the quantum computation-resistant blockchain transaction method based on one-time-varying secret sharing and routing device according to claim 5, wherein the routing device located in the same intranet as the originating device comprises the transaction steps of:

after the verification is passed, the routing device calculates to obtain a second signature according to the second first private key component, the second calculated value, the second private key component and the second transaction content ciphertext;

the routing device calculates a third signature according to the first signature and the second signature, and encrypts a combination of the first public key of the user and the second transaction content ciphertext by using a private key of the routing device to obtain a second ciphertext;

and the routing device sends client transactions including the third signature to other routing devices in the blockchain network in a broadcasting mode, wherein the client transactions include transaction contents, the third signature, the CA signature and the second ciphertext.

7. The quantum computation resistant blockchain transaction method based on one-time-varying secret sharing and routing device of claim 6, wherein: the routing device located in the same intranet as the initiating position comprises a transaction step:

after the routing device finds that the client transaction is successfully submitted to the blockchain, notification content is generated;

and calculating a hash value of the combination of the second intermediate verification parameter, the notification content and the Nonce, using the hash value as a transaction notification ciphertext, calculating a notification signature according to the second first private key component, the second calculated private key component and the transaction notification ciphertext, and sending the notification content and the notification signature to a corresponding user.

8. The quantum computation-resistant blockchain transaction method based on one-time-varying secret sharing and routing device according to claim 6, wherein the other routing devices in the blockchain network verify the client transaction, comprising the steps of:

acquiring the ID of the routing device where the initiator is located from the client transaction, then taking out the corresponding public key of the routing device from the local public key pool, and decrypting the second encrypted text to obtain a first public key and a second transaction content ciphertext;

verifying the CA signature by adopting a local CA public key;

calculating to obtain a new calculated value second public key according to the transaction content ciphertext II, the first public key and the third signature, further obtaining a new calculated value second public key x component, calculating the new second public key x component to obtain a third intermediate verification parameter, calculating a hash value of the combination of the third intermediate verification parameter and the transaction content to obtain a transaction content ciphertext III, comparing the transaction content ciphertext III with the transaction content ciphertext II obtained by decryption, and verifying whether the transaction content ciphertext III is the same or not;

and after the verification is passed, the transaction verification is successful, and the transaction is placed into a local cache transaction pool.

9. The quantum computation resistant blockchain transaction method based on one-time-varying secret sharing and routing device according to any one of claims 3 to 8, wherein the bidirectional authentication comprises the steps of:

the user generates a first encrypted message and a first message authentication code and sends the first encrypted message and the first message authentication code to a routing device;

the routing device verifies the first message authentication code;

the routing device sends a third ciphertext and a second message authentication code to the user;

the user verifies the second message authentication code; wherein the content of the first and second substances,

the first encrypted text is obtained by adopting the combination encryption of a first public key component pair, namely a first public key component I, a calculated value, a second public key component I and a Nonce, an offset is added in the encryption process, and the offset is obtained by calculation according to a random number II and a timestamp;

the first message authentication code is obtained by adopting the hash value of a random number two to calculate the combination of a timestamp, a first public key component I, a calculated value, a second public key component I and a Nonce;

when the first encrypted text is decrypted, the routing device calculates the offset by taking out the random number two from the key fob of the routing device and combining the time stamp, and then decrypts the random number two according to the offset and the first private key component two to obtain a first public key component I, a calculated value second public key component I and a Nonce;

when the first message authentication code is verified, the routing device performs combined calculation by using a random number two-pair timestamp, a first public key component I, a calculated value second public key component I and a Nonce to obtain a message authentication code, and judges whether the obtained message authentication code is consistent with the first message authentication code;

the second message authentication code is obtained by calculating a timestamp and a calculated value second public key by using a hash value of a random number two, the third ciphertext is obtained by encrypting the calculated value second public key by using a first public key component, and an offset is added in the encryption process, wherein the offset is the hash value of the Nonce and the timestamp;

when the third encrypted text is decrypted, the hash value of the Nonce and the timestamp is calculated by the user to serve as an offset, and the third encrypted text is decrypted according to the offset and the first private key component to obtain a calculated value second public key;

when the second message authentication code is verified, the user calculates the time stamp and the calculated value by using the hash value of the random number two, the obtained message authentication code is compared with the second message authentication code, if the obtained message authentication code is consistent with the second message authentication code, the verification is passed, and the bidirectional verification is finished.

10. A quantum computation resistant blockchain transaction system based on a one-time-varying secret sharing and routing apparatus, comprising: the block chain network comprises a block chain network formed by more than one intranet in communication connection, wherein each intranet is provided with a plurality of users and routing devices, the users are in communication connection with the routing devices in the intranet where the users are located, and each routing device is provided with a block chain client side for providing registration and authentication services;

each user and each routing device are respectively provided with a key fob, the routing devices issue the key fobs and keys for the users in the intranet where the routing devices are located, the private keys of each user are stored in a distributed mode in a secret sharing mode (2,2), and each private key obtains a group of private key secret components; each private key secret component comprises a random number and a private key component, a corresponding public key component is calculated according to the private key component, and the private key component and the public key component are respectively stored in a key fob of the routing device and a corresponding user key fob;

each user and the routing device comprises a memory in which a computer program is stored and a processor which, when executing the computer program, implements the quantum computation resistant blockchain transaction method of the secret sharing and routing device according to any one of claims 1 to 9.

Images