CN117955656A - Method for improving generation efficiency of threshold signature key in blockchain - Google Patents

Method for improving generation efficiency of threshold signature key in blockchain Download PDF

Info

Publication number
CN117955656A
CN117955656A CN202410046658.XA CN202410046658A CN117955656A CN 117955656 A CN117955656 A CN 117955656A CN 202410046658 A CN202410046658 A CN 202410046658A CN 117955656 A CN117955656 A CN 117955656A
Authority
CN
China
Prior art keywords
key
threshold
signature
generation
blockchain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410046658.XA
Other languages
Chinese (zh)
Inventor
谈扬
彭彦雄
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Qianhai Xinxin Digital Technology Co ltd
Original Assignee
Shenzhen Qianhai Xinxin Digital Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Qianhai Xinxin Digital Technology Co ltd filed Critical Shenzhen Qianhai Xinxin Digital Technology Co ltd
Priority to CN202410046658.XA priority Critical patent/CN117955656A/en
Publication of CN117955656A publication Critical patent/CN117955656A/en
Pending legal-status Critical Current

Links

Abstract

The invention relates to a method for improving the generation efficiency of a threshold signature key in a block chain, which comprises the processes of key generation, reshare and signature generation; optimizing the key generation process of the GG18 in the signature generation process; the method comprises the following steps: the threshold is t, there are n total participants, where: t, n are natural numbers n > = t; the key generation section is divided into offiine-online sections. The invention reduces server communication and computation pressure when the threshold signature public key is generated. The method can effectively prevent an attacker from consuming server resources by using a large number of threshold signature public key generation requests, so that the real and effective threshold signature requests of common users are satisfied.

Description

Method for improving generation efficiency of threshold signature key in blockchain
Technical Field
The invention relates to a method for improving generation efficiency of a threshold signature key in a block chain.
Background
Blockchain technology is a distributed database technology, a technology that agrees on a single data value or single state among all nodes in an open untrusted network, but is used extensively in various application fields later.
Specifically, the blockchain has the following characteristics:
Distributed ledger:
blockchains are a distributed ledger where all parties together maintain an identical copy of the ledger. Each party has a full copy of the database, thus avoiding a single point of failure.
A block:
the information is stored in blocks, each block containing a certain amount of transaction data. The blocks are linked together by cryptographic hashes to form a tamper-proof chain.
Decentralizing:
Blockchains do not rely on a centralized control mechanism. All participants manage and verify transactions together without intervention from a central authority. This decentralization feature improves transparency and confidence.
Consensus mechanism:
A consensus mechanism in the blockchain network ensures that all nodes agree to the current state of the ledger. Different blockchains may use different consensus algorithms, such as workload certification (PoW), rights certification (PoS), VRF, etc.
2. Threshold signature
The threshold signature technique is a cryptographic technique for generating signatures in the event of multiple parties participating, without requiring all parties to participate in the signing process. The goal of this technique is to enhance security, protect privacy, and improve usability of the system.
Basic principle:
the threshold signature is based on the idea of distributed key generation and distributed signature. Multiple parties together generate a key pair, but only if certain threshold conditions are met, the parties can together generate a signature.
And (3) key generation:
in the threshold signature, the key generation phases are collaborative. Multiple participants cooperate to generate a public key and a private key, but any subset of the private key is less than a threshold, and the entire private key cannot be restored.
Signature generation:
Signature generation is also a distributed process. In case the threshold condition is met, the signature may be generated jointly by a few participants, without requiring all participants.
Threshold condition:
The threshold condition specifies the minimum number of participants required to generate the signature. For example, a threshold of t scheme means that a signature cannot be generated with fewer than t participants.
Safety:
The threshold signature technique is typically designed to remain secure in the event that some parties are maliciously attacked or the private key compromised.
The main application field is:
threshold signatures are widely used in distributed systems, blockchains, multi-party collaborative environments, and the like. In these scenarios, the threshold signature may provide higher availability, flexibility, and security.
The main examples of the threshold signature are BLS threshold signature, GG18, GG20, etc.
Blockchain technology is a leading edge technology. The method is subverted, combines cryptography, calculation and storage consensus in a distributed mode, a P2P communication network, economy and the like, can achieve unified consensus on the value or the state of data in an untrusted network, and brings decentralization to the traditional Internet.
In a blockchain system, a block is made up of a plurality of transactions, so to speak, that are the basic building blocks of the blockchain.
In a transaction, there are typically a sender and a receiver, and in order to ensure the legitimacy of the transaction, so that a transaction can be received and agreed upon by a plurality of nodes in the blockchain network, a digital signature is required. Similar to the effect of traditional handwritten signatures, digital signatures may ensure that a transaction comes from a legitimate account, rather than being illegally impersonated by other accounts.
Currently, the main digital signature schemes are based on public key cryptography, such as RSA based on large integer decomposition, ECDSA based on elliptic curve discrete logarithms. Digital signatures based on public-key cryptography typically have a private key SK for signing and a public key PK for verifying the validity of the signature.
In a common digital signature, there is typically only one signer, i.e., only one transaction sender, applied to a blockchain transaction. Because in the blockchain system, a large number of digital assets, especially accounts with high funds, are often gathered and easily become targets of hackers, the hackers can use all means including social engineering to obtain the private key SK capable of generating the signature. If a signature is generated from only one private key, then a hacker need only steal one private key SK to steal all funds of the corresponding funds account.
To reduce the risk of theft of the asset, multiple signatures (Multisignature, multiple signatures for short) have also been introduced into blockchain systems for security enhancement, which require authorization signatures requiring multiple private keys to complete when conducting transactions. This mechanism helps to improve the security, resistance to attacks, and protection against potential risks of the system. In the case where multiple private keys are required to produce a legitimate signature, it is much more difficult for a hacker to steal multiple private key forged signatures than to steal one private key forged signature.
Typically, a multi-signature address is associated with multiple public keys, and the number of signatures required to generate the address is determined by a predetermined threshold (threshold). The threshold value determines the minimum number of signatures required for multiple signatures. For example, a multiple signature address of 2-of-3 indicates that, among the three associated public keys, at least two private key signatures are required to complete a transaction. The selection of the threshold value may be determined according to specific requirements and security requirements.
Although multiple signatures can improve security to a certain extent, in actual use, one transaction often needs multiple signatures, which increases storage consumption of signatures, and requires multiple signers to be online at the same time, requires more communication coordination, and increases the use threshold of the multiple signers.
Since the early multiple signature has a plurality of limitations in specific use, a plurality of threshold signature schemes are provided at the later stage to solve the problems, so that the early multiple signature is easier to use and has lower cost. Among them, GG18, GG20 schemes are representative of them, and among these signature schemes, signatures are smaller, and the same as ordinary signatures are seemingly the same as the storage occupation. The threshold signature public key is also identical to the public key in the normal signature. The signing process does not need the simultaneous online of the signers, and after enough signature fragments of the threshold value are collected, the complete threshold signature can be restored.
GG18 is seen in Janus Luo Sa Lio and Steve God Fei De; "fast multiparty threshold ECDSA with fast untrusted setup". ACM SIGSAC computer and communication security conference record in 2018 ".(Gennaro,Rosario,and Steven Goldfeder."Fast multiparty threshold ECDSA with fast trustless setup."Proceedings of the 2018ACM SIGSAC Conference on Computer and Communications Security.2018).
GG20 records the above-mentioned scholars 'recognizable stop round threshold ECDSA's electronic print file "2020(Gennaro,Rosario,and Steven Goldfeder."One round threshold ECDSA with identifiable abort."Cryptology ePrint Archive(2020)).
GG18, GG20 threshold signatures are the most widely used series of threshold signatures in blockchain systems today, with signatures and public keys that appear to be consistent with common digital signature surfaces, occupying little memory. When signing, multiple signers are not required to be online at the same time.
When the GG18, GG20 threshold signature generates a threshold signature public key address, a large amount of communication and calculation is required, and when the public key generation requests are more, especially when a hacker malicious DDoS attack is encountered, a large burden is caused to the threshold signature server.
Disclosure of Invention
The invention aims to provide a method for improving the generation efficiency of a threshold signature key in a blockchain, which optimizes the key generation process of GG 18.
The technical scheme of the invention is as follows: a method for improving the generation efficiency of a threshold signature key in a block chain comprises the processes of key generation, reshare and signature generation; optimizing the key generation process of the GG18 in the signature generation process; the method comprises the following steps: the threshold is t, there are n total participants, where: t, n are natural numbers n > =t;
the key generation part is divided into two parts of ofline-online:
the Offline phase includes:
Step 11, after receiving the user key generation request, the party P i generates a random number U i in F r, calculates U i=ui ·g, and generates a commitment { KGC i,KGDi}=Com{Ui } of U i at the same time, and broadcasts U i and its commitment to other nodes; wherein: i is a natural number, and 1< = i < = n; g is an elliptic curve generator, and F r is the order of an elliptic curve group;
Step 12, each node verifies the validity of the promise, calculates a threshold signature public key PK= Σu i, stores U i by the node P i, waits for a user to request a transaction signature, and enters an online stage;
The Online phase includes:
Step 21, each party P i generates a random number c i1,ci2,…,ci,t-1 in F r and constructs a t-1 order random polynomial P i(x)=ui+ci1·x+ci2·x2+…+ci,t-1·xt-1;
Step 22, calculating P i (j) and broadcasting to the node P j; j is a natural number, 1< = j < = n, and j+.i;
Step 23, calculating all C ik=cik & G, wherein 1< = k < = t-1, and broadcasting to other nodes;
Step 24, after receiving { C i } broadcast by a certain node i, the node j verifies p i(j)·G=Ui+Ci1·j+Ci2·j2+…+Ci,t-1·jt-1;
Step 25, calculating a slicing private key;
Step 26, calculating a shard public key;
Step 27, node P i (1 < =i < =n) deletes local u i.
Further, in the method for improving the generation efficiency of the threshold signing key in the blockchain, the method comprises the following steps: in the step 11: u i is already included in the promise, and no additional transmissions are needed.
Further, in the method for improving the generation efficiency of the threshold signing key in the blockchain, the method comprises the following steps: the commitment is a hash of the original value plus a random number, and the hash function that generates the hash is chosen to be sha512_256.
Further, in the method for improving the generation efficiency of the threshold signing key in the blockchain, the method comprises the following steps: in step 25, each participant j calculates a shard private key sk j=∑pi (j).
Further, in the method for improving the generation efficiency of the threshold signing key in the blockchain, the method comprises the following steps: in step 26, each party j calculates a public key pk j=skj ·g according to the private key.
The invention reduces server communication and computation pressure when the threshold signature public key is generated. The method can effectively prevent an attacker from consuming server resources by using a large number of threshold signature public key generation requests, so that the real and effective threshold signature requests of common users are satisfied.
The invention will now be described in detail with reference to the drawings and to specific embodiments.
Drawings
Fig. 1 is a flowchart of embodiment 1 of the present invention.
Detailed Description
The present embodiment is a method for improving the efficiency of generating a threshold signature key in a blockchain, in the present embodiment, the threshold signature is divided into a key generation process, a reshare process and a signature generation process, and signature verification is consistent with common digital signature verification, and is not considered here. The key generation process of the GG18 (GG 20 is the security improvement of the GG18, and the scheme is also applicable) is optimized in the scheme of the embodiment. According to the embodiment, the key generation part is divided into two parts of the ofline-online, so that calculation and communication loads caused by key generation in practical application can be effectively reduced.
The main idea of the scheme of the embodiment is as follows: as shown in fig. 1:
The key generation is divided into two stages, ofline and online.
The offline communication and calculation cost is low, but a legal threshold signature public key can be generated for each key generation request of the user, and the service node stores a small amount of temporary data for each request.
For the online phase, the communication and computation overhead is large, and the generation of the private and public shard keys for each node is only performed when the user has a formal signed transaction request.
By the method, normal requests of the user and false requests of the attacker can be effectively screened, so that communication and calculation cost of the server is reduced.
Let n participants total, n > = t, assume a threshold signature of t-out-of-n, i.e. a threshold of t.
Let the elliptic curve generator be G and the elliptic curve group be of order F r.
Offline phase:
1. After receiving the user key generation request, the party P i (1 < =i < =n) generates a random number U i in F r, calculates U i=ui ·g, generates a commitment (KGC i,KGDi)=Com(Ui) of U i, and broadcasts U i and its commitment to other nodes. And (3) injection: in practical applications, U i is often already included in the commitment, so no additional transmission is needed.
2. Each node verifies the validity of the commitment and computes a threshold signature public key pk= Σu i, node P i saves U i, waits for the user to request the transaction signature, and enters the online phase.
An Online stage:
1. Each party P i (1 < =i < =n) generates a random number c i1,ci2,…,ci,t-1 within F r and constructs a t-1 order random polynomial P i(x)=ui+ci1·x+ci2·x2+…+ci,t-1·xt-1.
2. Calculate P i (j) and broadcast to node P j. Where 1< = j < = n, and j+.i.
3. All C ik=cik -G are calculated, where 1< =k < =t-1, and broadcast to other nodes.
4. Node j verifies p i(j)·G=Ui+Ci1·j+Ci2·j2+…+Ci,t-1·jt-1 after receiving { C i } broadcast by a certain node i.
5. And calculating the slicing private key.
6. The shard public key is calculated.
In this embodiment: first, a base elliptic curve signature scheme secp k1 is selected, which is used by all of the well-known blockchains of ethernet, etc. Let secp k1 be G and the order of the group be F r.
Let the threshold signature be 2-out-of-3, i.e. the number of threshold signature service nodes n=3, the threshold be 2.
And the user U sends a signature request which is generated by a threshold signature key to the threshold signature node group.
The Offline phase includes the following steps:
1. Upon receiving the user U key generation keygen request, the party P i (1 < =i < =3) generates a random number U i in F r, calculates U i=ui ·g, generates a commitment of U i (KGC i,KGDi)=Com(Ui), and broadcasts U i and its commitment to other nodes. And (3) injection: in practical applications, U i is often already included in the commitment, so no additional transmission is needed. The commitment is typically a hash of the original value plus a random number, and the hash function that generates the hash may be chosen to be sha512_256.
2. Each party P i (1 < =i < =3) verifies the validity of the received commitment and calculates the threshold signature public key pk= Σu i, and party P i saves U i, waits for the user to request a transaction signature, and enters the online phase.
The Online phase comprises the following steps:
1. Each party P i (1 < =i < =3) generates a random number c i1 within F r and constructs a 1 st order random polynomial P i(x)=ui+ci1 ·x.
2. Each participant P i (1 < =i < =3) calculates P i (j) and broadcasts to node P j. Where 1< = j < = 3.
3. All C i1=ci1 G are calculated and broadcast to other nodes.
4. Each party j (1 < =j < =3) verifies p i(j)·G=Ui+Ci1 ·j after receiving C i1 broadcast by a certain node i, and after verification, proceeds to the following steps.
5. Each party j (1 < =j < =3) calculates a sharded private key sk j=∑pi (j), i=1, 2,3.
6. Each party j (1 < =j < =3) calculates the public key of the shard, pk j=skj ·g, from the private key of the shard.
7. Node P i (1 < =i < =n) deletes local u i to guarantee forward security.

Claims (5)

1. A method for improving the generation efficiency of a threshold signature key in a block chain comprises the processes of key generation, reshare and signature generation; the method is characterized in that: optimizing the key generation process of the GG18 in the signature generation process; the method comprises the following steps: the threshold is t, there are n total participants, where: t, n are natural numbers n > = t;
the key generation part is divided into two parts of ofline-online:
the Offline phase includes:
Step 11, after receiving the user key generation request, the party P i generates a random number U i in F r, calculates U i=ui ·g, and generates a commitment { KGC i,KGDi}=Com{Ui } of U i at the same time, and broadcasts U i and its commitment to other nodes; wherein: i is a natural number, and 1 < = i < = n; g is an elliptic curve generator, and F r is the order of an elliptic curve group;
Step 12, each node verifies the validity of the promise, calculates a threshold signature public key PK= Σu i, stores U i by the node P i, waits for a user to request a transaction signature, and enters an online stage;
The Online phase includes:
Step 21, each party P i generates a random number c i1,ci2,…,ci,t-1 in F r and constructs a t-1 order random polynomial P i(x)=ui+ci1·x+ci2·x2+···+ci,t-1·xt-1;
Step 22, calculating P i (j) and broadcasting to the node P j; j is a natural number, 1 < = j < = n, and j+.i;
Step 23, calculating all C ik=cik & G, wherein 1 < = k < = t-1, and broadcasting to other nodes;
Step 24, after receiving { C i } broadcast by a certain node i, the node j verifies p i(j)·G=Ui+Ci1·j+Ci2·j2+…+Ci,t-1.jt-1;
Step 25, calculating a slicing private key;
Step 26, calculating a shard public key;
Step 27, node P i (1 < = i < = n) deletes local u i.
2. The method for improving the generation efficiency of the threshold signing key in the blockchain as in claim 1, wherein: in the step 11: u i is already included in the promise, and no additional transmissions are needed.
3. The method for improving the generation efficiency of the threshold signing key in the blockchain as in claim 2, wherein: the commitment is a hash of the original value plus a random number, and the hash function that generates the hash is chosen to be sha512_256.
4. The method for improving the generation efficiency of the threshold signing key in the blockchain as in claim 1, wherein: in step 25, each participant j calculates a shard private key sk j=∑pi (j).
5. The method for improving the generation efficiency of the threshold signing key in a blockchain of claim 4, wherein: in step 26, each party j calculates a public key pk j=skj ·g according to the private key.
CN202410046658.XA 2024-01-11 2024-01-11 Method for improving generation efficiency of threshold signature key in blockchain Pending CN117955656A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410046658.XA CN117955656A (en) 2024-01-11 2024-01-11 Method for improving generation efficiency of threshold signature key in blockchain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410046658.XA CN117955656A (en) 2024-01-11 2024-01-11 Method for improving generation efficiency of threshold signature key in blockchain

Publications (1)

Publication Number Publication Date
CN117955656A true CN117955656A (en) 2024-04-30

Family

ID=90793773

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410046658.XA Pending CN117955656A (en) 2024-01-11 2024-01-11 Method for improving generation efficiency of threshold signature key in blockchain

Country Status (1)

Country Link
CN (1) CN117955656A (en)

Similar Documents

Publication Publication Date Title
CN112039872B (en) Cross-domain anonymous authentication method and system based on block chain
Xiong et al. CPPA-D: Efficient conditional privacy-preserving authentication scheme with double-insurance in VANETs
EP4340295A2 (en) Computer implemented method and system for transferring access to a digital asset
KR0146437B1 (en) Identification scheme, digital signature giving message recovery scheme, digital signature with appendix schemie, key exchange scheme,..
Sun et al. Threshold proxy signatures
CN113194469A (en) 5G unmanned aerial vehicle cross-domain identity authentication method, system and terminal based on block chain
Chow et al. Server-aided signatures verification secure against collusion attack
Shieh et al. Digital multisignature schemes for authenticating delegates in mobile code systems
Annessi et al. It's about time: Securing broadcast time synchronization with data origin authentication
Zhang et al. DBCPA: Dual blockchain-assisted conditional privacy-preserving authentication framework and protocol for vehicular ad hoc networks
Bicakci et al. Server assisted signatures revisited
Longo et al. On the security of the blockchain BIX protocol and certificates
Tang et al. Privacy-preserving scheme in the blockchain based on group signature with multiple managers
Ansper et al. Efficient long-term validation of digital signatures
EP4183105A1 (en) Identifying denial-of-service attacks
CN110945833A (en) Method and system for multi-mode identification network privacy protection and identity management
CN116389111A (en) Identity authentication mode of alliance chain under strong authority control mode based on identification
KR20200070776A (en) Method and apparatus for generating block in blockchain system
CN117955656A (en) Method for improving generation efficiency of threshold signature key in blockchain
Shin et al. A verifier-based password-authenticated key exchange using tamper-proof hardware
Al-Ibrahim et al. Proxy and threshold one-time signatures
Shari et al. Revocation protocol for group signatures in VANETs: A Secure Construction
Cui et al. Conditional privacy protection scheme based on blockchain and ring signcryption in Vanets
Abbdal et al. An Efficient Public Verifiability and Data Integrity Using Multiple TPAs in Cloud Data Storage
CN111586036B (en) Decentralized multi-cloud self-auditing method and system

Legal Events

Date Code Title Description
PB01 Publication
SE01 Entry into force of request for substantive examination