CN117955656A - Method for improving generation efficiency of threshold signature key in blockchain - Google Patents
Method for improving generation efficiency of threshold signature key in blockchain Download PDFInfo
- Publication number
- CN117955656A CN117955656A CN202410046658.XA CN202410046658A CN117955656A CN 117955656 A CN117955656 A CN 117955656A CN 202410046658 A CN202410046658 A CN 202410046658A CN 117955656 A CN117955656 A CN 117955656A
- Authority
- CN
- China
- Prior art keywords
- key
- threshold
- signature
- generation
- blockchain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 49
- 230000005540 biological transmission Effects 0.000 claims description 4
- 238000004891 communication Methods 0.000 abstract description 11
- 238000004364 calculation method Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 238000012795 verification Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 238000002347 injection Methods 0.000 description 2
- 239000007924 injection Substances 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000000354 decomposition reaction Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000012634 fragment Substances 0.000 description 1
Abstract
The invention relates to a method for improving the generation efficiency of a threshold signature key in a block chain, which comprises the processes of key generation, reshare and signature generation; optimizing the key generation process of the GG18 in the signature generation process; the method comprises the following steps: the threshold is t, there are n total participants, where: t, n are natural numbers n > = t; the key generation section is divided into offiine-online sections. The invention reduces server communication and computation pressure when the threshold signature public key is generated. The method can effectively prevent an attacker from consuming server resources by using a large number of threshold signature public key generation requests, so that the real and effective threshold signature requests of common users are satisfied.
Description
Technical Field
The invention relates to a method for improving generation efficiency of a threshold signature key in a block chain.
Background
Blockchain technology is a distributed database technology, a technology that agrees on a single data value or single state among all nodes in an open untrusted network, but is used extensively in various application fields later.
Specifically, the blockchain has the following characteristics:
Distributed ledger:
blockchains are a distributed ledger where all parties together maintain an identical copy of the ledger. Each party has a full copy of the database, thus avoiding a single point of failure.
A block:
the information is stored in blocks, each block containing a certain amount of transaction data. The blocks are linked together by cryptographic hashes to form a tamper-proof chain.
Decentralizing:
Blockchains do not rely on a centralized control mechanism. All participants manage and verify transactions together without intervention from a central authority. This decentralization feature improves transparency and confidence.
Consensus mechanism:
A consensus mechanism in the blockchain network ensures that all nodes agree to the current state of the ledger. Different blockchains may use different consensus algorithms, such as workload certification (PoW), rights certification (PoS), VRF, etc.
2. Threshold signature
The threshold signature technique is a cryptographic technique for generating signatures in the event of multiple parties participating, without requiring all parties to participate in the signing process. The goal of this technique is to enhance security, protect privacy, and improve usability of the system.
Basic principle:
the threshold signature is based on the idea of distributed key generation and distributed signature. Multiple parties together generate a key pair, but only if certain threshold conditions are met, the parties can together generate a signature.
And (3) key generation:
in the threshold signature, the key generation phases are collaborative. Multiple participants cooperate to generate a public key and a private key, but any subset of the private key is less than a threshold, and the entire private key cannot be restored.
Signature generation:
Signature generation is also a distributed process. In case the threshold condition is met, the signature may be generated jointly by a few participants, without requiring all participants.
Threshold condition:
The threshold condition specifies the minimum number of participants required to generate the signature. For example, a threshold of t scheme means that a signature cannot be generated with fewer than t participants.
Safety:
The threshold signature technique is typically designed to remain secure in the event that some parties are maliciously attacked or the private key compromised.
The main application field is:
threshold signatures are widely used in distributed systems, blockchains, multi-party collaborative environments, and the like. In these scenarios, the threshold signature may provide higher availability, flexibility, and security.
The main examples of the threshold signature are BLS threshold signature, GG18, GG20, etc.
Blockchain technology is a leading edge technology. The method is subverted, combines cryptography, calculation and storage consensus in a distributed mode, a P2P communication network, economy and the like, can achieve unified consensus on the value or the state of data in an untrusted network, and brings decentralization to the traditional Internet.
In a blockchain system, a block is made up of a plurality of transactions, so to speak, that are the basic building blocks of the blockchain.
In a transaction, there are typically a sender and a receiver, and in order to ensure the legitimacy of the transaction, so that a transaction can be received and agreed upon by a plurality of nodes in the blockchain network, a digital signature is required. Similar to the effect of traditional handwritten signatures, digital signatures may ensure that a transaction comes from a legitimate account, rather than being illegally impersonated by other accounts.
Currently, the main digital signature schemes are based on public key cryptography, such as RSA based on large integer decomposition, ECDSA based on elliptic curve discrete logarithms. Digital signatures based on public-key cryptography typically have a private key SK for signing and a public key PK for verifying the validity of the signature.
In a common digital signature, there is typically only one signer, i.e., only one transaction sender, applied to a blockchain transaction. Because in the blockchain system, a large number of digital assets, especially accounts with high funds, are often gathered and easily become targets of hackers, the hackers can use all means including social engineering to obtain the private key SK capable of generating the signature. If a signature is generated from only one private key, then a hacker need only steal one private key SK to steal all funds of the corresponding funds account.
To reduce the risk of theft of the asset, multiple signatures (Multisignature, multiple signatures for short) have also been introduced into blockchain systems for security enhancement, which require authorization signatures requiring multiple private keys to complete when conducting transactions. This mechanism helps to improve the security, resistance to attacks, and protection against potential risks of the system. In the case where multiple private keys are required to produce a legitimate signature, it is much more difficult for a hacker to steal multiple private key forged signatures than to steal one private key forged signature.
Typically, a multi-signature address is associated with multiple public keys, and the number of signatures required to generate the address is determined by a predetermined threshold (threshold). The threshold value determines the minimum number of signatures required for multiple signatures. For example, a multiple signature address of 2-of-3 indicates that, among the three associated public keys, at least two private key signatures are required to complete a transaction. The selection of the threshold value may be determined according to specific requirements and security requirements.
Although multiple signatures can improve security to a certain extent, in actual use, one transaction often needs multiple signatures, which increases storage consumption of signatures, and requires multiple signers to be online at the same time, requires more communication coordination, and increases the use threshold of the multiple signers.
Since the early multiple signature has a plurality of limitations in specific use, a plurality of threshold signature schemes are provided at the later stage to solve the problems, so that the early multiple signature is easier to use and has lower cost. Among them, GG18, GG20 schemes are representative of them, and among these signature schemes, signatures are smaller, and the same as ordinary signatures are seemingly the same as the storage occupation. The threshold signature public key is also identical to the public key in the normal signature. The signing process does not need the simultaneous online of the signers, and after enough signature fragments of the threshold value are collected, the complete threshold signature can be restored.
GG18 is seen in Janus Luo Sa Lio and Steve God Fei De; "fast multiparty threshold ECDSA with fast untrusted setup". ACM SIGSAC computer and communication security conference record in 2018 ".(Gennaro,Rosario,and Steven Goldfeder."Fast multiparty threshold ECDSA with fast trustless setup."Proceedings of the 2018ACM SIGSAC Conference on Computer and Communications Security.2018).
GG20 records the above-mentioned scholars 'recognizable stop round threshold ECDSA's electronic print file "2020(Gennaro,Rosario,and Steven Goldfeder."One round threshold ECDSA with identifiable abort."Cryptology ePrint Archive(2020)).
GG18, GG20 threshold signatures are the most widely used series of threshold signatures in blockchain systems today, with signatures and public keys that appear to be consistent with common digital signature surfaces, occupying little memory. When signing, multiple signers are not required to be online at the same time.
When the GG18, GG20 threshold signature generates a threshold signature public key address, a large amount of communication and calculation is required, and when the public key generation requests are more, especially when a hacker malicious DDoS attack is encountered, a large burden is caused to the threshold signature server.
Disclosure of Invention
The invention aims to provide a method for improving the generation efficiency of a threshold signature key in a blockchain, which optimizes the key generation process of GG 18.
The technical scheme of the invention is as follows: a method for improving the generation efficiency of a threshold signature key in a block chain comprises the processes of key generation, reshare and signature generation; optimizing the key generation process of the GG18 in the signature generation process; the method comprises the following steps: the threshold is t, there are n total participants, where: t, n are natural numbers n > =t;
the key generation part is divided into two parts of ofline-online:
the Offline phase includes:
Step 11, after receiving the user key generation request, the party P i generates a random number U i in F r, calculates U i=ui ·g, and generates a commitment { KGC i,KGDi}=Com{Ui } of U i at the same time, and broadcasts U i and its commitment to other nodes; wherein: i is a natural number, and 1< = i < = n; g is an elliptic curve generator, and F r is the order of an elliptic curve group;
Step 12, each node verifies the validity of the promise, calculates a threshold signature public key PK= Σu i, stores U i by the node P i, waits for a user to request a transaction signature, and enters an online stage;
The Online phase includes:
Step 21, each party P i generates a random number c i1,ci2,…,ci,t-1 in F r and constructs a t-1 order random polynomial P i(x)=ui+ci1·x+ci2·x2+…+ci,t-1·xt-1;
Step 22, calculating P i (j) and broadcasting to the node P j; j is a natural number, 1< = j < = n, and j+.i;
Step 23, calculating all C ik=cik & G, wherein 1< = k < = t-1, and broadcasting to other nodes;
Step 24, after receiving { C i } broadcast by a certain node i, the node j verifies p i(j)·G=Ui+Ci1·j+Ci2·j2+…+Ci,t-1·jt-1;
Step 25, calculating a slicing private key;
Step 26, calculating a shard public key;
Step 27, node P i (1 < =i < =n) deletes local u i.
Further, in the method for improving the generation efficiency of the threshold signing key in the blockchain, the method comprises the following steps: in the step 11: u i is already included in the promise, and no additional transmissions are needed.
Further, in the method for improving the generation efficiency of the threshold signing key in the blockchain, the method comprises the following steps: the commitment is a hash of the original value plus a random number, and the hash function that generates the hash is chosen to be sha512_256.
Further, in the method for improving the generation efficiency of the threshold signing key in the blockchain, the method comprises the following steps: in step 25, each participant j calculates a shard private key sk j=∑pi (j).
Further, in the method for improving the generation efficiency of the threshold signing key in the blockchain, the method comprises the following steps: in step 26, each party j calculates a public key pk j=skj ·g according to the private key.
The invention reduces server communication and computation pressure when the threshold signature public key is generated. The method can effectively prevent an attacker from consuming server resources by using a large number of threshold signature public key generation requests, so that the real and effective threshold signature requests of common users are satisfied.
The invention will now be described in detail with reference to the drawings and to specific embodiments.
Drawings
Fig. 1 is a flowchart of embodiment 1 of the present invention.
Detailed Description
The present embodiment is a method for improving the efficiency of generating a threshold signature key in a blockchain, in the present embodiment, the threshold signature is divided into a key generation process, a reshare process and a signature generation process, and signature verification is consistent with common digital signature verification, and is not considered here. The key generation process of the GG18 (GG 20 is the security improvement of the GG18, and the scheme is also applicable) is optimized in the scheme of the embodiment. According to the embodiment, the key generation part is divided into two parts of the ofline-online, so that calculation and communication loads caused by key generation in practical application can be effectively reduced.
The main idea of the scheme of the embodiment is as follows: as shown in fig. 1:
The key generation is divided into two stages, ofline and online.
The offline communication and calculation cost is low, but a legal threshold signature public key can be generated for each key generation request of the user, and the service node stores a small amount of temporary data for each request.
For the online phase, the communication and computation overhead is large, and the generation of the private and public shard keys for each node is only performed when the user has a formal signed transaction request.
By the method, normal requests of the user and false requests of the attacker can be effectively screened, so that communication and calculation cost of the server is reduced.
Let n participants total, n > = t, assume a threshold signature of t-out-of-n, i.e. a threshold of t.
Let the elliptic curve generator be G and the elliptic curve group be of order F r.
Offline phase:
1. After receiving the user key generation request, the party P i (1 < =i < =n) generates a random number U i in F r, calculates U i=ui ·g, generates a commitment (KGC i,KGDi)=Com(Ui) of U i, and broadcasts U i and its commitment to other nodes. And (3) injection: in practical applications, U i is often already included in the commitment, so no additional transmission is needed.
2. Each node verifies the validity of the commitment and computes a threshold signature public key pk= Σu i, node P i saves U i, waits for the user to request the transaction signature, and enters the online phase.
An Online stage:
1. Each party P i (1 < =i < =n) generates a random number c i1,ci2,…,ci,t-1 within F r and constructs a t-1 order random polynomial P i(x)=ui+ci1·x+ci2·x2+…+ci,t-1·xt-1.
2. Calculate P i (j) and broadcast to node P j. Where 1< = j < = n, and j+.i.
3. All C ik=cik -G are calculated, where 1< =k < =t-1, and broadcast to other nodes.
4. Node j verifies p i(j)·G=Ui+Ci1·j+Ci2·j2+…+Ci,t-1·jt-1 after receiving { C i } broadcast by a certain node i.
5. And calculating the slicing private key.
6. The shard public key is calculated.
In this embodiment: first, a base elliptic curve signature scheme secp k1 is selected, which is used by all of the well-known blockchains of ethernet, etc. Let secp k1 be G and the order of the group be F r.
Let the threshold signature be 2-out-of-3, i.e. the number of threshold signature service nodes n=3, the threshold be 2.
And the user U sends a signature request which is generated by a threshold signature key to the threshold signature node group.
The Offline phase includes the following steps:
1. Upon receiving the user U key generation keygen request, the party P i (1 < =i < =3) generates a random number U i in F r, calculates U i=ui ·g, generates a commitment of U i (KGC i,KGDi)=Com(Ui), and broadcasts U i and its commitment to other nodes. And (3) injection: in practical applications, U i is often already included in the commitment, so no additional transmission is needed. The commitment is typically a hash of the original value plus a random number, and the hash function that generates the hash may be chosen to be sha512_256.
2. Each party P i (1 < =i < =3) verifies the validity of the received commitment and calculates the threshold signature public key pk= Σu i, and party P i saves U i, waits for the user to request a transaction signature, and enters the online phase.
The Online phase comprises the following steps:
1. Each party P i (1 < =i < =3) generates a random number c i1 within F r and constructs a 1 st order random polynomial P i(x)=ui+ci1 ·x.
2. Each participant P i (1 < =i < =3) calculates P i (j) and broadcasts to node P j. Where 1< = j < = 3.
3. All C i1=ci1 G are calculated and broadcast to other nodes.
4. Each party j (1 < =j < =3) verifies p i(j)·G=Ui+Ci1 ·j after receiving C i1 broadcast by a certain node i, and after verification, proceeds to the following steps.
5. Each party j (1 < =j < =3) calculates a sharded private key sk j=∑pi (j), i=1, 2,3.
6. Each party j (1 < =j < =3) calculates the public key of the shard, pk j=skj ·g, from the private key of the shard.
7. Node P i (1 < =i < =n) deletes local u i to guarantee forward security.
Claims (5)
1. A method for improving the generation efficiency of a threshold signature key in a block chain comprises the processes of key generation, reshare and signature generation; the method is characterized in that: optimizing the key generation process of the GG18 in the signature generation process; the method comprises the following steps: the threshold is t, there are n total participants, where: t, n are natural numbers n > = t;
the key generation part is divided into two parts of ofline-online:
the Offline phase includes:
Step 11, after receiving the user key generation request, the party P i generates a random number U i in F r, calculates U i=ui ·g, and generates a commitment { KGC i,KGDi}=Com{Ui } of U i at the same time, and broadcasts U i and its commitment to other nodes; wherein: i is a natural number, and 1 < = i < = n; g is an elliptic curve generator, and F r is the order of an elliptic curve group;
Step 12, each node verifies the validity of the promise, calculates a threshold signature public key PK= Σu i, stores U i by the node P i, waits for a user to request a transaction signature, and enters an online stage;
The Online phase includes:
Step 21, each party P i generates a random number c i1,ci2,…,ci,t-1 in F r and constructs a t-1 order random polynomial P i(x)=ui+ci1·x+ci2·x2+···+ci,t-1·xt-1;
Step 22, calculating P i (j) and broadcasting to the node P j; j is a natural number, 1 < = j < = n, and j+.i;
Step 23, calculating all C ik=cik & G, wherein 1 < = k < = t-1, and broadcasting to other nodes;
Step 24, after receiving { C i } broadcast by a certain node i, the node j verifies p i(j)·G=Ui+Ci1·j+Ci2·j2+…+Ci,t-1.jt-1;
Step 25, calculating a slicing private key;
Step 26, calculating a shard public key;
Step 27, node P i (1 < = i < = n) deletes local u i.
2. The method for improving the generation efficiency of the threshold signing key in the blockchain as in claim 1, wherein: in the step 11: u i is already included in the promise, and no additional transmissions are needed.
3. The method for improving the generation efficiency of the threshold signing key in the blockchain as in claim 2, wherein: the commitment is a hash of the original value plus a random number, and the hash function that generates the hash is chosen to be sha512_256.
4. The method for improving the generation efficiency of the threshold signing key in the blockchain as in claim 1, wherein: in step 25, each participant j calculates a shard private key sk j=∑pi (j).
5. The method for improving the generation efficiency of the threshold signing key in a blockchain of claim 4, wherein: in step 26, each party j calculates a public key pk j=skj ·g according to the private key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202410046658.XA CN117955656A (en) | 2024-01-11 | 2024-01-11 | Method for improving generation efficiency of threshold signature key in blockchain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202410046658.XA CN117955656A (en) | 2024-01-11 | 2024-01-11 | Method for improving generation efficiency of threshold signature key in blockchain |
Publications (1)
Publication Number | Publication Date |
---|---|
CN117955656A true CN117955656A (en) | 2024-04-30 |
Family
ID=90793773
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202410046658.XA Pending CN117955656A (en) | 2024-01-11 | 2024-01-11 | Method for improving generation efficiency of threshold signature key in blockchain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN117955656A (en) |
-
2024
- 2024-01-11 CN CN202410046658.XA patent/CN117955656A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112039872B (en) | Cross-domain anonymous authentication method and system based on block chain | |
Xiong et al. | CPPA-D: Efficient conditional privacy-preserving authentication scheme with double-insurance in VANETs | |
EP4340295A2 (en) | Computer implemented method and system for transferring access to a digital asset | |
KR0146437B1 (en) | Identification scheme, digital signature giving message recovery scheme, digital signature with appendix schemie, key exchange scheme,.. | |
Sun et al. | Threshold proxy signatures | |
CN113194469A (en) | 5G unmanned aerial vehicle cross-domain identity authentication method, system and terminal based on block chain | |
Chow et al. | Server-aided signatures verification secure against collusion attack | |
Shieh et al. | Digital multisignature schemes for authenticating delegates in mobile code systems | |
Annessi et al. | It's about time: Securing broadcast time synchronization with data origin authentication | |
Zhang et al. | DBCPA: Dual blockchain-assisted conditional privacy-preserving authentication framework and protocol for vehicular ad hoc networks | |
Bicakci et al. | Server assisted signatures revisited | |
Longo et al. | On the security of the blockchain BIX protocol and certificates | |
Tang et al. | Privacy-preserving scheme in the blockchain based on group signature with multiple managers | |
Ansper et al. | Efficient long-term validation of digital signatures | |
EP4183105A1 (en) | Identifying denial-of-service attacks | |
CN110945833A (en) | Method and system for multi-mode identification network privacy protection and identity management | |
CN116389111A (en) | Identity authentication mode of alliance chain under strong authority control mode based on identification | |
KR20200070776A (en) | Method and apparatus for generating block in blockchain system | |
CN117955656A (en) | Method for improving generation efficiency of threshold signature key in blockchain | |
Shin et al. | A verifier-based password-authenticated key exchange using tamper-proof hardware | |
Al-Ibrahim et al. | Proxy and threshold one-time signatures | |
Shari et al. | Revocation protocol for group signatures in VANETs: A Secure Construction | |
Cui et al. | Conditional privacy protection scheme based on blockchain and ring signcryption in Vanets | |
Abbdal et al. | An Efficient Public Verifiability and Data Integrity Using Multiple TPAs in Cloud Data Storage | |
CN111586036B (en) | Decentralized multi-cloud self-auditing method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination |