KR102364254B1 - A method and apparatus for management key of entity in blockchain - Google Patents

Abstract

A method and apparatus for managing an entity's key in a blockchain are disclosed. A key generation method performed by a specific entity constituting a block chain according to an embodiment of the present invention includes generating an i-th private key corresponding to a specific entity of the block chain; obtaining an i-th public key from the i-th private key; using the i-th public key and a hash function to generate an i-th hash chain consisting of consecutive nodes in one-way and corresponding to the specific entity; generating an i+1th private key corresponding to the specific entity; obtaining an i+1th public key from the i+1th private key; generating an i+1th hash chain corresponding to the specific entity using the i+1th public key and a hash function; and mapping the last node of the i+1th hash chain to the i-th hash chain.

Description

A METHOD AND APPARATUS FOR MANAGEMENT KEY OF ENTITY IN BLOCKCHAIN

The present invention relates to a method and apparatus for managing an entity's key in a block chain, and relates to a method for generating an entity's key using an infinite hash chain in a block chain, a method for registering an entity's key, a method for exchanging a key between entities, and a method for updating an entity's key it's about

Unlike the existing identification method, decentralized identity is not controlled by a central system and is a blockchain-based technology that allows individuals to have control over their own information.

In the block chain, a distributed ID or public key corresponding to each entity constituting the block chain is registered. At this time, each entity has a public key-private key pair, and the public key-private key pair is used to authenticate that it is a valid entity.

An entity's public key-private key pair must be changed at regular intervals for cryptographic safety. When the public key-private key pair of a conventional entity is changed or replaced, the distributed ID is also replaced, so it is treated as a new entity rather than an existing entity, and there is a limitation in that the characteristics or properties of the existing entity cannot be preserved.

Therefore, the key management technology of the block chain to solve this problem is required.

The present invention provides a method and apparatus for solving the problem that the distributed ID is replaced when an entity's public key-private key pair is changed or replaced in a block chain, thereby not preserving the characteristics and properties of an existing entity and treating it as a new entity.

In addition, the present invention provides a method and apparatus for preserving the characteristics and properties of an entity without replacing the distributed ID of the entity even if the public key-private key pair of the entity is replaced by managing the keys of the entities using an infinite hash chain.

A key generation method performed by a specific entity constituting a block chain according to an embodiment of the present invention includes generating an i-th private key corresponding to a specific entity of the block chain; obtaining an i-th public key from the i-th private key; using the i-th public key and a hash function to generate an i-th hash chain consisting of consecutive nodes in one-way and corresponding to the specific entity; generating an i+1th private key corresponding to the specific entity; obtaining an i+1th public key from the i+1th private key; generating an i+1th hash chain corresponding to the specific entity using the i+1th public key and a hash function; and mapping the last node of the i+1th hash chain to the i-th hash chain.

When i is 1, the method may further include generating a distributed ID corresponding to the specific entity by inputting the first public key and the last node of the first hash chain into a hash function.

The generating of the i-th hash chain may include: obtaining an n-th node of the i-th hash chain by inputting an arbitrary seed and a secret key corresponding to the specific entity into a hash function; and inputting the j-th node and the i-th public key into a hash function to obtain a j-1 th node.

A method of registering a key in a block chain performed by a key management device according to an embodiment of the present invention is a distributed ID of the specific entity, a public key of the specific entity, and the specific entity from a specific entity in the block chain. obtaining a last node among consecutive nodes constituting a hash chain of ; determining whether the distributed ID is registered in a block chain; if the distributed ID is not registered in the block chain, registering the distributed ID and public key in the block chain as the distributed ID and public key of the specific entity; and when the distributed ID is not registered in the block chain, registering the last received node as a root node and a commitment node of the specific entity in the block chain.

The public key of the specific entity is generated from a private key corresponding to the specific entity, and the hash chain of the specific entity is generated using the public key and hash function of the specific entity, and is a one-way It is composed of consecutive nodes, and the distributed ID of the specific entity may be a result of inputting the last node of the hash chain of the specific entity and the public key of the specific entity into a hash function.

In the key exchange method performed by a specific entity constituting a block chain according to an embodiment of the present invention, a public key and a commitment node of another entity registered in the block chain are exchanged from a key management device. obtaining; receiving, from the other entity, a previous node of a current node corresponding to a commitment node of the other entity in the hash chain of the other entity; sending the previous node of the current node corresponding to the commitment node of the specific entity in the hash chain of the specific entity to the other entity; and confirming whether a result of inputting the previous node of the other entity and the public key of the other entity into a hash function is the same as the commitment node of the other entity.

In the block chain, public keys of entities constituting the block chain are stored, and a current node among consecutive nodes constituting a one-way hash chain corresponding to the entities is a commitment node of the entities. can be registered.

The public key of the other entity may be generated from a private key corresponding to the other entity, and the hash chain of the specific entity may be generated using the public key and hash function of the specific entity.

If the result input to the hash function is the same as the commitment node of the other entity, update the previous node of the current node corresponding to the commitment node of the specific entity in the hash chain of the specific entity to the commitment node of the specific entity It may further include the step of requesting.

A method for updating a key in a block chain performed by a key management device according to an embodiment of the present invention includes i) a request public key of the specific entity from a specific entity of the block chain, ii) a current hash chain ( a request commitment node for a hash chain); iii) obtaining a request root node for a next hash chain; checking whether the result of inputting the request commitment node and the requested public key into a hash function is the same as i) a registration commitment node of the specific entity registered in the block chain and ii) a registration root node of a next hash chain; and when the result of inputting the request commitment node and the request public key into the hash function is the same as the registration commitment node, updating the request commitment node of the specific entity to the registration commitment node.

In the block chain, public keys of entities constituting the block chain are stored, and a current node among consecutive nodes constituting a one-way hash chain corresponding to the entities is registered as a commitment node of the entities, and the entity The root node of the last node among consecutive nodes constituting the hash chain of the entities is registered, the public key of the entities is generated from the private key corresponding to the entities, and the hash chain of the entities is the public key of the entities. It can be generated using a key and a hash function.

In the block chain, an integrity code calculated as a previous node of a current node registered as a commitment node among consecutive nodes constituting a one-way hash chain corresponding to entities constituting the block chain is registered, and the request commitment If the result of inputting the node and the request public key into the hash function is the same as the registration commitment node, calculating an integrity code with the request commitment node and comparing it with the integrity code of the specific entity registered in the block chain can

If the result of inputting the request commitment node and the requested public key into the hash function is the same as the registration root node for the next hash chain of the specific entity, the requested public key is set as the registered public key of the specific entity registered in the block chain. The step of updating may be further included.

If the result of inputting the request commitment node and the requested public key into the hash function is the same as the registration root node for the next hash chain of the specific entity, updating the request root node to the registration root node of the specific entity is further performed. may include

In a computer-readable recording medium according to an embodiment of the present invention, the recording medium includes: i) a distributed ID of each of entities constituting a block chain, ii) an i-th public key, iii ) the root node of the i-th hash chain, iv) a commitment node for the i-th hash chain, and v) the root node of the i+1-th hash chain are recorded, and the The i-th public key is generated from the i-th private key corresponding to the entities, and the i-th hash chain of the entities is composed of one-way consecutive nodes, and the i-th public key of the entities is It is generated using a key and a hash function, and the i+1th hash chain of the entities is composed of consecutive nodes in one direction, and is generated using the i+1th public key and hash function of the entities, and the The distributed ID of entities may be generated by inputting the last node of the 0th hash chain of the entities and the 0th public key of the entities into a hash function.

In a specific entity constituting a block chain according to an embodiment of the present invention, the specific entity includes a processor, and the processor obtains an i-th private key corresponding to the specific entity of the block chain. generating, obtaining an i-th public key from the i-th private key, using the i-th public key and a hash function, consisting of continuous nodes in one-way, i corresponding to the specific entity A hash chain is generated, an i+1th private key corresponding to the specific entity is generated, an i+1th public key is obtained from the i+1th private key, and the i+1th private key is generated. An i+1-th hash chain corresponding to the specific entity may be generated using a public key and a hash function, and the last node of the i+1-th hash chain may be mapped to the i-th hash chain.

In a key management apparatus for performing a method for registering a key in a block chain according to an embodiment of the present invention, the key management apparatus includes a processor, wherein the processor receives the information from a specific entity in the block chain. Obtaining the distributed ID of a specific entity, the public key of the specific entity, and the last node among consecutive nodes constituting the hash chain of the specific entity, and determining whether the distributed ID is registered in the block chain, If the distributed ID is not registered in the block chain, the distributed ID and public key are registered in the block chain as the distributed ID and public key of the specific entity, and if the distributed ID is not registered in the block chain, the receiving One last node can be registered in the block chain as a root node and a commitment node of the specific entity.

In a specific entity constituting a block chain according to an embodiment of the present invention, the specific entity includes a processor, and the processor includes a public key of another entity registered in the block chain from a key management device. and obtaining a commitment node, and receiving, from the other entity, a previous node of a current node corresponding to a commitment node of the other entity in the hash chain of the other entity, wherein the specific entity in the hash chain of the specific entity Send the previous node of the current node corresponding to the commitment node of the other entity to the other entity, and check whether the result of inputting the previous node of the other entity and the public key of the other entity into a hash function is the same as the commitment node of the other entity and, in the block chain, public keys of entities constituting the block chain are stored, and a current node among consecutive nodes constituting a one-way hash chain corresponding to the entities is a commitment of the entities. It can be registered as a node.

In a key management apparatus for performing a method for updating a key in a block chain according to an embodiment of the present invention, the key management apparatus includes a processor, wherein the processor receives information from a specific entity in the block chain. Obtaining i) a request public key of the specific entity, ii) a request commitment node for the current hash chain, iii) a request root node for the next hash chain, and Confirm that the result of inputting the node and the request public key into the hash function is the same as the i) registration commitment node and ii) the registration root node of the next hash chain of the specific entity registered in the block chain, and the request commitment node and the request When the result of inputting the public key into the hash function is the same as the registration commitment node, the request commitment node of the specific entity may be updated as the registration commitment node.

If the result of inputting the request commitment node and the requested public key into the hash function is the same as the registration root node for the next hash chain of the specific entity, the processor applies the requested public key to the specific entity registered in the block chain. It can be updated with the registration public key.

According to an embodiment of the present invention, when the public key-private key pair of an entity in the block chain is changed or replaced, the distributed ID is replaced, so that the characteristics and properties of the existing entity cannot be preserved, and it can be solved as a new entity.

In addition, according to an embodiment of the present invention, by managing the keys of entities using an infinite hash chain, even if the public key-private key pair of the entity is replaced, the characteristics and properties of the entity can be preserved without replacing the distributed ID of the entity.

1 is a diagram showing the structure of a block chain according to an embodiment of the present invention.
2 is a diagram illustrating an infinite hash chain corresponding to one entity according to an embodiment of the present invention.
3 is a diagram illustrating a key exchange process between entities according to an embodiment of the present invention.
4 is a diagram illustrating a key exchange process between entities according to an embodiment of the present invention.
5 is a diagram illustrating a key update process of an entity according to an embodiment of the present invention.
6 is a flowchart illustrating a method for generating a key of an entity according to an embodiment of the present invention.
7 is a flowchart illustrating a method for registering a key of an entity according to an embodiment of the present invention.
8 is a flowchart illustrating a method for exchanging keys between entities according to an embodiment of the present invention.
9 is a flowchart illustrating a method for updating a key of an entity according to an embodiment of the present invention.

Hereinafter, embodiments will be described in detail with reference to the accompanying drawings. However, since various changes may be made to the embodiments, the scope of the patent application is not limited or limited by these embodiments. It should be understood that all modifications, equivalents and substitutes for the embodiments are included in the scope of the rights.

The terms used in the examples are used for the purpose of description only, and should not be construed as limiting. The singular expression includes the plural expression unless the context clearly dictates otherwise. In this specification, terms such as "comprise" or "have" are intended to designate that a feature, number, step, operation, component, part, or a combination thereof described in the specification exists, but one or more other features It should be understood that this does not preclude the existence or addition of numbers, steps, operations, components, parts, or combinations thereof.

Unless otherwise defined, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which the embodiment belongs. Terms such as those defined in commonly used dictionaries should be interpreted as having a meaning consistent with the meaning in the context of the related art, and should not be interpreted in an ideal or excessively formal meaning unless explicitly defined in the present application. does not

In addition, in the description with reference to the accompanying drawings, the same components are given the same reference numerals regardless of the reference numerals, and the overlapping description thereof will be omitted. In describing the embodiment, if it is determined that a detailed description of a related known technology may unnecessarily obscure the gist of the embodiment, the detailed description thereof will be omitted.

1 is a diagram showing the structure of a block chain according to an embodiment of the present invention.

Figure 1 (a) shows a block chain (block chain) consisting of a plurality of entities (entity) (105). A user of a blockchain can register one or more entities on the blockchain. A block chain is a structure in which a plurality of entities 105 are connected to each other on a network without a central administrator, and all entities 105 have data about transactions between all entities.

In the present invention, the entities 105 constituting the block chain may correspond to a processor included in each user terminal. However, since a user of the block chain can register one or more entities 105 in the block chain, a plurality of entities 105 may correspond to a processor included in one user terminal. The processor included in the user terminal may perform the key generation method and the key exchange method of the present invention.

In addition, in the present invention, the key management device may correspond to any one of the processors included in the user's terminals corresponding to each entity constituting the block chain, and a service that stores the block chain or provides a block chain service It may correspond to a processor included in the provider's terminal. A processor included in a user terminal or a processor included in a terminal of a service provider may perform the key registration method and key update method of the present invention.

Referring to FIG. 1B , each entity 105 of the block chain may include its own distributed ID 101 , a private key 103 , and a public key 102 . The public key 102 of all entities in the blockchain can be shared for mutual authentication. However, in order to authenticate whether the distributed ID 101 of the entity 105 is a valid user, each entity of the present invention generates a one-way infinite hash chain through its public key 102 . ) is included.

Here, the entity's private key 103 is for authenticating the validity of the entity, and each entity has its own private key 103 only. In addition, the private key 103 is used to generate the public key 102 . Entity is a private key 103 by inputting a randomly generated private key of the entity, a random private key seed (private key seed), and a variable for numbering the private key 103 into a hash function. to acquire And, since the private key 103 of a specific entity must be able to be replaced in an update period, it can be additionally generated. Specifically, the private key 103 of the entity is generated through Equation 1 below.

In Equation 1, SK _x ⁽ⁱ⁾ means the i-th private key 103 of a specific entity x. i means a variable for numbering the private key 103, and increases from 1 to 1. h stands for hash function. A hash function is a function that maps data of an arbitrary length to data of a fixed length. In the present invention, the hash function is commonly used by all blockchain entities, and is not limited to a special kind of function. "private key seed" means a seed of an arbitrary private key 103, and may be randomly generated. " || " means OR operation among logical operators. In addition, K _x means a randomly generated private key of a specific entity.

The public key 102 is a key shared between entities in the block chain, and is used when exchanging keys between entities and may be generated using the private key 103 . The entity may obtain the public key 102 by inputting the generated private key 103 into a public-key generation function. The public key 102 generating function is a function that cannot derive an input result from an output result and is not limited to a specific function. Specifically, the public key 102 of a specific entity is generated through Equation 2 below.

In Equation 2, PK _x ⁽ⁱ⁾ means the i-th public key 102 of a specific entity x. pkGen refers to a public key 102 generating function. SK _x ⁽ⁱ⁾ means the i-th private key 103 of a specific entity x.

A one-way infinite hash chain is created using the public key 102 and a hash function. Here, the one-way hash chain refers to a chain generated by inputting the result value of the hash function into the hash function again. Due to the nature of the hash function, the input value cannot be known from the result value of the hash function, and the same result is always output for the same input value, so the hash chain has a one-way feature.

The hash chain consists of consecutive n+1 nodes. n is an arbitrary integer greater than 0 and means the length of the hash chain. The entity obtains the nth node by inputting a random chain seed, a secret key of a randomly generated entity, and a variable for numbering the hash chain into the hash function. Specifically, nodes constituting the hash chain are generated through Equations 3 and 4 below.

Equation 3 above is an expression for generating the n-th node of the i-th hash chain corresponding to the i-th public key 102 in a specific entity x. In Equation 3 above, x _n ⁽ⁱ⁾ means the n-th node constituting the i-th hash chain of a specific entity x. According to Equation 3, the n-th node is first generated in the i-th hash chain. Here, i is a variable for numbering the hash chain. h stands for hash function. "chain seed" means any chain seed. " || " means OR operation among logical operators. In addition, K _x means a randomly generated private key of a specific entity.

Equation 4 above is an expression for generating the remaining nodes constituting the i-th hash chain using the n-th node and the i-th public key 102 generated by the specific entity x. In Equation 4 above, hc _x ⁽ⁱ⁾ means the i-th hash chain of a specific entity x. A specific entity obtains the j-1th node by inputting the j-th node and the i-th public key 102 into the hash function. j is any integer in the range n to 1.

The entity's distributed ID 101 is to prevent duplicate entities from occurring in the block chain, and each entity has a unique value. The entity inputs its own i) first public key 102 and ii) the last node among the nodes constituting the first hash chain generated using the first public key 102 into the hash function to obtain its distributed ID 101 to create Specifically, the distributed ID 101 is generated through Equation 5.

cID _x means the distributed ID 101 of a specific entity x. h stands for hash function. x ₀ ⁽¹⁾ means the 0th node constituting the first hatch chain of a specific entity x. Due to the nature of the one-way hash chain, the 0th node means the last node of the hash chain. " || " means OR operation among logical operators. And, PK _x ⁽¹⁾ means the first public key 102 of a specific entity x.

In the present invention, since the distributed ID 101 always uses the public key 102 corresponding to the first private key 103, even if the private key 103 of a specific entity is updated or exhausted, the distributed ID 101 does not change. Therefore, by authenticating that a specific entity is a valid entity on the block chain, it is possible to inquire existing transaction records or perform new transactions with other entities.

And, in the present invention, the entity can continue to generate a new private key 103 by using the variable i for numbering the private key 103 as in Equation 1. In addition, a new hash chain may be generated as in Equations 3 and 4 by using the public key 102 corresponding to the newly generated private key 103 . Therefore, since the present invention uses a new hash chain according to the new private key 103 even when the private key 103 of a specific entity is exhausted or renewed, it is possible to authenticate that a specific entity is a valid entity using the new hash chain. can

Specifically, due to the nature of the hash function, even if a specific node in the hash chain is known, the nodes before the specific node is created cannot be known. Thus, an entity can verify that it is a valid entity by presenting the previous node to the current node of the hash chain registered in the blockchain.

2 is a diagram illustrating an infinite hash chain corresponding to one entity according to an embodiment of the present invention.

2 shows a process of generating a plurality of hash chains according to a distributed ID and a plurality of private and public keys included in one entity. This creation process can be performed by entities constituting the block chain.

FIG. 2A shows the first hash chain of a specific entity x having n+1 nodes. n is an arbitrarily determined positive integer. The i-th hash chain is created using the i-th public key created with the i-th private key. That is, the j-th node is generated by inputting the i-th public key and the j-th node of the i-th hash chain to the hash function. j denotes an integer from n to 1.

For example, in FIG. 2A , x _n ⁽¹⁾ means the nth node of the first hash chain having n+1 nodes of a specific entity x. In FIG. 2(A), x _n ⁽¹⁾ is generated first, and the first public key (PK _x ⁽¹⁾ ) of the generated node and specific entity x is sequentially input to the hash function to obtain Equation 4 Accordingly, it can be generated up to x _n-1 ^{(1) ...} x ₀ ⁽¹⁾ . x ₀ ^{(1) ...} x _n ⁽¹⁾ is the node constituting the first hash chain. And, the public key used to generate one hash chain is the same.

The present invention is to facilitate key management of entities in a block chain by successively generating the hash chain shown in FIG. It is a diagram showing the relationship between a plurality of hash chains.

A specific entity x may generate a second private key different from the first private key by using Equation 1. The specific entity x may obtain a second public key corresponding to the second private key using Equation (2). Then, the second hash chain can be generated using the second public key. The second hash chain may be generated using Equations 3 and 4. In this way, any entity can create successive hash chains.

And, referring to FIG. 2B , the specific entity x may map the last node of the i+1th hash chain to the i-th hash chain. Here, the last node means the last node (x ₀ ⁽ⁱ⁾ ) generated when generating the i-th hash chain, and the 0-th node (x ₀ ⁽ⁱ ) of the i-th hash chain generated according to Equations 3 and 4 ⁾ ) can mean

Specifically, a specific entity x may map the 0th node and the last node of the i+1th hash chain with respect to the remaining nodes except for the 0th node or the last generated node in the i-th hash chain.

Referring to FIG. 2B, the last node (x ₀ ⁽²⁾ ) of the second hash chain is mapped to the nodes (x ₁ ^{(1) ...} x _n ⁽¹⁾ ) of the first hash chain . Similarly, the last node of the third hash chain (x ₀ ⁽³⁾ ) is mapped to the nodes of the second hash chain (x ₁ ^{(2) ...} x _n ⁽²⁾ ). The reason why the last node of the i+1th hash chain is mapped to the i-th hash chain will be described below.

And, in (B) of FIG. 2 , MIC means a message-integrity code. The MIC is to verify the integrity of an entry registered for a specific entity in the block chain. In the blockchain, for each entity, the distributed ID of that entity, the current public key, the root node of the current hash chain, the commitment node of the current hash chain, the root node of the next hash chain, and the integrity mapped to the commitment node of the current hash chain Variables for checking code and integrity verification are stored, and the data stored for each entity in this way is called an entry.

Specifically, that is, when an entry registered for a specific entity on the block chain is updated, the MIC is used to verify the integrity of the entry before being updated.

In (B) of FIG. 2 , MIC _ji means an integrity code calculated by the j-th node of the i-th hash chain. For example, if the j-1th node of the i-th hash chain is registered in the blockchain, and the key exchange between entities causes the j-1th node of the i-th hash chain to be updated to the j-th node of the i-th hash chain. At this time, the key management device can verify the integrity of the entry registered in the block chain before the update by calculating the MIC _ji registered in the block chain based on the j-th node received from the entity. A specific process will be described later with reference to FIGS. 3 and 4 .

Referring to FIG. 2B , MIC _ji may be mapped to the j-1th node of the i-th hash chain. However, MIC ₁₂ calculated as the 1st node of the i+1th hash chain is mapped to the n-th node (x _n ⁽ⁱ⁾ ) generated first in the i-th hash chain.

And, FIG. 2C is a diagram illustrating the relationship between the continuous hash chain of FIG. 2B and the distributed ID, private key, and public key of a specific entity x. Referring to FIG. 2(C), in FIG. 2(A), a specific entity x hashes the last node (x ₀ ⁽¹⁾ ) and the first public key (PK _x ⁽¹⁾ ) of the first generated hash chain. You can get the variance ID (cID _x ) by entering it into the function. And, referring to FIG. 2C , the i-th hash chain corresponds to the i-th public key by the i-th private key.

The public key, hash chain, distributed ID, and MIC of the specific entity x generated in this way are registered in the block chain. Specifically, a specific entity x sends a distributed ID (cID _x ), the last node of the first hash chain (x ₀ ⁽¹⁾ ), and a public key (PK _x ⁽¹⁾ ) to the key management device. Here, the last node means the last node generated when a one-way hash chain is generated. The key management device determines whether the received distributed ID is a previously registered ID.

Then, the key management device inputs the received public key (PK _x ⁽¹⁾ ) and the last node (x ₀ ⁽¹⁾ ) of the first hash chain into the hash function and calculates whether it is the same as the received distributed ID (cID _x ) do. At this time, if the result of entering the received public key (PK _x ⁽¹⁾ ) and the last node (x ₀ ⁽¹⁾ ) of the first hash chain into the hash function is not the same as the received distributed ID (cID _x ) , it is judged as an invalid distributed ID, and the registration procedure is terminated.

The received distributed ID is not registered, and the result of entering the public key (PK _x ⁽¹⁾ ) and the last node of the first hash chain (x ₀ ⁽¹⁾ ) into the hash function is the received distributed ID (cID _x ) , the key management device registers the distributed ID (cID _x ) of a specific entity x, the last node of the first hash chain (x ₀ ⁽¹⁾ ), and the public key (PK _x ⁽¹⁾ ) in the blockchain.

In the blockchain, for each entity, the distributed ID of that entity, the current public key, the root node of the current hash chain, the commitment node of the current hash chain, the root node of the next hash chain, and the integrity mapped to the commitment node of the current hash chain A variable that checks whether code and integrity is verified is stored.

The root node of the current hash chain means the last node (x ₀ ⁽ⁱ⁾ ) of the i-th hash chain including the node consumed by entities registered in the block chain when exchanging keys with other entities. The root node of the current hash chain is a node for verifying a hash chain including nodes consumed when an entity exchanges a key, or for authenticating a distributed ID when registering an entity's key.

The last node means the last node (x 0 ⁽ⁱ⁾ ) generated when the i-th hash chain is generated, and the _{0-th node (x 0 (} ⁱ⁾⁾ of the i-th hash chain generated according to Equations 3 and 4 ) can mean Therefore, when the private key is replaced, the last node of the hash chain corresponding to the new private key is replaced with the root node of the current hash chain.

The commitment node of the current hash chain represents a node that is used by entities registered in the blockchain to exchange keys with other entities. Therefore, whenever a key exchange between entities is performed, the commitment node of the current hash chain is updated.

The following hash chain means a hash chain created with the i+1th public key (PK _x ⁽ⁱ⁺¹⁾ ) when the current hash chain is created with the i-th public key (PK _x ( ⁱ ) ). And, the root node of the next hash chain means the last node (x ₀ ⁽ⁱ⁺¹⁾ ) of the next hash chain.

The reason for storing the root node of the next hash chain is that all nodes in the current hash chain are consumed, so that the i-th private key of a specific entity (SK _x ⁽ⁱ⁾ ) is replaced with a new private key (SK _x ⁽ⁱ⁺¹⁾ ). In this case, if the root node (x ₀ ⁽ⁱ⁺¹⁾ ) of the next hash chain is not stored in advance, when a third party presents their public key or a node in the hash chain, the key management device determines whether the third party is the same entity as the specific entity. I can not know.

And, when the i-th private key (SK _x ⁽ⁱ⁾ ) is replaced with a new private key (SK _x ⁽ⁱ⁺¹⁾ ), the i+2th private key is generated, and the i+2th private key is A hash chain according to the corresponding i+2th public key is generated.

Therefore, when the last node (x ₀ ⁽ⁱ⁺¹⁾ ) of the hash chain generated with the new public key (PK _x ⁽ⁱ⁺¹⁾ ) corresponding to the new private key (SK _x ⁽ⁱ⁺¹⁾ ) is exchanged Each time, by registering or updating in advance as the root node of the next hash chain, when the private key of a specific entity (SK _x ⁽ⁱ⁾ ) is replaced with a new private key (SK _x ⁽ⁱ⁺¹⁾ ), the key management device _The root node ( _{x 0} ^{(i+1) ) of} the next hash chain registered from You can check whether a specific entity is a valid entity by comparing the result of input into the hash function.

For the same reason, a specific entity x maps the 0th node and the last node of the i+1th hash chain to the nodes other than the 0th node or the last generated node in the i-th hash chain.

That is, when the j-th node of the i-th hash chain on the block chain is registered as a commitment node (x _j ⁽ⁱ⁾ ) for the current hash chain, the specific entity x is a) the previous node (x _j+1 ⁽ⁱ⁾ ) of the commitment node (x _j ⁽ⁱ ) ) and b) the last node in the i+1th hash chain (x ₀ ⁽ⁱ⁺¹⁾ ) and mapped to the previous node c) Transmit the integrity code (MIC _j+1,i ) to the key management device.

The key management device registers the received distributed ID (cID _x ) of a specific entity x, and sets the last node (x ₀ ⁽¹⁾ ) of the first hash chain to the root node of the current hash chain of the specific entity x and the current hash chain’s root node. Register as a commitment node.

And, when a specific entity x performs key exchange with another entity, it receives the last node (x ₀ ⁽²⁾ ) of the second hash chain from the specific entity x and registers it as the root node of the next hash chain, and the specific entity x Receives the previous node (x ₁ ⁽¹⁾ ) of the node (x ₀ ⁽¹⁾ ) registered as a commitment node for the current hash chain from Receives MIC ₂₁ mapped to x ₁ ⁽¹⁾ ) and registers it as an integrity code.

In the i-th hash chain, when the j-th node registered as a commitment to the current hash chain in the blockchain is the current node (x _j ⁽ⁱ⁾ ), the previous node is It means the node (x _j+1 ⁽ⁱ⁾ ) that allows the node to be output. That is, in the i-th hash chain, the current node is created after the previous node and is created using the previous node and the i-th public key.

That is, the last node (x ₀ ⁽ⁱ⁾ ) of the i-th hash chain of a specific entity x is registered as the root node of the current hash chain in the block chain, and the j-th node of the i-th hash chain of a specific entity x is the current hash chain. If it is registered as a commitment node (x _j ⁽ⁱ⁾ ) in the chain, and a specific entity performs key exchange with another entity, the key management device is the last node (x) in the i+1th hash chain received from the specific entity x. ₀ ⁽ⁱ⁺¹⁾ ) to the root node of the next hash chain, the j+1th node (x _j+1 ⁽ⁱ⁾ ) of the i-th hash chain to be the commitment node for the current hash chain, and the MIC Update _j+2,i with the integrity code.

The key management device can verify the integrity of the entry registered in the block chain of a specific entity x by calculating the previously registered integrity code MIC _j+1,i using the j+1th node of the i-th hash chain. there is. A process of updating a variable for checking whether integrity is verified will be described later with reference to FIG. 5 .

3 is a diagram illustrating a key exchange process between entities according to an embodiment of the present invention.

3 is a diagram illustrating a key exchange process between a specific entity x and another entity z. In FIG. 3, reference numeral 301 shows an update process of an entry for each entity (x, z) registered in the block chain according to key exchange between entities.

A specific entity x queries the key management device for the current public key (PK _z ⁽¹⁾ ) of another entity z registered on the block chain and a commitment node (z ₀ ⁽¹⁾ ) for the current hash chain. In 302 of FIG. 3 , a specific entity x receives from the key management device the public key (PK _z ⁽¹⁾ ) of another entity z registered on the block chain and a commitment node (z ₀ ⁽¹⁾ ) for the current hash chain. do.

And, in 303 of FIG. 3, the specific entity x exchanges the previous node z ₁ ⁽¹⁾ of the commitment node for the current hash chain registered in the current block chain, respectively, with another entity z. As described above, when the previous node is a node registered as a commitment to the current hash chain in the block chain in the i-th hash chain as described above, the previous node is entered into the hash function along with the i-th public key. Indicates the output node.

A specific entity x receives the result of inputting the previous node (z ₁ ⁽¹⁾ ) and the current public key (PK _z ⁽¹⁾ ) into the hash function, and returns the result of inputting the received previous node (z 1 (1) ) to the commit node (z ₀ ⁽¹ ) for the current hash chain of another entity z. ⁾ ) compared to If the result of inputting the received previous node and the current public key into the hash function is the same as the commitment node for the current hash chain of another entity z, a specific entity x can determine the current public key of another entity z as a valid public key .

Also, when the other entity z determines that the current public key of a specific entity x is a valid public key, each entity (x, z) creates a mutual communication channel. A specific key exchange process will be further described later with reference to FIG. 4 .

In 304 of FIG. 3 , the key management device determines the previous node (x ₁ ⁽¹⁾ , z ₁ ⁽¹⁾ ) of the commitment node for the current hash chain from the entity (x, z) that performed the key exchange and the next hash chain. Receive the root node (x ₀ ⁽²⁾ , z ₀ ⁽²⁾ ). Then, the key management device updates the received previous node (x ₁ ⁽¹⁾ , z ₁ ⁽¹⁾ ) with a commitment node for the current hash chain of each entity, and the root node (x ₀ ⁽² ) of the received hash chain) ⁾ , z ₀ ⁽²⁾ ) as the root node for the next hash chain of each entity.

That is, the last node of the i-th hash chain of a specific entity x is registered in the block chain as the root node (x ₀ ⁽ⁱ⁾ ) of the current hash chain, and the j-th node (x _j ) of the i-th hash chain of a specific entity x When ⁽ⁱ⁾ ) is currently registered as a commitment node in the hash chain, if a specific entity performs key exchange with another entity, the key management device receives the last node ( x ₀ ⁽ⁱ⁺¹⁾ ) is updated as the root node of the next hash chain, and the j+1-th node (x _j+1 ⁽ⁱ⁾ ) of the i-th hash chain is updated as a commitment node for the current hash chain. A detailed update process will be described later with reference to FIG. 5 .

4 is a diagram illustrating a key exchange process between entities according to an embodiment of the present invention.

4 is a diagram specifically illustrating a process of performing mutual authentication in a key exchange process between entities. 3, in the process of exchanging a key between a specific entity x and another entity y, the specific entity x has a current public key (PK _y ⁽²⁾ ) of another entity y registered on the block chain and a commitment to the current hash chain. Request a node y ₃ ⁽²⁾ to the key management device (query BC for cIDy to obtain PK _y ⁽²⁾ and y ₃ ⁽²⁾ in FIG. 4 ). Another entity y also requests from the key management device the current public key (PK _x ⁽¹⁾ ) of a specific entity x registered on the block chain and a commitment node (x ₂ ⁽¹⁾ ) for the current hash chain (in Fig. 4 ). query BC for cIDx to obtain PK _x ⁽¹⁾ and x ₂ ⁽¹⁾ ).

A specific entity x uses the elliptic-curve Diffie-Hellman (ECDH) key exchange method with the current public key (PK _y ⁽²⁾ ) of another entity y received from the key management device and its own private key. Enter the ECDH function to generate a master key (mk _xy =ECDH(SK _x ⁽¹⁾ , PK _y ⁽²⁾ ) in FIG. 4). The ECDH function has the same properties as in Equation 6 below.

As shown in Equation 6, the ECDH function inputs the private key (SKx) of x and the public key (PKy) of y to the ECDH function, and the result is the private key (SKy) of y and the public key of x (PKx) to the ECDH function It has the same properties as the result entered in .

Then, the specific entity x is a key with a commitment node (y ₃ ⁽²⁾ ), a commitment node (x ₂ ⁽¹⁾ ) of x, and a master key (mk _xy ) for the hash chain of another entity y received from the key management device. A session key is generated by inputting it into a key derivation function (KDF) (sk _xy =kdf(mk _xy || x ₂ ⁽¹⁾ || y ₃ ⁽²⁾ in FIG. 4 ).

In ① of FIG. 4 , a specific entity x has its own distributed ID (cID _x ), the previous node of the current node registered as its current commitment node (x ₃ ⁽¹⁾ ), and the session key (sk _xy ). Send the code MIC(sk _xy ) to another entity y.

Another entity y receives the previous node (x ₃ ⁽¹⁾ ) and public key (PK _x ⁽¹⁾ ) of the received specific entity x into the hash function, and the result of inputting the specific entity x’s commitment node (x ₂ ⁽¹⁾ ) Check that it is the same as

If the result of inputting the previous node (x ₃ ⁽¹⁾ ) and public key (PK _x ⁽¹⁾ ) of a specific entity x into the hash function is the same as the commitment node (x ₂ ⁽¹⁾ ) of the specific entity x, another entity y also generates the master key by inputting the current public key (PK _x ⁽¹⁾ ) of the specific entity x received from the key management device and its private key into the ECDH function (mk _xy =ECDH(SK _y ^{( 2)} , PK _x ⁽¹⁾ )). In this case, the master key (mk _xy ) generated in a specific entity x and the master key (mk _xy ) generated in another entity y are the same according to the properties of the ECDH function.

Then, another entity y also has a key with a commitment node (x ₂ ⁽¹⁾ ), a commitment node (y ₃ ⁽²⁾ ) of y, and a master key (mk _xy ) for the hash chain of a specific entity x received from the key management device. Enter the derivation function to generate a session key (sk _xy =kdf(mk _xy || x ₂ ⁽¹⁾ || y ₃ ⁽²⁾ in FIG. 4 ).

Another entity y may calculate an integrity code with the generated session key and compare it with the integrity code received from a specific entity x. When the integrity code calculated with the session key (sk _xy ) generated by the other entity y and the integrity code received from the specific entity x are the same, as shown in ② of FIG. 4 , the other entity y has its own distributed ID (cID _y ), The previous node (y ₄ ⁽²⁾ ) of the current node registered as its current commitment node and the generated session key (sk _xy ) are transmitted to a specific entity x.

A specific entity x is a commitment node (y ₃ ⁽²⁾ ) of another entity y that has received the previous node (y ₄ ⁽²⁾ ) and public key (PK _y ⁽²⁾ ) of another entity y as a result of inputting the hash function into the hash function. Check that it is the same as

If the result of entering the previous node (y ₄ ⁽²⁾ ) and public key (PK _y ⁽²⁾ ) of another entity y into the hash function is the same as the commitment node (y ₃ ⁽²⁾ ) of another entity y, a specific entity x can be compared with the integrity code received from another entity y by calculating the integrity code with the generated session key (sk _xy ). If the integrity code calculated by the session key (sk _xy ) generated by a specific entity x and the integrity code received from another entity y are the same, each entity (x, y) sends an entry update registered in the blockchain to the key management device. request. Then, a communication channel between entities is created.

5 is a diagram illustrating a key update process of an entity according to an embodiment of the present invention.

5 is a table showing a process in which an entry of a specific entity x is updated on a block chain as key exchange between entities is performed. In FIG. 5, (i, j) located in the first column of the table indicates a state in which the j-th node of the i-th hash chain is registered as a commitment node for the current hash chain of a specific entity x.

For example, in FIG. 5 , the row corresponding to (1, 3) in the first column of the table indicates that the third node of the first hash chain of a specific entity x is registered as a commitment node for the current hash chain of the specific entity x indicates

The meanings of A, B, C, D, E, F, and G located in the second column of the table in FIG. 5 are as follows. A represents the distribution ID of a specific entity x. B represents the current public key of a specific entity x. C represents the root node for the current hash chain of a specific entity x. D represents the commitment node for the current hash chain of a specific entity x. E represents the root node for the next hash chain of a specific entity x.

F represents the integrity code of a specific entity x. G is a variable indicating whether the current entry of a specific entity x is integrity verified. When G is 0, it means that the integrity of the current entry is not verified, and when G is 1, it means that the integrity of the current entry is verified.

Referring to FIG. 5 , even if key exchange between entities is performed, the distributed ID of entities registered in the block chain is not changed. However, the commitment node for the entity's current hash chain, the root node of the current hash chain, the commitment node of the next hash chain, and the current private key are updated.

In ① of FIG. 5, due to the key exchange of a specific entity x, the key management device is registered as a commitment node for the distributed ID (CID _x ), public key (PK _x ⁽¹⁾ ) of the specific entity x, and the current hash chain. The previous node (x ₃ ⁽¹⁾ ) of the current node (x ₂ ⁽¹⁾ ), the root node of the next hash chain (x ₀ ⁽²⁾ ), and the integrity code (MIC(x ₄ ⁽¹⁾ )) of the specific entity x receive from

In this case, the public key, the previous node, and the root node of the next hash chain transmitted from the specific entity x may be expressed as a request public key, a request commitment node, and a request root node, respectively. And, the current public key registered on the block chain, the commitment node for the current hash chain, and the root node for the next hash chain may be expressed as a registered public key, a registered commitment node, and a registered root node for the next hash chain, respectively. .

를 참조하면, 키 관리 장치는 수신한 요청 커미트먼트 노드(x₃ ⁽¹⁾)를 현재 해시 체인에 대한 커미트먼트 노드로 업데이트하고, 수신한 요청 커미트먼트 노드(x₃ ⁽¹⁾) 무결성 코드(MIC(x₃ ⁽¹⁾))를 계산하여 키 교환 전 특정 엔티티 x의 엔트리(도 5의 표에서 제1열의 (1, 2)에 대응하는 행)의 무결성을 검증할 수 있다. 그리고, 검증 결과에 따라 키 관리 장치는 도 5의 표에서 G에 대응하는 값을 1로 업데이트한다. 5 of

Referring to , the key management device updates the received request commitment node (x ₃ ⁽¹⁾ ) with a commitment node for the current hash chain, and the received request commitment node (x ₃ ⁽¹⁾ ) integrity code (MIC(x) ₃ ⁽¹⁾ )) can be calculated to verify the integrity of the entry of a specific entity x (rows corresponding to (1, 2) of the first column in the table of FIG. 5) before key exchange. Then, according to the verification result, the key management device updates the value corresponding to G in the table of FIG. 5 to 1.

Similarly, in ② of FIG. 5 , due to the key exchange of a specific entity x, the key management device determines the distributed ID (CID _x ) of the specific entity x, the requested public key (PK _x ⁽¹⁾ ), and a commitment node for the current hash chain. The request commitment node corresponding to the previous node ( _{x 4} ^{(1) )} of the current node (x ₃ ⁽¹⁾ ) registered as ₅ ⁽¹⁾ )) is received from a specific entity x. In ② of FIG. 5, the request root node (x ₀ ⁽ⁱ⁾ ) is, when the last node of the i-th hash chain created with the i-th public key is the root node of the current hash chain registered in the entry of a specific entity x, i It means the last node (x ₀ ⁽ⁱ⁺¹⁾ ) of the hash chain created with the +1 public key.

를 참조하면, 키 관리 장치는 수신한 요청 커미트먼트 노드(x₄ ⁽¹⁾)를 현재 해시 체인에 대한 커미트먼트 노드로 업데이트하고, 수신한 요청 커미트먼트 노드(x₄ ⁽¹⁾)로 무결성 코드(MIC(x₄ ⁽¹⁾))를 계산하여 키 교환 전 특정 엔티티 x의 엔트리(도 5의 표에서 제1열의 (1, 3)에 대응하는 행)의 무결성을 검증할 수 있다. 그리고, 검증 결과에 따라 키 관리 장치는 도 5의 표에서 G에 대응하는 값을 1로 업데이트한다. And, in FIG. 5

Referring to , the key management device updates the received request commitment node (x ₄ ⁽¹⁾ ) with a commitment node for the current hash chain, and uses the received request commitment node (x ₄ ⁽¹⁾ ) with the integrity code (MIC( x ₄ ⁽¹⁾ )), it is possible to verify the integrity of an entry of a specific entity x (rows corresponding to (1, 3) of the first column in the table of FIG. 5) before key exchange. Then, according to the verification result, the key management device updates the value corresponding to G in the table of FIG. 5 to 1.

However, in ③ of FIG. 5, before the key exchange of the specific entity x, the commitment node for the current hash chain registered in the entry of the specific entity x is the nth node (x _n ⁽¹⁾ ) of the hash chain, so the block chain The current public key registered in ' has expired, and the key management device receives a new public key.

Specifically, in ③ of FIG. 5, the key management device includes the distributed ID (CID _x ), the requested public key (PK _x ⁽²⁾ ) generated with the new private key, and the (x) of the current node registered as the root node of the next hash chain. ₀ ⁽²⁾ ) the request commitment node corresponding to the previous node (x ₁ ⁽²⁾ ), the request root node (x ₀ ⁽³⁾ ) of the next hash chain, and the integrity code (MIC x ₂ ⁽²⁾ )) is received. In ③ of FIG. 5, the request root node is, when the last node (x ₀ ⁽ⁱ⁾ ) of the i-th hash chain created with the i-th public key is the root node of the current hash chain registered in the entry of a specific entity x, i It means the last node (x ₀ ⁽ⁱ⁺²⁾ ) of the hash chain created with the +2nd public key.

을 참조하면, 키 관리 장치는 요청 공개키(PK_x ⁽²⁾)를 현재 공개키로 업데이트하고, 수신한 요청 커미트먼트 노드(x₁ ⁽²⁾)를 현재 해시 체인에 대한 커미트먼트 노드로 업데이트하고, 기존에 등록된 다음 해시 체인의 루트 노드(x₀ ⁽²⁾)를 현재 해시 체인의 루트 노드로 업데이트한다. 그리고, 키 관리 장치가 수신한 무결성 코드(MIC(x₂ ⁽²⁾))를 통한 무결성 검증이 이루어지지 않았으므로, 키 관리 장치는 도 5의 표에서 G에 대응하는 값을 1로 업데이트한다. and in FIG. 5

Referring to , the key management device updates the request public key (PK _x ⁽²⁾ ) with the current public key, updates the received request commitment node (x ₁ ⁽²⁾ ) with the commitment node for the current hash chain, and Update the root node of the next hash chain (x ₀ ⁽²⁾ ) registered in the hash chain with the root node of the current hash chain. And, since integrity verification has not been performed through the integrity code (MIC(x ₂ ⁽²⁾ )) received by the key management device, the key management device updates the value corresponding to G in the table of FIG. 5 to 1.

에서와 동일한 과정을 통해 수행된다. Unlike the entry in the row corresponding to (1, n) in the first column of the table shown in FIG. 5, the commitment node for the current hash chain registered in the entry of a specific entity x is the nth node (x _n ^{( 1)} ), if the private key is replaced, the key management device may receive a new public key. At this time, the update process for the entry of a specific entity x is 3 and

It is carried out through the same process as in

The following process is performed to verify whether a request for a block chain update according to the key exchange of a specific entity x (BC update messages by the entity x in FIG. 5) is a valid request.

The key management device receives a distributed ID, a request public key, a request commitment node, a request root node for the next hash chain, and an integrity code from a specific entity x. The key management device compares the result of inputting the request public key and the request commitment node into the hash function with the commitment node for the current hash chain.

If the result of inputting the request public key and the request commitment node into the hash function is the same as the commitment node for the current hash chain, and the integrity code calculated by the request commitment node is the same as the integrity code registered in the entry of a specific entity x, the key The management device updates the requested public key to the commitment node for the current hash chain, the registered integrity code is updated with the integrity code received from the specific entity x, and the variable G indicating whether integrity is verified is updated to 1.

And, if the result of inputting the request public key and the request commitment node into the hash function is different from the commitment node for the current hash chain, the key management device returns the result of inputting the request public key and the request commitment node into the hash function to the specific entity x It is compared with the root node for the next hash chain registered in the entry of .

If the result of entering the request public key and the request commitment node into the hash function is the same as the root node for the next hash chain, and the integrity code calculated by the request commitment node is the same as the integrity code registered in the entry of a specific entity x, the key The management device updates the received request public key with the current private key, updates the root node for the next hash chain to the root node for the current hash chain, updates the request commitment node to the commitment node for the current hash chain, and The root node is updated as the root node for the next hash chain, the registered integrity code is updated with the received integrity code, and the variable (G) indicating whether integrity is verified is updated to 0.

If the result of inputting the request public key and the request commitment node into the hash function is different from the root node for the next hash chain or the commitment node for the current hash chain, the key management device determines that the request of the specific entity x is an invalid request. and do not perform an entry update for a specific entity x.

6 is a flowchart illustrating a method for generating a key of an entity according to an embodiment of the present invention.

In step 601, a specific entity generates an i-th private key of the block chain. A specific entity may obtain a private key by inputting a randomly generated private key, a private key seed, and a variable for numbering a plurality of private keys to a hash function.

In step 602, the specific entity obtains the i-th public key from the i-th private key. A specific entity may generate the i-th public key from the i-th private key by using the public key generation function.

In step 603, the specific entity generates an i-th hash chain using the i-th public key and hash function. A hash chain may contain n+1 nodes. A specific entity obtains the nth node by inputting the randomly generated chain seed, the previously generated secret key, and the variable for numbering the private key into the hash function. n is an integer greater than or equal to 1; In addition, the specific entity may obtain the j-1th node by inputting the j-th node and the i-th public key to the hash function. In this case, j is an integer of 1 or less n. A specific entity can create a hash chain with a one-way flow from the nth node to the 0th node according to the above method.

In step 604, the specific entity generates an i+1th private key, and in step 605, obtains an i+1th public key from the generated i+1th private key. Then, in step 606, the specific entity generates the i+1th hash chain using the i+1th public key and the hash function.

In step 607, the specific entity maps the last node of the i+1th hash chain to the i-th hash chain. A specific entity maps the last node of the i+1th hash chain to all nodes except the last node of the i-th hash chain.

Then, the specific entity generates a distributed ID corresponding to the specific entity by inputting the first public key and the last node of the first hash chain to the hash function. Therefore, even if the private key of a specific entity is replaced, the distributed ID is not updated.

7 is a flowchart illustrating a method for registering a key of an entity according to an embodiment of the present invention.

In step 701, the key management device obtains the distributed ID of the specific entity, the public key of the specific entity, and the last node among consecutive nodes constituting the hash chain of the specific entity from the specific entity in the block chain. The last node means the last node created when a one-way hash chain is created.

In step 702, the key management device determines whether the distributed ID is registered in the block chain. That is, to prevent duplicate entities from occurring, the key management device performs steps 703 and 704 when the received distributed ID is not registered in the block chain. If registered, the registration procedure is terminated.

In step 703, the key management device registers the distributed ID and public key in the blockchain as the distributed ID and public key of a specific entity. And, in step 704, the key management device registers the last node in the block chain as a root node and a commitment node of a specific entity.

8 is a flowchart illustrating a method for exchanging keys between entities according to an embodiment of the present invention.

In step 801, a specific entity obtains a public key and a commitment node of another entity registered in the block chain from the key management device.

In step 802, the specific entity receives from the other entity the previous node of the current node corresponding to the other entity's commitment node in the hash chain of the other entity. The current node in the hash chain of another entity corresponds to the result of inputting the current public key of the entity different from the previous node into the hash function.

In step 803, the specific entity sends the previous node of the current node corresponding to the commitment node of the specific entity in the hash chain of the specific entity to another entity. This is to verify the validity of a specific entity in other entities as well.

In step 804, the specific entity determines whether the result of inputting the previous node of the other entity and the public key of the other entity into the hash function is the same as the commitment node of the other entity.

At this time, if the result of inputting the previous node of the other entity and the public key of the other entity into the hash function is the same as the commitment node of the other entity, the specific entity determines that the other entity is a valid entity and establishes a secure channel in step 805 . create

However, if the result of inputting the previous node of another entity and the public key of another entity into the hash function is not the same as that of the other entity's commitment node, the specific entity determines that the other entity is an invalid entity and terminates the key exchange process. do.

9 is a flowchart illustrating a method for updating a key of an entity according to an embodiment of the present invention.

In step 901, the key management device obtains, from a specific entity in the block chain, i) a request public key of a specific entity, ii) a request commitment node for the current hash chain, and iii) a request root node for the next hash chain.

The public key, previous node, and root node of the next hash chain transmitted from a specific entity may be expressed as a request public key, a request commitment node, and a request root node, respectively. And, the current public key registered on the block chain, the commitment node for the current hash chain, and the root node for the next hash chain may be expressed as a registered public key, a registered commitment node, and a registered root node for the next hash chain, respectively. .

In step 902, the key management device determines that the result of inputting the request commitment node and the request public key into the hash function is the same as i) the registration commitment node and ii) the registration root node of the next hash chain of a specific entity registered in the block chain. judge whether

In step 903, when the result of inputting the request commitment node and the requested public key into the hash function is the same as the registration commitment node, the key management device updates the request commitment node of the specific entity to the registration commitment node.

If the key management device inputs the request commitment node and the requested public key into the hash function and the result is not the same as the registration commitment node, in step 904, the key management device inputs the request commitment node and the requested public key into the hash function Determines whether one result is the same as the registration root node for the next hash chain of a particular entity.

If the result of inputting the request commitment node and the request public key into the hash function is the same as the registration root node for the next hash chain of the specific entity, in step 905, the key management device sets the request public key to the specific entity to be registered in the block chain. Update the entity's registered public key, and update the request root node to the specific entity's registered root node.

When the result of inputting the request commitment node and the requested public key into the hash function is the same as the registration root node for the next hash chain of the specific entity, the key management device ends the key update process.

Meanwhile, the method according to the present invention is written as a program that can be executed on a computer and can be implemented in various recording media such as magnetic storage media, optical reading media, and digital storage media.

Implementations of the various techniques described herein may be implemented in digital electronic circuitry, or in computer hardware, firmware, software, or combinations thereof. Implementations may be implemented for processing by, or for controlling the operation of, a data processing device, eg, a programmable processor, computer, or number of computers, a computer program product, ie an information carrier, eg, a machine readable storage It may be embodied as a computer program tangibly embodied in an apparatus (computer readable medium) or a radio signal. A computer program, such as the computer program(s) described above, may be written in any form of programming language, including compiled or interpreted languages, as a standalone program or in a module, component, subroutine, or computing environment. It can be deployed in any form including as other units suitable for use. A computer program may be deployed to be processed on one computer or multiple computers at one site or to be distributed across multiple sites and interconnected by a communications network.

Processors suitable for processing a computer program include, by way of example, both general and special purpose microprocessors, and any one or more processors of any kind of digital computer. In general, a processor will receive instructions and data from either read-only memory or random access memory or both. Elements of a computer may include at least one processor that executes instructions and one or more memory devices that store instructions and data. In general, a computer may include, receive data from, transmit data to, or both, one or more mass storage devices for storing data, for example magnetic, magneto-optical disks, or optical disks. may be combined to become Information carriers suitable for embodying computer program instructions and data are, for example, semiconductor memory devices, for example, magnetic media such as hard disks, floppy disks and magnetic tapes, Compact Disk Read Only Memory (CD-ROM). ), an optical recording medium such as a DVD (Digital Video Disk), a magneto-optical medium such as an optical disk, ROM (Read Only Memory), RAM (RAM) , Random Access Memory), flash memory, EPROM (Erasable Programmable ROM), EEPROM (Electrically Erasable Programmable ROM), and the like. Processors and memories may be supplemented by, or included in, special purpose logic circuitry.

In addition, the computer-readable medium may be any available medium that can be accessed by a computer, and may include both computer storage media and transmission media.

While this specification contains numerous specific implementation details, they should not be construed as limitations on the scope of any invention or claim, but rather as descriptions of features that may be specific to particular embodiments of particular inventions. should be understood Certain features that are described herein in the context of separate embodiments may be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment may also be implemented in multiple embodiments, either individually or in any suitable subcombination. Furthermore, although features operate in a particular combination and may be initially depicted as claimed as such, one or more features from a claimed combination may in some cases be excluded from the combination, the claimed combination being a sub-combination. or a variant of a sub-combination.

Likewise, although acts are depicted in the drawings in a particular order, it should not be construed that all acts shown must be performed or that such acts must be performed in the specific order or sequential order shown to obtain desirable results. In certain cases, multitasking and parallel processing may be advantageous. Further, the separation of the various device components of the above-described embodiments should not be construed as requiring such separation in all embodiments, and the program components and devices described may generally be integrated together into a single software product or packaged into multiple software products. You have to understand that you can.

On the other hand, the embodiments of the present invention disclosed in the present specification and drawings are merely presented as specific examples to aid understanding, and are not intended to limit the scope of the present invention. It will be apparent to those of ordinary skill in the art to which the present invention pertains that other modifications based on the technical spirit of the present invention can be implemented in addition to the embodiments disclosed herein.

101: Decentralized IDs of specific entities that make up the blockchain
102: public key of a specific entity
103: private key of a specific entity
104: hash chain of specific entity

Claims (20)

In a key generation method performed by a specific entity constituting a block chain,
generating an i-th private key corresponding to a specific entity in the block chain;
obtaining an i-th public key from the i-th private key;
using the i-th public key and a hash function to generate an i-th hash chain consisting of consecutive nodes in one-way and corresponding to the specific entity;
generating an i+1th private key corresponding to the specific entity;
obtaining an i+1th public key from the i+1th private key;
generating an i+1th hash chain corresponding to the specific entity using the i+1th public key and a hash function;
mapping the last node of the i+1th hash chain to the i-th hash chain; and
When i is 1, inputting the first public key and the last node of the first hash chain into a hash function to generate a distributed ID corresponding to the specific entity;
A method of generating a key, including
delete According to claim 1,
The step of generating the i-th hash chain comprises:
obtaining an n-th node of an i-th hash chain by inputting an arbitrary seed and a secret key corresponding to the specific entity into a hash function; and
Obtaining the j-1th node by inputting the j-th node and the i-th public key into the hash function
A method of generating a key, including
delete delete delete delete delete delete delete delete delete delete delete A computer-readable recording medium comprising:
The recording medium is
i) distributed ID, ii) i-th public key, iii) root node of i-th hash chain, iv) i-th hash of each entity constituting the blockchain The commitment node for the chain and v) the root node of the i+1th hash chain are recorded,
The i-th public key of the entities is,
generated from the i-th private key corresponding to the entities,
The i-th hash chain of the entities is,
Consists of one-way consecutive nodes, and is generated using the i-th public key and hash function of the entities,
The i+1th hash chain of the entities is,
Consists of one-way consecutive nodes, and is generated using the i+1th public key and hash function of the entities,
The distributed ID of the entities is,
The result of inputting the last node of the first hash chain of the entities and the first public key of the entities into a hash function,
recording medium.
delete delete delete delete delete

Images