CN115883099A - Union chain multiple signature transaction method and device based on lattice code - Google Patents
Union chain multiple signature transaction method and device based on lattice code Download PDFInfo
- Publication number
- CN115883099A CN115883099A CN202211490943.8A CN202211490943A CN115883099A CN 115883099 A CN115883099 A CN 115883099A CN 202211490943 A CN202211490943 A CN 202211490943A CN 115883099 A CN115883099 A CN 115883099A
- Authority
- CN
- China
- Prior art keywords
- node
- endorsement
- partial
- transaction
- lattice
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention provides a method and a device for alliance chain multiple signature transaction based on lattice codes, wherein the method comprises the following steps: and initializing a alliance chain network, generating a main key and a public parameter by using a lattice-based trapdoor generation algorithm, and generating a user public and private key pair of an endorsement node by using a lattice-based Gaussian sampling algorithm. A user initiates a transaction, a client node constructs a transaction proposal and sends the transaction proposal to an endorsement node for simulation, and the endorsement node generates a signature endorsement by using a lattice-based rejection sampling theorem; the client node collects the simulation result and signature endorsement of each endorsement node to generate multiple signatures; the client sends the effective transaction and the multiple signatures thereof to the sequencing node; and the sequencing node sequences the transaction set and packages the transaction set into a data block to be broadcast to the verification node, and the verification node verifies the data block and synchronously updates the ledger so as to realize the transaction. The invention adopts the lattice code technology and the spanning tree structure, so that the alliance chain network has higher post-quantum security, high efficiency and expandability.
Description
Technical Field
The invention relates to the technical field of digital signatures, in particular to a method and a device for alliance chain multiple signature transaction based on a lattice code.
Background
The block chain is a decentralized, traceable and non-tamperable distributed database, comprises various technologies such as a cryptographic algorithm, a consensus mechanism, a distributed point-to-point network and an intelligent contract, and is widely applied to various scenes such as digital currency, medical big data sharing and supply chain networks. According to the differentiated application scenarios and user requirements, the block chains are divided into public chains, private chains and alliance chains. The federation chain is usually applied to a network formed by a plurality of organizations or organizations, is superior to a public chain in terms of privacy protection and efficiency, and is superior to a private chain in terms of decentralization degree and use scene range, so that the federation chain becomes a block chain network mode used in a mainstream application scene in recent years.
The typical representation of the alliance chain is a hyper ledger (hyper hedger) project under the flag of Linux foundation, wherein Fabric is a mainstream sub-project of the hyper hedger project, and becomes a supporting framework of most alliance chain transaction schemes. However, the related alliance-chain transaction scheme has both security and performance issues. On one hand, the conventional elliptic curve digital signature technology is generally used in the related technology, and as the Shor quantum algorithm can solve the elliptic curve discrete logarithm problem in polynomial time, the related technology cannot resist quantum computation attack and is deficient in safety; on the other hand, as the alliance chain transaction scheme requires to follow the endorsement strategy, and a user needs to collect enough transaction signature endorsements after initiating a transaction to perform the transaction consensus uplink, the calculation pressure of the alliance chain network is increased along with the increase of the scale of transaction proposals and endorsement nodes, the storage space is reduced along with the increase of the calculation pressure, and the related technology has the performance deficiency.
Disclosure of Invention
In view of this, embodiments of the present invention provide a federation chain multiple signature transaction method and apparatus based on a lattice code, so as to eliminate or improve one or more defects in the prior art, and solve the problems of potential safety hazards and insufficient performance in the existing federation chain transaction method.
On one hand, the invention provides a federation chain multiple signature transaction method based on a lattice code, which is characterized in that the method is operated on a federation chain network, wherein the federation chain network comprises a user, a trusted key generation center, a client node, endorsement nodes specified by a preset endorsement policy, a sequencing node and a verification node; the method comprises the following steps:
the user initiates a transaction through the client node based on a preset alliance link network; wherein the presetting comprises: the trusted key generation center generates a system master key and public parameters by adopting a first preset lattice cryptographic algorithm, wherein the public parameters comprise the number of endorsement nodes, an NTRU ring polynomial and a plurality of hash functions; calculating a hash value by utilizing the hash function according to the identity information of each endorsement node to serve as a user public key of each endorsement node; calculating by adopting a second preset lattice cryptographic algorithm according to the user public key and the master key to obtain a first ring polynomial vector and a second ring polynomial vector, and taking the first ring polynomial vector and the second ring polynomial vector as user private keys of all endorsement nodes;
the client node is used as a root node, the endorsement nodes are used as child nodes to construct a multilayer spanning tree, each endorsement node calculates partial commitment values according to the user public key and the NTRU ring polynomial, partial commitment values and user public keys of each endorsement node are sent to upper nodes from bottom to top, and partial aggregation commitment value sets and partial aggregation user public key sets are calculated; the client node calculates a final aggregation commitment value and a final aggregation user public key according to the partial aggregation commitment value set, the partial aggregation user public key set, corresponding transaction contents and the identity identification information of each endorsement node, constructs a transaction proposal according to the final aggregation commitment value, the final aggregation user public key and the corresponding transaction contents, and sends the transaction proposal to each endorsement node;
each endorsement node simulates and executes the transaction proposal to obtain a simulated transaction result, calculates a partial signature response value according to a respective user private key and the final aggregation commitment value, calculates a probability value that the signature of each endorsement node can be correctly output according to the partial signature response value by adopting a third preset lattice cryptographic algorithm, sends the partial signature response value and the signature of each endorsement node to an upper node from bottom to top, and calculates a partial aggregation signature response value set; the client side calculates a final aggregated signature response value according to the partial aggregated signature response value set and obtains multiple signatures formed by signatures of endorsement nodes; the multiple signatures include the transaction proposal, the final aggregated signature response value, and the final aggregated commitment value;
the client node verifies a final aggregated signature response value and a final aggregated commitment value in the multiple signatures by using the transaction proposal, the final aggregated user public key and the identity identification information of each endorsement node, and packages and sends the transaction proposal and the multiple signatures to the sequencing node under the condition of passing verification;
the sequencing node sequences the transactions received within the preset time according to a preset rule, and packages the sequenced batch transactions into data blocks which are broadcast to the verification node in the whole network;
and when the verification node verifies the transaction proposal and the final aggregated signature response value and the final aggregated commitment value in the multiple signatures of each transaction in the data block, and the alliance chain network updates the ledger and completes the transaction under the condition that the verification is passed.
In some embodiments of the present invention, the trusted key generation center generates the system master key and the public parameter by using a first preset lattice cryptographic algorithm, and further includes the following steps:
the alliance chain network sets system security parameters, the number of endorsement nodes and two hash functions;
initializing an NTRU lattice, and generating an NTRU ring polynomial and an NTRU high-quality short lattice base based on the first preset lattice cryptographic algorithm;
taking the NTRU high-quality short lattice basis as the master key, and taking the parameters of the NTRU lattice, the number of endorsement nodes, two hash functions and the NTRU ring polynomial as the public parameters;
the first preset lattice cryptographic algorithm is a lattice basis trapdoor generation algorithm, and the calculation formula is as follows:
TrapGen NTRU (n,q,σ);
wherein TrapGen NTRU Representing an NTRU grid basis trapdoor generation algorithm; n, q, sigma respectively represent an integer, prime number and standard deviation of the NTRU trellis.
In some embodiments of the present invention, a first ring polynomial vector and a second ring polynomial vector are obtained by calculating according to the user public key and the master key by using a second pre-defined lattice cryptographic algorithm, where the second pre-defined lattice cryptographic algorithm is a lattice-based gaussian sampling algorithm, and the calculation formula is:
Gaussian-Sampler NTRU ,σ,(pk i ,0));
wherein, gaussian-Sampler NTRU Representing a lattice-based Gaussian sampling algorithm; b represents the master key; σ represents a standard deviation of the NTRU grid set; pk i Representing the user public key of the ith endorsement node.
In some embodiments of the present invention, the constructing a multi-level spanning tree by using the client node as a root node and the endorsement node as a child node further includes:
the endorsement node is provided with a first endorsement node layer, a second endorsement node layer and a third endorsement node layer from top to bottom in sequence by taking the client node as a root node; the client node is connected with a plurality of first-layer endorsement nodes, each first-layer endorsement node is connected with a plurality of second-layer endorsement nodes, and each second-layer endorsement node is connected with a plurality of third-layer endorsement nodes.
In some embodiments of the present invention, each endorsement node sends, from bottom to top, the partial commitment value and the user public key of each endorsement node to an upper node according to the user public key and the partial commitment value calculated by the NTRU ring polynomial, and calculates a partial aggregated commitment value set and a partial aggregated user public key set, further including the following steps:
each endorsement node randomly selects two third ring polynomial vectors and fourth ring polynomial vectors which have the same distribution with the user public key;
each endorsement node calculating the partial commitment value from the NTRU ring polynomial, the third ring polynomial vector, and the fourth ring polynomial vector;
the second-layer endorsement node sends the partial commitment value and the user public key to the first-layer endorsement node; the second-layer endorsement node calculates a partial aggregation commitment value and a partial aggregation user public key according to the received partial commitment value and the user public key of the third-layer endorsement node, and sends the partial aggregation commitment value and the partial aggregation user public key to the first-layer endorsement node;
and the first-layer endorsement node combines the partial aggregation commitment value set and the partial aggregation user public key set of all the endorsement nodes to send to the client node.
In some embodiments of the present invention, the step of generating a calculated partial signature response value by a third preset-grid cryptographic algorithm according to the respective private key of the user and the final aggregation commitment value, sending the partial signature response value of each endorsement node to the upper nodes from bottom to top, and calculating a partial aggregation signature response value set further includes the following steps:
the second-layer endorsement sends the partial signature response value to the first-layer endorsement node; the second-layer endorsement node calculates a partial aggregated signature response value according to the received third-layer endorsement node and sends the partial aggregated signature response value to the first-layer endorsement node;
the first-layer endorsement node sends the client node with the partly aggregated signature response value set of all endorsement nodes.
In some embodiments of the present invention, a partial signature response value is calculated according to a respective user private key and the final aggregate commitment value, a third preset lattice cryptographic algorithm is used to calculate a probability value that a signature of each endorsement node can be correctly output according to the partial signature response value, the third preset lattice cryptographic algorithm is a lattice-based rejection sampling theorem, and a calculation formula of the probability value is as follows:
wherein min (-) represents the minimum value; d represents a probability distribution; n and sigma respectively represent an integer and a standard deviation of the NTRU grid set; z is a radical of i Representing the partial signature response value; m is a constant; s i,0 Representing the first ring polynomial vector; s i,1 Representing the second ring polynomial vector; r represents the final aggregate commitment value.
In some embodiments of the present invention, the client node verifies the final aggregated signature response value and the final aggregated commitment value in the multiple signatures by using the transaction proposal, the final aggregated user public key, and the identity information of each endorsement node, and the verification that the verification passes needs to be satisfied at the same time:
R=H 2 (Z 0 +Z 1 *h-R*PK,ID,Tx);
wherein Z represents a final aggregate signature response value; z 0 Representing a first final aggregate signature response value, Z 1 Represents a second final aggregate signature response value, Z is represented by Z 0 And Z 1 Composition is carried out; n represents the number of endorsement nodes; n and sigma respectively represent an integer and a standard deviation of the NTRU grid set; r represents the final aggregate commitment value; h 2 Representing the hash function; h represents the NTRU ring polynomial; PK represents the final aggregated user public key; the ID represents the identity information of each endorsement node; tx represents the transaction proposal.
In some embodiments of the present invention, the verification node verifies the final aggregate signature response value and the final aggregate commitment value in the transaction proposal and the multiple signatures of each transaction in the data block, and the verification passes need to be satisfied at the same time:
R=H 2 (Z 0 +Z 1 *h-R*PK,ID,Tx);
wherein Z represents a final aggregate signature response value; z is a linear or branched member 0 Representing a first final aggregate signature response value, Z 1 Represents a second final aggregate signature response value, Z is represented by Z 0 And Z 1 Composition is carried out; n represents the number of endorsement nodes; n and sigma respectively represent an integer and a standard deviation of the NTRU grid set; r represents the final aggregated commitment value; h 2 Representing the hash function; h represents the NTRU ring polynomial; PK represents the final aggregated user public key; the ID represents the identity information of each endorsement node; tx represents the transaction proposal.
In another aspect, the invention also provides a computer readable storage medium, on which a computer program is stored, which program, when executed by a processor, performs the steps of the method as any one of the above mentioned.
The invention has the beneficial effects that:
the invention provides a federation chain multiple signature transaction method and device based on lattice passwords. A user initiates a transaction through a client node, the client node constructs a transaction proposal and sends the transaction proposal to an endorsement node for simulation execution, and the endorsement node generates a signature endorsement of the transaction proposal by using a lattice-based rejection sampling theorem; the client node collects the simulated transaction results and signature endorsements of each endorsement node to generate multiple signatures; the client sends the effective transaction and the multiple signatures thereof to the sequencing node; and the sequencing node sequences the transaction set, packages the transaction set into a data block and broadcasts the data block to the verification node, and the verification node verifies the data block and synchronously updates the account book to realize the transaction. The invention adopts the lattice cryptography, utilizes the problem of difficult resolution of small integers on the lattice to generate the key, can resist quantum computing attack, has unforgeability of multiple signatures, cannot destroy alliance chain transaction by forging multiple signatures, and has post-quantum security; meanwhile, the invention supports public key aggregation, and the verification node can verify the correctness of the transaction signature endorsement only by using the aggregated public key, thereby reducing the calculation overhead and the storage overhead of the alliance chain node, further improving the efficiency of the whole alliance chain transaction scheme and having high efficiency.
Furthermore, the endorsement nodes adopt a spanning tree structure, each endorsement node can communicate from top to bottom or from bottom to top by the spanning tree structure, and huge calculated amount in the endorsement process can be reasonably distributed to each node through the spanning tree structure, so that the number of the endorsement nodes can be expanded to thousands of levels, and the extensibility is realized.
Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and drawings.
It will be appreciated by those skilled in the art that the objects and advantages that can be achieved with the present invention are not limited to what has been particularly described hereinabove, and that the above and other objects that can be achieved with the present invention will be more clearly understood from the following detailed description.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the principles of the invention. In the drawings:
fig. 1 is a schematic structural diagram of a federation chain multiple signature transaction method based on a lattice code according to an embodiment of the present invention.
Fig. 2 is a schematic diagram illustrating steps of a federation chain multiple signature transaction method based on a lattice code according to an embodiment of the present invention.
Fig. 3 is a schematic diagram of an endorsement node spanning tree structure in an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the following embodiments and the accompanying drawings. The exemplary embodiments and descriptions of the present invention are provided to explain the present invention, but not to limit the present invention.
It should be noted that, in order to avoid obscuring the present invention with unnecessary details, only the structures and/or processing steps closely related to the scheme according to the present invention are shown in the drawings, and other details not so relevant to the present invention are omitted.
It should be emphasized that the term "comprises/comprising" when used herein, is taken to specify the presence of stated features, elements, steps or components, but does not preclude the presence or addition of one or more other features, elements, steps or components.
It is also noted that, unless otherwise specified, the term "coupled" is used herein to refer not only to a direct connection, but also to an indirect connection with an intermediate.
Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings. In the drawings, the same reference numerals denote the same or similar parts, or the same or similar steps.
It should be emphasized that the step labels mentioned in the following are not limitations to the order of steps, but should be understood that the steps may be executed in the order mentioned in the embodiments, may be executed in a different order from the embodiments, or may be executed simultaneously.
In order to solve the problems of potential safety hazard and insufficient performance in the existing alliance chain transaction method, the invention provides an alliance chain multiple signature transaction method based on a lattice code, wherein multiple signatures are used for generating a combined digital signature for the same message by a plurality of signers, and the combined signature is only required to be verified once in the signature verification stage. The lattice password is a password system of post-quantum security, keys are generated by using difficult problems on lattices, such as a Shortest Vector Problem (SVP), a recent vector problem (CVP), a small integer solution problem (SIS) and the like, no quantum algorithm exists at present, the difficult problems can be solved in polynomial time, and the security is high. In addition, because the operation of the lattice cipher is generally linear operation such as matrix, vector or ring polynomial, the operation speed of the lattice cipher is faster than the modular exponentiation operation and bilinear group operation adopted by the discrete logarithm cipher system in the prior art. As shown in fig. 1 and fig. 2, the method is executed on a federation chain network, where the federation chain network includes a user, a trusted key generation center, a client node, an endorsement node specified by a preset endorsement policy, a sorting node, and a verification node, and the method includes the following steps S101 to S106:
step S101: a user initiates a transaction through a client node based on a preset alliance chain network; wherein, preset includes: the trusted key generation center generates a system master key and public parameters by adopting a first preset lattice cryptographic algorithm, wherein the public parameters comprise the number of endorsement nodes, an NTRU ring polynomial and a plurality of hash functions; calculating a hash value by utilizing a hash function according to the identity information of each endorsement node to serve as a user public key of each endorsement node; calculating by adopting a second preset lattice cryptographic algorithm according to the user public key and the master key to obtain a first ring polynomial vector and a second ring polynomial vector, and taking the first ring polynomial vector and the second ring polynomial vector as user private keys of the endorsement nodes;
step S102: the client node is used as a root node, the endorsement nodes are used as child nodes to construct a multilayer spanning tree, each endorsement node calculates partial commitment values according to a user public key and an NTRU ring polynomial, the partial commitment values and the user public keys of each endorsement node are sent to upper nodes from bottom to top, and a partial aggregation commitment value set and a partial aggregation user public key set are calculated; the client node calculates a final aggregation commitment value and a final aggregation user public key according to the partial aggregation commitment value set, the partial aggregation user public key set, corresponding transaction contents and the identity information of each endorsement node, constructs a transaction proposal according to the final aggregation commitment value, the final aggregation user public key and the corresponding transaction contents, and sends the transaction proposal to each endorsement node;
step S103: each endorsement node simulates and executes a transaction proposal to obtain a simulated transaction result, calculates partial signature response values according to respective user private keys and a final aggregation commitment value, calculates a probability value that the signature of each endorsement node can be correctly output according to the partial signature response values by adopting a third preset lattice cryptographic algorithm, sends the partial signature response values and the signatures of each endorsement node to upper nodes from bottom to top, and calculates a partial aggregation signature response value set; the client side calculates a final aggregated signature response value according to the partial aggregated signature response value set and obtains multiple signatures formed by signatures of endorsement nodes; wherein the multiple signatures comprise a transaction proposal, a final aggregated signature response value, and a final aggregated commitment value;
step S104: the client node verifies the final aggregated signature response value and the final aggregated commitment value in the multiple signatures by using the transaction proposal, the final aggregated user public key and the identity identification information of each endorsement node, and packages and sends the transaction proposal and the multiple signatures to the sequencing node under the condition that the verification is passed;
step S105: the sequencing node sequences the transactions received within the preset time according to a preset rule, and packages the sequenced batch transactions into data block whole-network broadcasting to the verification node;
step S106: and when the verification node verifies the transaction proposal of each transaction in the data block and the final aggregated signature response value and the final aggregated commitment value in the multiple signatures, the alliance chain network updates the ledger and completes the transaction.
In step S101, before the user performs a transaction, first, a system initialization operation is performed on the federation chain network, a system security parameter is set, and the number of endorsement nodes is determined, where the number needs to meet the requirement of the federation chain multiple signature transaction endorsement policy. Initializing an NTRU lattice, and generating a uniform random NTRU ring polynomial and an NTRU high-quality short lattice base by utilizing a first preset lattice cryptographic algorithm; two anti-collision hash functions are selected, one hash function is mapped to a ring polynomial set space set by an NTRU grid, and the other hash function is mapped to a fixed-length character string space.
In some casesIn an embodiment, an NTRU lattice integer k is set>0, let n =2 k Setting prime number q =1mod2n, and making standard deviation
Set of ring polynomials R q Wherein the NTRU ring polynomial belongs to a set of ring polynomials.
In some embodiments, two hash functions are noted as the first hash function H 1 And a second hash function H 2 Wherein the first hash function maps to a ring polynomial set space of NTRU lattice set, H 1 :{0,1} * →R q The second hash function maps to a fixed-length string space, H 2 :{0,1} * →{0,1} n 。
In some embodiments, the first predetermined lattice cryptographic algorithm is a lattice basis trapdoor generation algorithm, as shown in equation (1):
TrapGen NTRU (n,q,σ); (1)
wherein TrapGen NTRU Representing an NTRU grid basis trapdoor generation algorithm; n, q, σ denote an integer, prime, and standard deviation, respectively, of the NTRU trellis set.
Taking the generated NTRU high-quality short lattice basis as a main key of the system; and taking the number of endorsement nodes, the parameters of the NTRU grids, the two hash functions and the generated NTRU ring polynomial as the common parameters of the system.
Illustratively, the number of endorsement nodes is denoted as N, the NTRU ring polynomial is denoted as H, and the common parameter PP = (N, q, σ, H) 1 ,H 2 ,h)。
The alliance chain network establishes an endorsement strategy of the transaction through an intelligent contract automatic execution program as a constraint condition which must be met when the transaction is endorsed. And constructing a spanning tree structure by each endorsement node and the client nodes according to the determined number of endorsement nodes, setting the client nodes as root nodes of the spanning tree structure, and setting each endorsement node as a child node of each layer in the spanning tree structure.
In some embodiments, the endorsement node is denoted as En i Where i represents the ith endorsement node, i =1,2The nodes are sequentially provided with a first layer of endorsement nodes, a second layer of endorsement nodes and a third layer of endorsement nodes from top to bottom; the client node is connected with a plurality of first-layer endorsement nodes, each first-layer endorsement node is connected with a plurality of second-layer endorsement nodes, and each second-layer endorsement node is connected with a plurality of third-layer endorsement nodes.
Specifically, as shown in fig. 3, the client node is denoted as Cl, the first-layer endorsement node is denoted as P, the second-layer endorsement node is denoted as S, and the third-layer endorsement node is denoted as C. Illustratively, the second first level endorsement node of the root node Cl is denoted as P 2 First level endorsement node P 2 The first and second level endorsement nodes of (1) are denoted as S 2,1 Second layer endorsement node S 2,1 The first and third level endorsement nodes of (1) are denoted as C 2,1,1 The rest can be analogized.
And the client node and the trusted key generation center acquire the identity identification information of the corresponding endorsement node according to the endorsement policy. The trusted key generation center calculates a corresponding hash value as a user public key of each endorsement node by using a first hash function and taking the identification information of each endorsement node as input.
Specifically, the identification information of each endorsement node is recorded as ID i The hash value calculation formula is shown in formula (2):
pk i =H 1 (ID i )∈R q ; (2)
wherein, pk is obtained i As a user public key for each endorsement node, and pk i Belonging to the set of ring polynomials R q 。
The trusted key generation center takes the obtained user public key and the master key of each endorsement node as input, calculates by using a second preset lattice cryptographic algorithm to obtain a first ring polynomial vector and a second ring polynomial vector, and takes the first ring polynomial vector and the second ring polynomial vector as the user private key of each endorsement node.
In some embodiments, the second predetermined lattice cryptographic algorithm is a lattice-based gaussian sampling algorithm, and the calculation formula is shown in formula (3):
Gaussian-Sampler NTRU ,σ,(pk i ,0)); (3)
wherein, gaussian-Sampler NTRU Representing a lattice-based Gaussian sampling algorithm; b represents a master key; σ represents the standard deviation of the NTRU grid set; pk i Representing the user public key of the ith endorsement node.
Two ring polynomial vectors with smaller length, i.e. the first ring polynomial vector s, are obtained according to the formula (3) i,0 And a second ring polynomial vector s i , 1 Then the private key of the user of each endorsement node can be denoted as sk i =(s i,0 ,s i,1 )。
Wherein, the first ring polynomial vector and the second ring polynomial vector need to satisfy formula (4) and formula (5) at the same time:
s i,0 +s i,1 *h=pk i ; (4)
wherein s is i,0 Representing a first ring polynomial vector; s i,1 Representing a second ring polynomial vector; h represents an NTRU ring polynomial; pk i A user public key representing the ith endorsement node; n, σ denote an integer and standard deviation of NTRU trellis setting, respectively.
And the trusted key generation center transmits the corresponding user public and private key pairs to each transaction endorsement node through a secure channel respectively for subsequent transaction endorsement.
After the alliance chain network is set, each user can initiate corresponding transaction through the client node. Specifically, when the user joins the alliance chain network, the user needs to initiate an application to the alliance chain network, and after the application succeeds, the alliance chain network issues a unique user certificate to the user. When a user initiates a transaction, the transaction content needs to include the user certificate of the user.
In some embodiments, the user-initiated transaction is written as Tx, tx = M | | | Cert u Wherein M represents transaction content; cert u Indicates the user's usefulnessA user certificate.
In step S102, after receiving the transaction initiated by the user, the client node performs preparation work with the endorsement node, specifically:
randomly selecting two third ring polynomial vectors and fourth ring polynomial vectors which have the same distribution with the corresponding user public key by each endorsement node; each endorsement node calculates a partial commitment value according to the NTRU ring polynomial, the third ring polynomial vector and the fourth ring polynomial vector; the second endorsement node sends the partial commitment value and the user public key to the first endorsement node; the endorsement node of the second layer calculates a partial aggregation commitment value and a partial aggregation user public key according to the received partial commitment value and the user public key of the endorsement node of the third layer and sends the partial aggregation commitment value and the partial aggregation user public key to the endorsement node of the first layer, and the endorsement node of the first layer combines the partial aggregation commitment value set and the partial aggregation user public key set of all the endorsement nodes to send the endorsement node of the first layer to the client node; and the client node calculates a final aggregation commitment value and a final aggregation user public key according to the partial aggregation commitment value set, the partial aggregation user public key set, the corresponding transaction content and the identity identification information sets of the endorsement nodes, and constructs a transaction proposal according to the final aggregation commitment value, the final aggregation user public key and the corresponding transaction content.
Illustratively, as shown in FIG. 3, the third ring polynomial vector is denoted as r i,0 The fourth ring polynomial vector is denoted as r i,1 Wherein, in the step (A),
d represents a probability distribution, and means that the third ring polynomial vector and the fourth ring polynomial vector have the same distribution as the user public key. The endorsement node of the second layer is based on NTRU ring polynomial h and third ring polynomial vector r i,0 And the fourth polynomial vector is denoted as r i,1 Calculating a partial commitment value, wherein the calculation formula is shown as formula (6):
r i =r i,0 +r i,1 *h; (6)
the endorsement nodes of the second layer respectively use the partial commitment values r i And the user private key pk i Sent from bottom to top according to a spanning tree structure toOne layer of endorsement nodes P i (ii) a Second layer endorsement node S i Receiving a third level endorsement node set { C i Partial set of commitment values of
And a set of user public keys>
Calculating a partial aggregation commitment value and a partial aggregation user public key, wherein the calculation formula is shown as a formula (7) and a formula (8):
wherein R is i Representing a partial aggregated commitment value; r is i Representing the partial commitment value of the endorsement node of the second layer corresponding to the ith first-layer endorsement node; { C i Represents a third level endorsement node set; r is j Representing the partial commitment value of the endorsement node of the third layer corresponding to the jth second-layer endorsement node; PK i Representing a partially aggregated user public key; pk i The user public key of the second-layer endorsement node corresponding to the ith first-layer endorsement node is represented; pk j And the user public key of the third-layer endorsement node corresponding to the jth second-layer endorsement node is represented.
The first-layer endorsement node sends the client node by combining the partial aggregation commitment value set of all endorsement nodes and the partial aggregation user public key set, wherein the partial aggregation commitment value set of all endorsement nodes is recorded as
Part of the aggregated user public key set of all endorsement nodes is marked as +>
C 0 The representation represents the set of all endorsement nodes.
Client nodes aggregate a set of commitment values according to portions
Partially aggregated user public key set ≥ er>
Corresponding transaction Tx and set of identity information { ID ] for each endorsement node i Calculating a final aggregation commitment value R and a final aggregation user public key PK, and constructing a transaction proposal Tx according to the final aggregation commitment value R, the final aggregation user public key PK and corresponding transaction contents, wherein corresponding calculation formulas are shown as a formula (9) to a formula (11):
Tx=M||Cert u ; (11)
wherein H 2 Representing the second hash function, the comments for the remaining parameters have been mentioned in the above paragraph.
In step S103, each endorsement node simulates and executes a transaction proposal to obtain a simulated transaction result and calculates a signature endorsement, specifically:
and generating and calculating partial signature response values through a third preset lattice cryptographic algorithm according to respective user private keys and the final aggregation commitment value, and calculating probability values that the signatures of the endorsement nodes can be correctly output by adopting the third preset lattice cryptographic algorithm according to the partial signature response values. The second-layer endorsement sends the partial signature response value to the first-layer endorsement node; the second-layer endorsement node calculates a partial aggregated signature response value according to the received third-layer endorsement node and sends the partial aggregated signature response value to the first-layer endorsement node; the first-layer endorsement node combines all endorsement node part aggregation signature response value sets to send to the client node; and the client calculates a final aggregated signature response value according to the partial aggregated signature response value set and obtains multiple signatures of transactions formed by signatures of the endorsement nodes.
Illustratively, as shown in fig. 3, each endorsement node aggregates the commitment value R and the user private key sk according to the final aggregate commitment value R i =(s i,0 ,s i,1 ) And calculating a partial signature response value. The partial signature response value of the endorsement node at the second layer is calculated as shown in the formula (12) to the formula (14):
z i =(z i,0 ,z i,1 ); (12)
wherein the content of the first and second substances,
z i,0 =s i,0 *R+r i,0 ; (13)
z i,1 =s i,1 *R+r i,1 ; (14)
z i,0 representing a first partial signature response value, z i,1 Representing a second partial signature response value, z i From z i,0 And z i,1 Composition is carried out; s is i,0 Representing a first ring polynomial vector; r is i,0 Represents a third ring polynomial vector; r represents a final aggregate commitment value; s i,1 Representing a second ring polynomial vector; r is i,1 Representing a fourth ring polynomial vector.
In some embodiments, a third preset lattice cryptographic algorithm is used to calculate a probability value that the signature can be correctly output according to the partial signature response value of each endorsement node, where the third preset lattice cryptographic algorithm is a lattice-based rejection sampling theorem, and the probability value is calculated as shown in formula (15):
wherein min (-) represents the minimum value; d represents a probability distribution; n and σ represent integers and standard deviations of the NTRU trellis setting, respectively; z is a radical of i Represents a partial signature response value; m is a constant; s i,0 Representing a first ring polynomial vector; s i,1 Representing a second ring polynomial vector; r represents the final aggregate commitment value.
The endorsement nodes of the second layer respectively sign partial response values z i Sent to the first layer endorsement node P from bottom to top according to the spanning tree structure i (ii) a Second layer endorsement node S i Receiving a third level endorsement node set { C i Set of partial signature response values of
And calculating a partial aggregation signature response value according to the formula (16):
wherein Z is i Represents a partially aggregated signed response value; z is a radical of i Representing a partial signature response value of a second-layer endorsement node corresponding to the ith first-layer endorsement node; { C i Represents a third level endorsement node set; z is a radical of formula j And representing the partial signature response value of the endorsement node of the third layer corresponding to the jth endorsement node of the second layer.
According to the above-mentioned partial signature response value z i From z i,0 And z i,1 Composition, equation (16) can also be written in the form of equation (17):
wherein Z is i,0 And Z i,1 Is calculated as shown in equations (18) and (19):
accordingly, Z i,0 Representing a first part of an aggregate signature response value, Z i,1 Denotes the second part polymerizationSignature response value, Z i From Z i,0 And Z i,1 And (4) forming.
The first-layer endorsement nodes are combined with the partial aggregation signature response value sets of all endorsement nodes to be sent to the client node, wherein the partial aggregation signature response value sets of all endorsement nodes are recorded as
C 0 The representation represents the set of all endorsement nodes. The client node marks the receiver according to the partial aggregation signature response value set>
And calculating a final aggregation signature response value according to the formula (20):
similarly, the final aggregate signature response value can also be expressed as shown in equations (21) to (23):
Z=(Z 0 ,Z 1 ); (21)
corresponding to, Z 0 Representing a first final aggregate signature response value, Z 1 Represents a second final aggregate signature response value, Z is represented by Z 0 And Z 1 And (4) forming.
The client node collects the signatures of all endorsement nodes, and constructs a multiple signature of the corresponding transaction according to the transaction proposal Tx, the final aggregate signature response value Z and the final aggregate commitment value R, wherein the multiple signature can be marked as sigma (Tx) = (Tx, Z, R) and is used for verifying the legality of the transaction.
In step S104, the client node verifies the final aggregated signature response value and the final aggregated commitment value in the multiple signatures by using the transaction proposal, the final aggregated user public key, and the identification information of each endorsement node, and packages and sends the transaction proposal and the multiple signatures to the sorting node when the verification passes.
In some embodiments, when the client node verifies whether the multiple signatures are valid, equation conditions as shown in equation (24) and equation (25) are adopted, if the two equations are satisfied at the same time, the verification is passed, otherwise, the verification fails:
R=H 2 (Z 0 +Z 1 *h-R*PK,ID,Tx); (25)
wherein Z represents a final aggregate signature response value; z 0 Representing a first final aggregate signature response value, Z 1 Represents a second final aggregate signature response value, Z is represented by Z 0 And Z 1 Composition is carried out; n represents the number of endorsement nodes; n and σ represent integers and standard deviations of the NTRU trellis setting, respectively; r represents a final aggregate commitment value; h 2 Representing a second hash function; h represents an NTRU ring polynomial; PK denotes the final aggregated user public key; the ID represents the identity information of each endorsement node; tx represents the transaction proposal.
In step S105, the sorting node collects transaction proposal sets { Tx } and multiple signature sets { σ (Tx) }fromdifferent client nodes, sorts transactions received within a preset time period according to a preset configuration rule, then packs the sorted batch transactions into data blocks, and broadcasts the data blocks to verification nodes of the alliance link network over the network, wherein each verification node receives a group of transaction sets with the same occurrence order to ensure data consistency.
In step S106, the verification node verifies the transaction proposal and the final aggregated signature response value and the final aggregated commitment value in the multiple signatures for each transaction in the data block, and if the verification passes, the federation chain network updates the ledger and completes the transaction.
In some embodiments, when the verification node is valid for multiple signature verification, the conditions of equations shown as formula (24) and formula (25) mentioned above are used, if both equations are true, the verification is passed, otherwise the verification fails:
R=H 2 (Z 0 +Z 1 *h-R*PK,ID,Tx); (25)
wherein Z represents a final aggregate signature response value; z 0 Representing a first final aggregate signature response value, Z 1 Represents a second final aggregate signature response value, Z is represented by Z 0 And Z 1 Composition is carried out; n represents the number of endorsement nodes; n and σ represent integers and standard deviations of the NTRU trellis setting, respectively; r represents a final aggregate commitment value; h 2 Representing a second hash function; h represents an NTRU ring polynomial; PK denotes the final aggregated user public key; the ID represents the identity information of each endorsement node; tx represents the transaction proposal.
Based on the formula (24) and the formula (25), the transaction proposal Tx and the multiple signature σ (Tx) = (Tx, Z, R) corresponding thereto are input, and the multiple signature verification algorithm is executed, whereby the verification can be correctly passed. Wherein, due to the sampling-rejecting theorem, (z) i,0 ,z i,1 ) Is distributed close to
Thus, for any i =1,2,. N, satisfy £ h>
Thus, it is possible to provide
This is true.
In addition to this, the present invention is,
and designed according to the algorithm described above, there are
And->
Therefore, formula (25) R = H 2 (Z 0 +Z 1 * h-R PK, ID, tx) equation is established, and the alliance chain multi-signature transaction method based on the lattice code provided by the invention has accuracy.
The present invention also provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of a low-sampling WiFi perception enhancement model training method, a low-sampling WiFi perception enhancement method, and a method of perceiving a target object action behavior based on low-sampling WiFi.
In accordance with the method described above, the present invention also provides an apparatus comprising a computer device including a processor and a memory, the memory having stored therein computer instructions, the processor being configured to execute the computer instructions stored in the memory, the apparatus implementing the steps of the method as described above when the computer instructions are executed by the processor.
Embodiments of the present invention further provide a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the foregoing steps of the edge computing server deployment method. The computer readable storage medium may be a tangible storage medium such as Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, floppy disks, hard disks, removable storage disks, CD-ROMs, or any other form of storage medium known in the art.
In summary, the invention provides a federation chain multiple signature transaction method and device based on lattice passwords, wherein a federation chain network is initialized, a trusted key generation center generates a system master key and public parameters by using an NTRU lattice trapdoor generation algorithm, and generates a user public and private key pair of a designated endorsement node by using a lattice gaussian sampling algorithm. A user initiates a transaction through a client node, the client node constructs a transaction proposal and sends the transaction proposal to an endorsement node for simulation execution, and the endorsement node generates a signature endorsement of the transaction proposal by using a lattice-based rejection sampling theorem; the client node collects the simulated transaction results and signature endorsements of each endorsement node to generate multiple signatures; the client sends the effective transaction and the multiple signatures thereof to the sequencing node; and the sequencing node sequences the transaction set, packages the transaction set into a data block and broadcasts the data block to the verification node, and the verification node verifies the data block and synchronously updates the account book to realize the transaction. The invention adopts the lattice cryptography, utilizes the problem of difficult resolution of small integers on the lattice to generate the key, can resist quantum computing attack, has unforgeability of multiple signatures, cannot destroy alliance chain transaction by forging multiple signatures, and has post-quantum security; meanwhile, the invention supports public key aggregation, and the verification node can verify the correctness of the transaction signature endorsement only by using the aggregated public key, thereby reducing the calculation overhead and the storage overhead of the alliance chain node, further improving the efficiency of the whole alliance chain transaction scheme and having high efficiency.
Furthermore, the endorsement nodes adopt a spanning tree structure, each endorsement node can communicate from top to bottom or from bottom to top by the spanning tree structure, and huge calculated amount in the endorsement process can be reasonably distributed to each node through the spanning tree structure, so that the number of the endorsement nodes can be expanded to thousands of levels, and the extensibility is realized.
Those of ordinary skill in the art will appreciate that the various illustrative components, systems, and methods described in connection with the embodiments disclosed herein may be implemented as hardware, software, or combinations of both. Whether this is done in hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention. When implemented in hardware, it may be, for example, an electronic circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, plug-in, function card, or the like. When implemented in software, the elements of the invention are the programs or code segments used to perform the required tasks. The program or code segments may be stored in a machine-readable medium or transmitted by a data signal carried in a carrier wave over a transmission medium or a communication link.
It is to be understood that the invention is not limited to the specific arrangements and instrumentality described above and shown in the drawings. A detailed description of known methods is omitted herein for the sake of brevity. In the above embodiments, several specific steps are described and shown as examples. However, the method processes of the present invention are not limited to the specific steps described and illustrated, and those skilled in the art can make various changes, modifications and additions, or change the order between the steps, after comprehending the spirit of the present invention.
Features that are described and/or illustrated with respect to one embodiment may be used in the same way or in a similar way in one or more other embodiments and/or in combination with or instead of the features of the other embodiments in the present invention.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made to the embodiment of the present invention by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A alliance chain multiple signature transaction method based on a lattice code is characterized in that the method is operated on an alliance chain network, and the alliance chain network comprises a user, a trusted key generation center, a client node, endorsement nodes specified by a preset endorsement policy, a sequencing node and a verification node; the method comprises the following steps:
the user initiates a transaction through the client node based on a preset alliance link network; wherein the presetting comprises: the trusted key generation center generates a system master key and public parameters by adopting a first preset lattice cryptographic algorithm, wherein the public parameters comprise the number of endorsement nodes, an NTRU ring polynomial and a plurality of hash functions; calculating a hash value by utilizing the hash function according to the identity information of each endorsement node to serve as a user public key of each endorsement node; calculating by adopting a second preset lattice cryptographic algorithm according to the user public key and the master key to obtain a first ring polynomial vector and a second ring polynomial vector, and taking the first ring polynomial vector and the second ring polynomial vector as user private keys of all endorsement nodes;
the client node is used as a root node, the endorsement nodes are used as child nodes to construct a multilayer spanning tree, each endorsement node calculates partial commitment values according to the user public key and the NTRU ring polynomial, partial commitment values and user public keys of each endorsement node are sent to upper nodes from bottom to top, and partial aggregation commitment value sets and partial aggregation user public key sets are calculated; the client node calculates a final aggregation commitment value and a final aggregation user public key according to the partial aggregation commitment value set, the partial aggregation user public key set, corresponding transaction contents and the identity identification information of each endorsement node, constructs a transaction proposal according to the final aggregation commitment value, the final aggregation user public key and the corresponding transaction contents, and sends the transaction proposal to each endorsement node;
each endorsement node simulates and executes the transaction proposal to obtain a simulated transaction result, calculates a partial signature response value according to a respective user private key and the final aggregation commitment value, calculates a probability value that the signature of each endorsement node can be correctly output according to the partial signature response value by adopting a third preset lattice cryptographic algorithm, sends the partial signature response value and the signature of each endorsement node to an upper node from bottom to top, and calculates a partial aggregation signature response value set; the client side calculates a final aggregated signature response value according to the partial aggregated signature response value set and obtains multiple signatures formed by signatures of endorsement nodes; the multiple signatures include the transaction proposal, the final aggregated signature response value, and the final aggregated commitment value;
the client node verifies a final aggregated signature response value and a final aggregated commitment value in the multiple signatures by using the transaction proposal, the final aggregated user public key and the identity identification information of each endorsement node, and packages and sends the transaction proposal and the multiple signatures to the sequencing node under the condition of passing verification;
the sequencing node sequences the transactions received within the preset time according to a preset rule, and packages the sequenced batch transactions into data blocks which are broadcast to the verification node in the whole network;
and when the verification node verifies the transaction proposal and the final aggregated signature response value and the final aggregated commitment value in the multiple signatures of each transaction in the data block, and the alliance chain network updates the ledger and completes the transaction under the condition that the verification passes.
2. The lattice-cipher-based alliance-chain multiple-signature transaction method of claim 1, wherein the trusted key generation center generates a system master key and a public parameter by using a first preset lattice cipher algorithm, further comprising the steps of:
the alliance chain network sets system security parameters, the number of endorsement nodes and two hash functions;
initializing an NTRU lattice, and generating an NTRU ring polynomial and an NTRU high-quality short lattice base based on the first preset lattice cryptographic algorithm;
taking the NTRU high-quality short lattice basis as the master key, and taking the parameters of the NTRU lattice, the number of endorsement nodes, two hash functions and the NTRU ring polynomial as the public parameters;
the first preset lattice cryptographic algorithm is a lattice basis trapdoor generation algorithm, and the calculation formula is as follows:
TrapGen NTRU (n,q,σ);
wherein TrapGen NTRU Representing an NTRU lattice basis trap door generation algorithm; n, q, sigma respectively represent an integer, prime number and standard deviation of the NTRU trellis.
3. The federation chain multiple signature transaction method based on the lattice code of claim 1, wherein a first ring polynomial vector and a second ring polynomial vector are obtained by calculating according to the user public key and the master key by using a second preset lattice cryptographic algorithm, the second preset lattice cryptographic algorithm is a lattice-based gaussian sampling algorithm, and the calculation formula is:
Gaussian-Sampler NTRU (B,σ,(pk i ,0));
wherein, gaussian-Sampler NTRU Representing a lattice-based Gaussian sampling algorithm; b represents the master key; σ represents a standard deviation of the NTRU grid set; pk i Representing the user public key of the ith endorsement node.
4. The lattice-cipher-based federation chain multiple-signature transaction method of claim 1, wherein the client node as a root node and the endorsement node as a child node construct a multi-level spanning tree, further comprising:
the endorsement node is provided with a first endorsement node layer, a second endorsement node layer and a third endorsement node layer from top to bottom in sequence by taking the client node as a root node; the client node is connected with a plurality of first-layer endorsement nodes, each first-layer endorsement node is connected with a plurality of second-layer endorsement nodes, and each second-layer endorsement node is connected with a plurality of third-layer endorsement nodes.
5. The method of claim 4, wherein each endorsement node sends the partial commitment value and the user public key of each endorsement node from bottom to top to an upper node according to the user public key and the partial commitment value calculated by the NTRU ring polynomial, and calculates a partial aggregated commitment value set and a partial aggregated user public key set, further comprising the steps of:
randomly selecting two third ring polynomial vectors and fourth ring polynomial vectors which have the same distribution with the user public key by each endorsement node;
each endorsement node calculates the partial commitment value from the NTRU ring polynomial, the third ring polynomial vector, and the fourth ring polynomial vector;
the second-layer endorsement node sends the partial commitment value and the user public key to the first-layer endorsement node; the second-layer endorsement node calculates a partial aggregation commitment value and a partial aggregation user public key according to the received partial commitment value and the user public key of the third-layer endorsement node, and sends the partial aggregation commitment value and the partial aggregation user public key to the first-layer endorsement node;
and the first-layer endorsement node is combined with the partial aggregation commitment value set and the partial aggregation user public key set of all the endorsement nodes to send to the client node.
6. The lattice-cipher-based alliance-chain multiple-signature transaction method according to claim 4, wherein a partial signature response value is calculated according to a respective user private key and the final aggregation commitment value, a signature of each endorsement node is calculated according to the partial signature response value by adopting a third preset lattice cipher algorithm, the partial signature response value and the signature of each endorsement node are sent to an upper node from bottom to top, and a partial aggregation signature response value set is calculated, further comprising the steps of:
the second-layer endorsement sends the partial signature response value to the first-layer endorsement node; the second-layer endorsement node calculates a partial aggregated signature response value according to the received third-layer endorsement node and sends the partial aggregated signature response value to the first-layer endorsement node;
the first-layer endorsement node sends the client node with the partly aggregated signature response value set of all endorsement nodes.
7. The federation chain multiple-signature transaction method based on lattice code of claim 1, wherein partial signature response values are calculated according to respective user private keys and the final aggregation commitment value, a third preset lattice code algorithm is adopted to calculate a probability value that the signature of each endorsement node can be correctly output according to the partial signature response values, the third preset lattice code algorithm is a lattice-based rejection sampling theorem, and the calculation formula of the probability value is as follows:
wherein min (-) represents the minimum value; d represents a probability distribution; n and sigma respectively represent an integer and a standard deviation of the NTRU grid setting; z is a radical of i Representing the partial signature response value; m is a constant; s is i,0 Representing the first ring polynomial vector; s i,1 Representing the second ring polynomial vector; r represents the final aggregate commitment value.
8. The lattice-password-based federation chain multi-signature transaction method of claim 1, wherein the client node verifies a final aggregated signature response value and a final aggregated commitment value in the multi-signature by using the transaction proposal, the final aggregated user public key and identification information of each endorsement node, and the verification passes through the following requirements:
R=H 2 (Z 0 +Z 1 *h-R*PK,ID,Tx);
wherein Z represents a final aggregate signature response value; z 0 Representing a first final aggregate signature response value, Z 1 Represents a second final aggregate signature response value, Z is represented by Z 0 And Z 1 Composition is carried out; n represents the number of endorsement nodes; n and sigma respectively represent an integer and a standard deviation of the NTRU grid set; r represents the final aggregate commitment value; h 2 Representing the hash function; h represents the NTRU ring polynomial; PK is expressedThe final aggregated user public key; the ID represents the identity information of each endorsement node; tx represents the transaction proposal.
9. The method of claim 1, wherein the verification node verifies the final aggregate signature response value and the final aggregate commitment value in the transaction proposal and the multiple signatures of each transaction in the data block, and the verification passes are satisfied at the same time:
R=H 2 (Z 0 +Z 1 *h-R*PK,ID,Tx);
wherein Z represents a final aggregate signature response value; z is a linear or branched member 0 Representing a first final aggregate signature response value, Z 1 Represents a second final aggregate signature response value, Z is represented by Z 0 And Z 1 Composition is carried out; n represents the number of endorsement nodes; n and sigma respectively represent an integer and a standard deviation of the NTRU grid set; r represents the final aggregate commitment value; h 2 Representing the hash function; h represents the NTRU ring polynomial; PK represents the final aggregated user public key; the ID represents the identity information of each endorsement node; tx represents the transaction proposal.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of a method according to any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211490943.8A CN115883099A (en) | 2022-11-25 | 2022-11-25 | Union chain multiple signature transaction method and device based on lattice code |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211490943.8A CN115883099A (en) | 2022-11-25 | 2022-11-25 | Union chain multiple signature transaction method and device based on lattice code |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115883099A true CN115883099A (en) | 2023-03-31 |
Family
ID=85763989
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211490943.8A Pending CN115883099A (en) | 2022-11-25 | 2022-11-25 | Union chain multiple signature transaction method and device based on lattice code |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115883099A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117499039A (en) * | 2023-10-09 | 2024-02-02 | 贵州大学 | Blockchain signature method based on elliptic curve public key cryptographic algorithm |
-
2022
- 2022-11-25 CN CN202211490943.8A patent/CN115883099A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117499039A (en) * | 2023-10-09 | 2024-02-02 | 贵州大学 | Blockchain signature method based on elliptic curve public key cryptographic algorithm |
| CN117499039B (en) * | 2023-10-09 | 2024-03-26 | 贵州大学 | Blockchain signature method based on elliptic curve public key cryptographic algorithm |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110224837B (en) | Zero-knowledge proof method and terminal based on distributed identity | |
| CN109493221B (en) | Method, device, network and storage medium for keeping transaction records secret in block chain | |
| CN109104286B (en) | Method for generating consensus new block based on threshold digital signature | |
| CN111064579A (en) | Block chain-based secure multi-party computing method, system and storage medium | |
| CN110225023B (en) | Traceable anonymous authentication method and traceable anonymous authentication system | |
| CN111371564B (en) | Digital signature and block chain transaction method and device and electronic equipment | |
| CN103733564A (en) | Digital signatures with implicit certificate chains | |
| CN115883099A (en) | Union chain multiple signature transaction method and device based on lattice code | |
| CN111211910A (en) | Anti-quantum computation CA (certificate Authority) and certificate issuing system based on secret shared public key pool and issuing and verifying method thereof | |
| CN111046411B (en) | Power grid data safe storage method and system | |
| CN111817855A (en) | Electronic voting method and system based on Ether house block chain | |
| CN109979550A (en) | A kind of block chain medical data management method and system based on distributed nature signature | |
| CN114679332A (en) | APT detection method of distributed system | |
| CN114615281B (en) | Block chaining and block outputting method based on small-scale committee and PoS protocol confirmation method | |
| CN114760071A (en) | Zero-knowledge proof based cross-domain digital certificate management method, system and medium | |
| CN112989436B (en) | Multi-signature method based on block chain platform | |
| CN109766716A (en) | A kind of anonymous bidirectional authentication method based on trust computing | |
| CN113255011A (en) | Block chain state mapping method, system, computer device and storage medium | |
| CN114172742B (en) | Hierarchical authentication method for electric power Internet of things terminal equipment based on node map and edge authentication | |
| CN113489690B (en) | On-line/off-line outsourcing data integrity auditing method with strong resistance to key exposure | |
| CN113630411B (en) | Method and device for auditing multi-party privacy protection data on alliance block chain | |
| Zhang et al. | Verifier-local revocation group signatures with backward unlinkability from lattices | |
| CN114362962A (en) | Block chain workload proof generation method | |
| CN107947944A (en) | A kind of increment endorsement method based on lattice | |
| CN114362930A (en) | Block chain consensus method and computer-readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |