WO2021042851A1 - Data signature method and device for use in blockchain, computer apparatus, and storage medium - Google Patents

Data signature method and device for use in blockchain, computer apparatus, and storage medium Download PDF

Info

Publication number
WO2021042851A1
WO2021042851A1 PCT/CN2020/099555 CN2020099555W WO2021042851A1 WO 2021042851 A1 WO2021042851 A1 WO 2021042851A1 CN 2020099555 W CN2020099555 W CN 2020099555W WO 2021042851 A1 WO2021042851 A1 WO 2021042851A1
Authority
WO
WIPO (PCT)
Prior art keywords
random number
information
signature
array
data
Prior art date
Application number
PCT/CN2020/099555
Other languages
French (fr)
Chinese (zh)
Inventor
张玉坚
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2021042851A1 publication Critical patent/WO2021042851A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/14Details of searching files based on file metadata
    • G06F16/148File search processing
    • G06F16/152File search processing using file content signatures, e.g. hash values
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/176Support for shared access to files; File sharing support
    • G06F16/1767Concurrency control, e.g. optimistic or pessimistic approaches
    • G06F16/1774Locking methods, e.g. locking methods for file systems allowing shared and concurrent access to files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Definitions

  • This application relates to the field of data processing, and in particular to a method, device, computer equipment, and storage medium for data signing in a blockchain.
  • Blockchain is generally understood as a distributed ledger, and its essence is also a distributed database.
  • the content data in the proposal request needs to be signed, and a random number section array is used in the signing process.
  • obtaining the random number section array is realized through the urandom file lock. The inventor realized that every time a data signature needs to call system resources in real time to obtain a random number, it takes too long. And when multiple threads need to sign data at the same time, it is easy to cause file lock competition, which in turn affects the performance of the CPU itself, and reduces the concurrency of the processor.
  • the embodiments of the present application provide a method, device, computer equipment, and storage medium for data signing in a blockchain to solve the problem of affecting the concurrency of the processor during the data signing process.
  • a method for signing data in a blockchain includes:
  • a device for signing data in a blockchain includes:
  • a signature request acquisition module configured to acquire a data signature request, the data signature request including signature information
  • a signature key acquisition module configured to acquire node identity information and a signature key according to the data signature request
  • the combination module is used to combine the signature information and the node identity information to obtain the information to be signed;
  • the first hash operation module is configured to perform a hash operation on the information to be signed to obtain the first hash number
  • Random number acquisition module used to acquire a random number array from the random number cache channel as a signature random number
  • a second hash operation module configured to perform a hash operation on the signature key, the signature random number, and the first hash number to obtain a second hash number
  • the encryption module is used to encrypt the second hash number through an asymmetric encryption algorithm to obtain the encrypted hash number;
  • the sending module is used to send the encrypted hash number and node identity information to the client.
  • a computer device includes a memory and a processor, the processor and the memory are connected to each other, wherein the memory is used to store a computer program, the computer program includes program instructions, and the processor is used to execute the The program instructions of the memory, wherein:
  • a computer-readable storage medium stores a computer program
  • the computer program includes program instructions, and when the program instructions are executed by a processor, they are used to implement the following steps:
  • device, computer equipment and storage medium for data signature in the blockchain after obtaining the data signature request, obtain the node identity information and the signature key according to the data signature request; then combine the signature information with the The node identity information is combined to obtain the information to be signed; the information to be signed is hashed to obtain the first hash number; an array of random numbers is obtained from the random number cache channel as the signature random number; the signature is encrypted The key, the signature random number, and the first hash number are hashed to obtain the second hash number; the second hash number is encrypted by an asymmetric encryption algorithm to obtain the encrypted hash number; finally The encrypted hash number and node identity information are sent to the client.
  • this method caches the random number array in advance through the random number cache channel, and directly obtains the random number through the random number cache channel when signing, thereby avoiding file lock competition that may be caused by multi-threaded concurrent signatures, which is better This guarantees the performance of the CPU and improves the concurrency of the processor. Moreover, by performing multiple hash operations on the signature information and then encrypting it, it is possible to ensure that the data is not easily tampered with, and the security of the data is also ensured.
  • FIG. 1 is a schematic diagram of an application environment of a method for data signing in a blockchain in an embodiment of the present application
  • FIG. 2 is a flowchart of a method for data signing in a blockchain in an embodiment of the present application
  • FIG. 3 is another flowchart of a method for data signing in a blockchain in an embodiment of the present application
  • FIG. 4 is another flowchart of a method for data signing in a blockchain in an embodiment of the present application
  • FIG. 5 is another flowchart of a method for data signing in a blockchain in an embodiment of the present application
  • Fig. 6 is another flowchart of a method for data signing in a blockchain in an embodiment of the present application.
  • FIG. 7 is a schematic diagram of a data signing device in a blockchain in an embodiment of the present application.
  • FIG. 8 is another schematic diagram of a data signing device in a blockchain in an embodiment of the present application.
  • FIG. 9 is another schematic diagram of a data signing device in a blockchain in an embodiment of the present application.
  • Fig. 10 is a schematic diagram of a computer device in an embodiment of the present application.
  • the method for data signature in the blockchain can be applied in the application environment as shown in FIG. 1, in which the client (computer equipment) communicates with the server through the network.
  • the server obtains the data signing request sent by the client, the data signing request includes signature information; obtains the node identity information and the signing key according to the data signing request; combines the signature information and the node identity information to obtain Information to be signed; hash the information to be signed to obtain the first hash number; obtain an array of random numbers from the random number cache channel as the signature random number; to the signature key and the signature random Perform a hash operation on the number and the first hash number to obtain the second hash number; encrypt the second hash number by an asymmetric encryption algorithm to obtain the encrypted hash number; combine the encrypted hash number with the node
  • the identity information is sent to the client.
  • the client computer equipment
  • the client can be, but is not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices.
  • the server can be implemented with an independent
  • a method for data signing in a blockchain is provided. Taking the method applied to the server in FIG. 1 as an example for description, the method includes the following steps:
  • S10 Obtain a data signature request, where the data signature request includes signature information.
  • the data signature request is a trigger request for initiating a signature on data.
  • the data signing request can be initiated by the client or triggered by the server.
  • the data signature request includes signature information, and the signature information may be original data that needs to be signed, or processed signature data.
  • a hash operation may be performed for the data that needs to be signed to obtain a hash value to form signature information.
  • the client can also send the data that needs to be signed to the server, and the server then hashes the data that needs to be signed to obtain a hash value to form the signature information, and then generate a data signature request.
  • the node identity information and signature key corresponding to the sending end can be obtained according to the identifier corresponding to the sending end (client) of the data signing request.
  • the node identity information is the identity information of the corresponding client, and the identity information can be embodied in different forms, such as at least one of numbers, letters, symbols, or words.
  • the signature key is a key carried by different clients.
  • the node identity information and signature key can be obtained by querying local MSP (Membership service provider) information.
  • MSP is a component that provides a management framework for virtual member operations. MSP extracts all the encryption mechanisms and protocols behind issuing and verifying certificates and user authentication. MSP can define its own identity concept, as well as these identity management rules (identity verification) and identity verification (signature generation and verification).
  • S30 Combine the signature information and the node identity information to obtain information to be signed.
  • the signature information and the node identity information can be directly combined to form the information to be signed.
  • a combination of "signature information + node identity information” or “node identity information + signature information” can be used to obtain the information to be signed.
  • the node identity information can also be inserted into any position in the signature information, and a position identification is formed for subsequent verification to perform corresponding operations, which further provides data security.
  • S40 Perform a hash operation on the information to be signed to obtain a first hash number.
  • Hash operation is usually implemented through a hash function, a hash function, which is also called a hash function or hash function.
  • the hash function is a public function that can map a message M of any length into a shorter and fixed-length value H(M), which is called hash value, hash value (Hash Value), and hash Value or Message Digest.
  • the hash function is a one-way cryptosystem, that is, an irreversible mapping from plaintext to ciphertext, with only an encryption process and no decryption process.
  • the information to be signed may be hashed by MD5, SHA-1 or SHA-2 algorithms.
  • the MD5 encryption algorithm Since the MD5 encryption algorithm generates a 32-bit MD5 code, and the SHA encryption algorithm generates a 40-bit SHA code, in terms of the security of cryptanalysis, using the SHA encryption algorithm (SHA-1 or SHA-2 algorithm) is better than using MD5.
  • Algorithm encryption is less susceptible to cryptanalysis attacks; in terms of operating speed, encryption using MD5 algorithm runs faster and has higher performance than encryption using SHA algorithm. Therefore, when considering the encryption speed of data encryption, you can choose the MD5 encryption algorithm, and when considering the security of data encryption, you can choose the SHA encryption algorithm.
  • a hash number with a preset number of bits is obtained.
  • the first hash number is a 32-bit hash number.
  • the random number cache channel is a pre-established cache channel for caching random arrays.
  • the random number cache channel can be implemented by starting a coroutine. Define a random number cache channel in advance, and then store the generated random array in the random number cache channel.
  • the traditional way to obtain the random number section array is realized through urandom file lock.
  • this step obtains a random number array from the random number cache channel.
  • the random number can be directly obtained through the random number cache channel, thereby bypassing the file lock that may be caused by multi-threaded concurrent signatures. competition.
  • the signature random number is a 32-bit random number array.
  • S60 Perform a hash operation on the signature key, the signature random number, and the first hash number to obtain a second hash number.
  • a hash operation is performed again to obtain a second hash number.
  • the signature key, the signature random number, and the first hash number may be hashed by using the SHA-512 algorithm to obtain the second hash number.
  • S70 Encrypt the second hash number by using an asymmetric encryption algorithm to obtain the encrypted hash number.
  • An asymmetric encryption algorithm requires two keys: a public key (publickey: public key for short) and a private key (privatekey: private key for short).
  • the public key and the private key are a pair. If the public key is used to encrypt data, only the corresponding private key can be used to decrypt it. Since encryption and decryption use two different keys, this algorithm is called an asymmetric encryption algorithm.
  • a public key and a private key are pre-allocated.
  • a key management center can be used to generate a key pair (public key and private key) for each node (client).
  • the Key Management Center (KMC, Key Management Center) is an important part of the public key infrastructure and is responsible for providing key generation, storage, backup, update, restoration, or query for the certification authority (CA, Certification Authority) system. Key service to solve the key management problems caused by large-scale cryptographic technology applications in distributed enterprise application environments.
  • the second hash number is encrypted by the private key of the node using an asymmetric encryption algorithm to obtain the encrypted hash number.
  • an asymmetric encryption algorithm such as RSA or Elgamal may be used to encrypt the second hash number.
  • S80 Send the encrypted hash number and node identity information to the client.
  • the node identity information and the signature key according to the data signature request; then combine the signature information and the node identity information to obtain the information to be signed;
  • the information to be signed is hashed to obtain the first hash number; an array of random numbers is obtained from the random number cache channel as the signature random number; the signature key, the signature random number, and the first hash are obtained.
  • the Greek number performs a hash operation to obtain the second hash number; the second hash number is encrypted by an asymmetric encryption algorithm to obtain the encrypted hash number; finally the encrypted hash number and node identity information are sent to the client .
  • this method caches the random number array in advance through the cached channel, and obtains the random number directly through the channel when signing, thereby bypassing the file lock competition that may be caused by multi-threaded concurrent signing, and better guarantees the CPU
  • the performance improves the concurrency of the processor.
  • by performing multiple hash operations on the signature information and then encrypting it it is possible to ensure that the data is not easily tampered with, and the security of the data is also ensured.
  • combining the signature information and the node identity information may include:
  • the rand() function can be used to produce random numbers.
  • the range of the random number can be determined according to the data length of the signature information or the node identity information. Exemplarily, if the range of the random number is set according to the data length of the node identity information, taking the data length of the node identity information as an example, the range of the random number generated can be set to be 1-8 or 0-7. Integer.
  • S32 Determine an information insertion position from the signature information or the node identity information according to the random number.
  • the information insertion position is determined from the signature information or the node identity information according to the random number.
  • the information insertion position is used to indicate the specific combination position of the two pieces of information when combining the signature information and the node identity information. Specifically, taking the insertion of the signature information into the node identity information as an example, the insertion position is determined from the node identity information according to a random number.
  • the node identity information can be used to determine the information insertion position from the node identity information based on random numbers in a left-to-right or right-to-left manner. Understandably, the process of inserting the node identity information into the signature information is similar to the foregoing process of inserting the signature information into the node identity information, and will not be repeated here.
  • the signature information and the node identity information are combined according to the information insertion position. Specifically, both the signature information and the node identity information are inserted into the other party according to the information insertion position (the signature information is inserted into the node identity information or the node identity information is inserted into the signature information) to obtain a combination information.
  • the random number is added to the combined information to obtain the information to be signed, so that the subsequent data can be restored based on the random number.
  • a random function is used to generate a random number; then the information insertion position is determined from the signature information or the node identity information according to the random number; the signature information and the node identity information are combined according to the insertion position.
  • the identity information is combined to obtain combined information; finally, the random number is added to the combined information to obtain the information to be signed.
  • more diversified choices are made for the combined location, which better guarantees the security of the information.
  • the method for signing data in the blockchain further includes:
  • S51 Create a random number cache channel with a preset capacity.
  • a coroutine is started to create a random number cache channel with a preset capacity.
  • a buffer can be used to create the random number cache channel.
  • the random number buffer channel in the buffer will prevent data transmission to the random number buffer channel when the buffer data storage is full. When the data in the buffer is empty, data reception to the random number buffer channel will be blocked.
  • the random number cache channel can be created as follows:
  • ch: make(chan type, capacity).
  • the data type is defined by "type”
  • the capacity of the cache channel is defined by "capacity”.
  • the data type of the random number buffer channel can be defined as an array type.
  • S52 Generate a random number array repeatedly in a preset manner, and store the generated random number array in the random number buffer channel, and stop generating the random number array until the random number buffer channel is full.
  • the preset method refers to a method of generating a random number array.
  • the random number array can be generated through the random function rand(), and each generated random number array is stored in the random number buffer channel. When the random number buffer channel is full, the step of generating the random number array is stopped.
  • the length in the random number buffer channel can be read to determine whether the random number buffer channel is full.
  • length refers to the number of elements in the current buffer channel.
  • a random number cache channel with a preset capacity is first created, and a random number array is repeatedly generated in a preset manner, and the generated random number array is stored in the random number cache channel, Until the random number buffer channel is full, stop generating the random number array. This ensures the efficiency of caching the random number array in the random number cache channel, further ensures the efficiency of subsequent reading of the random number array, and improves the concurrency of the processor.
  • the method for signing data in the blockchain further includes:
  • a coroutine is started to create a random number cache channel with a preset capacity. It can be created as follows:
  • ch: make(chan type, capacity).
  • the data type is defined by "type”
  • the capacity of the cache channel is defined by "capacity”.
  • the data type of the random number buffer channel is defined as an array.
  • S52' Generate a random number array repeatedly in a preset manner, and store the generated random number array in the random number buffer channel, and stop generating the random number array until the random number buffer channel is full .
  • the random number array can be generated by the random function rand(), and each generated random number array can be stored in the random number buffer channel. When the random number buffer channel is full, the step of generating the random number array is stopped.
  • the length in the random number buffer channel can be read to determine whether the random number buffer channel is full.
  • length refers to the number of elements in the current buffer channel.
  • S53' Obtain a preset number of random number arrays from the random number cache channel, and transfer the acquired random number arrays to the array object pool.
  • the preset number is determined according to the size of the array object pool, and the preset number of random number arrays obtained from the random number cache channel are transferred to the array object pool to improve the subsequent acquisition efficiency of the random number array.
  • an array object pool is also constructed, and after the random number array is filled in the random number cache channel, a preset number of random number arrays are transferred to the array object pool In order to facilitate subsequent acquisition of random number arrays, increase the speed of data acquisition, and reduce the impact on CPU performance.
  • the method for signing data in the blockchain before obtaining a random number array from the random number cache channel, the method for signing data in the blockchain further includes:
  • the method for signing data in the blockchain further includes:
  • S53 Generate a new random number array in a preset manner, and store the newly generated random number array in the random number buffer channel.
  • the server After obtaining the random number array from the random number cache channel, the server randomly generates a new random number array through a preset method, and stores the newly generated random number array in the random number cache channel to ensure data Timeliness of generation.
  • the signature random number is obtained from the random number cache channel, the signature random number is put into the temporary object pool to facilitate subsequent reuse of the signature random number to facilitate data recycling.
  • a temporary object pool is first constructed, and after the random number array is obtained from the random number cache channel, a new random number array is generated in a preset manner, and the newly generated random number array is stored in The random number cache channel. Put the signed random number into the temporary object pool.
  • the timeliness of data update is guaranteed, and the multiplexing of signed random numbers is increased to facilitate the recycling of data.
  • a device for signing data in a blockchain corresponds to the method for signing data in the blockchain in the above-mentioned embodiment in a one-to-one correspondence.
  • the device for signing data in the blockchain includes a signature request acquiring module 10, a signature key acquiring module 20, a combination module 30, a first hash operation module 40, a random number acquiring module 50, and a second hash module.
  • Greek arithmetic module 60, encryption module 70 and sending module 80 is as follows:
  • the signature request acquiring module 10 is configured to acquire a data signature request, where the data signature request includes signature information;
  • the signature key acquisition module 20 is configured to acquire the node identity information and the signature key according to the data signature request;
  • the combination module 30 is configured to combine the signature information and the node identity information to obtain the information to be signed;
  • the first hash operation module 40 is configured to perform a hash operation on the information to be signed to obtain a first hash number
  • the random number acquisition module 50 is used to acquire a random number array from the random number cache channel as a signature random number;
  • the second hash operation module 60 is configured to perform a hash operation on the signature key, the signature random number, and the first hash number to obtain a second hash number;
  • the encryption module 70 is used to encrypt the second hash number by an asymmetric encryption algorithm to obtain the encrypted hash number;
  • the sending module 80 is configured to send the encrypted hash number and node identity information to the client.
  • the combination module includes a random number generation unit 31, an insertion position determination unit 32, a combination information acquisition unit 33 and a to-be-signed information acquisition unit 34.
  • the random number generating unit 31 is configured to generate a random number by using a random function
  • the insertion position determining unit 32 is configured to determine the information insertion position from the signature information or the node identity information according to the random number;
  • the combined information obtaining unit 33 is configured to combine the signature information and the node identity information according to the information insertion position to obtain combined information;
  • the information to be signed acquisition unit 34 is configured to add the random number to the combined information to obtain the information to be signed.
  • the device for signing data in the blockchain further includes a creation module 51, a cache channel storage module 52 and an object pool construction module 53.
  • the creation module 51 is used to create a random number cache channel with a preset capacity and build an array object pool;
  • the cache channel storage module 52 is configured to repeatedly generate a random number array in a preset manner, and store the generated random number array in the random number cache channel, and stop generating until the random number cache channel is full The random number array;
  • the object pool construction module 53 is configured to obtain a preset number of random number arrays from the random number cache channel, and transfer the obtained random number arrays to the array object pool.
  • the device for signing data in the blockchain is also used to create a random number cache channel with a preset capacity; repeatedly generate a random number array in a preset manner, and store the generated random number array in the random number array. In the number buffer channel, until the random number buffer channel is full, stop generating the random number array.
  • the data signing device in the blockchain is also used to construct a temporary object pool; and, after the random number array is obtained from the random number cache channel, the data signing device in the blockchain is also used To generate a new random number array in a preset manner, and store the newly generated random number array in the random number cache channel; and put the signed random number into the temporary object pool.
  • Each module in the device for data signing in the above-mentioned blockchain can be implemented in whole or in part by software, hardware, and a combination thereof.
  • the above-mentioned modules may be embedded in the form of hardware or independent of the processor in the computer equipment, or may be stored in the memory of the computer equipment in the form of software, so that the processor can call and execute the operations corresponding to the above-mentioned modules.
  • a computer device is provided.
  • the computer device may be a server, and its internal structure diagram may be as shown in FIG. 10.
  • the computer equipment includes a processor, a memory, a network interface, and a database connected through a system bus. Among them, the processor of the computer device is used to provide calculation and control capabilities.
  • the memory of the computer device includes a non-volatile storage medium and an internal memory.
  • the non-volatile storage medium stores an operating system, a computer program, and a database.
  • the internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage medium.
  • the database of the computer equipment is used for the data used in the method for data signing in the blockchain described in the above embodiment.
  • the network interface of the computer device is used to communicate with an external terminal through a network connection.
  • the computer program is executed by the processor to realize a method of data signature in the blockchain.
  • a computer device including a memory, a processor, and a computer program stored in the memory and capable of running on the processor, and the processor implements the following steps when the processor executes the computer program:
  • a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, the following steps are implemented:
  • the computer-readable storage medium may be non-volatile or volatile.
  • a person of ordinary skill in the art can understand that all or part of the processes in the above-mentioned embodiment methods can be implemented by instructing relevant hardware through a computer program.
  • the computer program can be stored in a non-volatile computer readable storage.
  • the medium when the computer program is executed, it may include the procedures of the above-mentioned method embodiments.
  • any reference to memory, storage, database or other media used in the embodiments provided in this application may include non-volatile and/or volatile memory.
  • Non-volatile memory may include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory.
  • Volatile memory may include random access memory (RAM) or external cache memory.
  • RAM is available in many forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous chain Channel (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.

Abstract

A data signature method and device for use in a blockchain, a computer apparatus, and a storage medium. The data signature method for use in a blockchain comprises: during a digital signature process, caching a random number array in advance by means of a random number cache channel, such that a random number is directly acquired during signing by means of the random number cache channel, thereby bypassing a possible file lock competition caused by multiple threads performing signing in parallel, ensuring the performance of the CPU, and improving the parallel processing capability of a processor. Moreover, signature information has undergone multiple hash operations before being encrypted, thus preventing data from being easily tampered with, and ensuring the security of the data.

Description

区块链中数据签名的方法、装置、计算机设备及存储介质Method, device, computer equipment and storage medium for data signature in blockchain
本申请要求于2019年09月06日提交中国专利局、申请号为201910842139.3,发明名称为“区块链中数据签名的方法、装置、计算机设备及存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application requires the priority of a Chinese patent application filed with the Chinese Patent Office on September 6, 2019, the application number is 201910842139.3, and the invention title is "Methods, devices, computer equipment and storage media for data signing in blockchain". The entire content is incorporated into this application by reference.
技术领域Technical field
本申请涉及数据处理领域,尤其涉及一种区块链中数据签名的方法、装置、计算机设备及存储介质。This application relates to the field of data processing, and in particular to a method, device, computer equipment, and storage medium for data signing in a blockchain.
背景技术Background technique
区块链一般被理解为一个分布式账本,它的本质也是一个分布式的数据库。在联盟链场景中,为保证提议阶段的数据不被篡改,提议请求中的内容数据都需要签名,而在签名的过程需要用到一个随机数字节数组。在现有的系统中,获取随机数字节数组是通过urandom文件锁实现的。发明人意识到,每次数据签名都需要实时调用系统资源来获取随机数,耗时过长。并且当多个线程同时需要进行数据的签名时,容易引发文件锁的竞争,进而影响CPU本身的性能,降低了处理器的并发能力。Blockchain is generally understood as a distributed ledger, and its essence is also a distributed database. In the alliance chain scenario, in order to ensure that the data in the proposal phase is not tampered with, the content data in the proposal request needs to be signed, and a random number section array is used in the signing process. In the existing system, obtaining the random number section array is realized through the urandom file lock. The inventor realized that every time a data signature needs to call system resources in real time to obtain a random number, it takes too long. And when multiple threads need to sign data at the same time, it is easy to cause file lock competition, which in turn affects the performance of the CPU itself, and reduces the concurrency of the processor.
发明内容Summary of the invention
本申请实施例提供一种区块链中数据签名的方法、装置、计算机设备及存储介质,以解决数据签名过程中影响处理器的并发能力的问题。The embodiments of the present application provide a method, device, computer equipment, and storage medium for data signing in a blockchain to solve the problem of affecting the concurrency of the processor during the data signing process.
一种区块链中数据签名的方法,包括:A method for signing data in a blockchain includes:
获取数据签名请求,所述数据签名请求包括签名信息;Acquiring a data signature request, where the data signature request includes signature information;
根据所述数据签名请求获取节点身份信息和签名密钥;Obtaining node identity information and signing key according to the data signing request;
将所述签名信息和所述节点身份信息进行组合,得到待签名信息;Combine the signature information and the node identity information to obtain the information to be signed;
对所述待签名信息进行哈希运算,得到第一哈希数;Perform a hash operation on the information to be signed to obtain the first hash number;
从随机数缓存通道中获取一随机数数组,作为签名随机数;Obtain a random number array from the random number cache channel as a signature random number;
对所述签名密钥、所述签名随机数和所述第一哈希数进行哈希运算,得到第二哈希数;Performing a hash operation on the signature key, the signature random number, and the first hash number to obtain a second hash number;
通过非对称加密算法对第二哈希数进行加密,得到加密哈希数;Encrypt the second hash number by an asymmetric encryption algorithm to obtain the encrypted hash number;
将所述加密哈希数和节点身份信息发送至客户端。Send the encrypted hash number and node identity information to the client.
一种区块链中数据签名的装置,包括:A device for signing data in a blockchain includes:
签名请求获取模块,用于获取数据签名请求,所述数据签名请求包括签名信息;A signature request acquisition module, configured to acquire a data signature request, the data signature request including signature information;
签名密钥获取模块,用于根据所述数据签名请求获取节点身份信息和签名密钥;A signature key acquisition module, configured to acquire node identity information and a signature key according to the data signature request;
组合模块,用于将所述签名信息和所述节点身份信息进行组合,得到待签名信息;The combination module is used to combine the signature information and the node identity information to obtain the information to be signed;
第一哈希运算模块,用于对所述待签名信息进行哈希运算,得到第一哈希数;The first hash operation module is configured to perform a hash operation on the information to be signed to obtain the first hash number;
随机数获取模块,用于从随机数缓存通道中获取一随机数数组,作为签名随机数;Random number acquisition module, used to acquire a random number array from the random number cache channel as a signature random number;
第二哈希运算模块,用于对所述签名密钥、所述签名随机数和所述第一哈希数进行哈希运算,得到第二哈希数;A second hash operation module, configured to perform a hash operation on the signature key, the signature random number, and the first hash number to obtain a second hash number;
加密模块,用于通过非对称加密算法对第二哈希数进行加密,得到加密哈希数;The encryption module is used to encrypt the second hash number through an asymmetric encryption algorithm to obtain the encrypted hash number;
发送模块,用于将所述加密哈希数和节点身份信息发送至客户端。The sending module is used to send the encrypted hash number and node identity information to the client.
一种计算机设备,包括存储器和处理器,所述处理器、和所述存储器相互连接,其中,所述存储器用于存储计算机程序,所述计算机程序包括程序指令,所述处理器用于执行所述存储器的所述程序指令,其中:A computer device includes a memory and a processor, the processor and the memory are connected to each other, wherein the memory is used to store a computer program, the computer program includes program instructions, and the processor is used to execute the The program instructions of the memory, wherein:
获取数据签名请求,所述数据签名请求包括签名信息;Acquiring a data signature request, where the data signature request includes signature information;
根据所述数据签名请求获取节点身份信息和签名密钥;Obtaining node identity information and signing key according to the data signing request;
将所述签名信息和所述节点身份信息进行组合,得到待签名信息;Combine the signature information and the node identity information to obtain the information to be signed;
对所述待签名信息进行哈希运算,得到第一哈希数;Perform a hash operation on the information to be signed to obtain the first hash number;
从随机数缓存通道中获取一随机数数组,作为签名随机数;Obtain a random number array from the random number cache channel as a signature random number;
对所述签名密钥、所述签名随机数和所述第一哈希数进行哈希运算,得到第二哈希数;Performing a hash operation on the signature key, the signature random number, and the first hash number to obtain a second hash number;
通过非对称加密算法对第二哈希数进行加密,得到加密哈希数;Encrypt the second hash number by an asymmetric encryption algorithm to obtain the encrypted hash number;
将所述加密哈希数和节点身份信息发送至客户端。Send the encrypted hash number and node identity information to the client.
一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,所述计算机程序包括程序指令,所述程序指令被处理器执行时,用于实现以下步骤:A computer-readable storage medium, the computer-readable storage medium stores a computer program, the computer program includes program instructions, and when the program instructions are executed by a processor, they are used to implement the following steps:
获取数据签名请求,所述数据签名请求包括签名信息;Acquiring a data signature request, where the data signature request includes signature information;
根据所述数据签名请求获取节点身份信息和签名密钥;Obtaining node identity information and signing key according to the data signing request;
将所述签名信息和所述节点身份信息进行组合,得到待签名信息;Combine the signature information and the node identity information to obtain the information to be signed;
对所述待签名信息进行哈希运算,得到第一哈希数;Perform a hash operation on the information to be signed to obtain the first hash number;
从随机数缓存通道中获取一随机数数组,作为签名随机数;Obtain a random number array from the random number cache channel as a signature random number;
对所述签名密钥、所述签名随机数和所述第一哈希数进行哈希运算,得到第二哈希数;Performing a hash operation on the signature key, the signature random number, and the first hash number to obtain a second hash number;
通过非对称加密算法对第二哈希数进行加密,得到加密哈希数;Encrypt the second hash number by an asymmetric encryption algorithm to obtain the encrypted hash number;
将所述加密哈希数和节点身份信息发送至客户端。Send the encrypted hash number and node identity information to the client.
上述区块链中数据签名的方法、装置、计算机设备及存储介质中,在获取数据签名请求之后,根据所述数据签名请求获取节点身份信息和签名密钥;再将所述签名信息和所述节点身份信息组合,得到待签名信息;将所述待签名信息进行哈希运算,得到第一哈希数;从随机数缓存通道中获取一随机数数组,作为签名随机数;对所述签名密钥、所述签名随机数和所述第一哈希数进行哈希运算,得到第二哈希数;通过非对称加密算法对第二哈希数进行加密,得到加密哈希数;最后将所述加密哈希数和节点身份信息发送至客户端。该方法在进行数字签名的过程中通过随机数缓存通道提前缓存随机数数组,签名时直接通过随机数缓存通道获取随机数,从而绕开可能因多线程并发签名时引起的文件锁竞争,更好地保证了CPU的性能,提高了处理器的并发能力。并且,通过将签名信息进行多次哈希运算之后再进行加密,能够很好地保证数据不轻易受到篡改,也保证了数据的安全性。In the above-mentioned method, device, computer equipment and storage medium for data signature in the blockchain, after obtaining the data signature request, obtain the node identity information and the signature key according to the data signature request; then combine the signature information with the The node identity information is combined to obtain the information to be signed; the information to be signed is hashed to obtain the first hash number; an array of random numbers is obtained from the random number cache channel as the signature random number; the signature is encrypted The key, the signature random number, and the first hash number are hashed to obtain the second hash number; the second hash number is encrypted by an asymmetric encryption algorithm to obtain the encrypted hash number; finally The encrypted hash number and node identity information are sent to the client. In the process of digital signature, this method caches the random number array in advance through the random number cache channel, and directly obtains the random number through the random number cache channel when signing, thereby avoiding file lock competition that may be caused by multi-threaded concurrent signatures, which is better This guarantees the performance of the CPU and improves the concurrency of the processor. Moreover, by performing multiple hash operations on the signature information and then encrypting it, it is possible to ensure that the data is not easily tampered with, and the security of the data is also ensured.
附图说明Description of the drawings
图1是本申请一实施例中区块链中数据签名的方法的一应用环境示意图;FIG. 1 is a schematic diagram of an application environment of a method for data signing in a blockchain in an embodiment of the present application;
图2是本申请一实施例中区块链中数据签名的方法的一流程图;FIG. 2 is a flowchart of a method for data signing in a blockchain in an embodiment of the present application;
图3是本申请一实施例中区块链中数据签名的方法的另一流程图;FIG. 3 is another flowchart of a method for data signing in a blockchain in an embodiment of the present application;
图4是本申请一实施例中区块链中数据签名的方法的另一流程图;FIG. 4 is another flowchart of a method for data signing in a blockchain in an embodiment of the present application;
图5是本申请一实施例中区块链中数据签名的方法的另一流程图;FIG. 5 is another flowchart of a method for data signing in a blockchain in an embodiment of the present application;
图6是本申请一实施例中区块链中数据签名的方法的另一流程图;Fig. 6 is another flowchart of a method for data signing in a blockchain in an embodiment of the present application;
图7是本申请一实施例中区块链中数据签名的装置的一示意图;FIG. 7 is a schematic diagram of a data signing device in a blockchain in an embodiment of the present application;
图8是本申请一实施例中区块链中数据签名的装置的另一示意图;FIG. 8 is another schematic diagram of a data signing device in a blockchain in an embodiment of the present application;
图9是本申请一实施例中区块链中数据签名的装置的另一示意图;FIG. 9 is another schematic diagram of a data signing device in a blockchain in an embodiment of the present application;
图10是本申请一实施例中计算机设备的一示意图。Fig. 10 is a schematic diagram of a computer device in an embodiment of the present application.
具体实施方式detailed description
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The technical solutions in the embodiments of the present application will be described clearly and completely in conjunction with the accompanying drawings in the embodiments of the present application. Obviously, the described embodiments are part of the embodiments of the present application, rather than all of them. Based on the embodiments in this application, all other embodiments obtained by a person of ordinary skill in the art without creative work shall fall within the protection scope of this application.
本申请实施例提供的区块链中数据签名的方法,可应用在如图1的应用环境中,其中,客户端(计算机设备)通过网络与服务端进行通信。服务端获取客户端发送的数据签名请求,所述数据签名请求包括签名信息;根据所述数据签名请求获取节点身份信息和签名密钥;将所述签名信息和所述节点身份信息进行组合,得到待签名信息;将所述待签名信息进行哈希运算,得到第一哈希数;从随机数缓存通道中获取一随机数数组,作为签名随机数;对所述签名密钥、所述签名随机数和所述第一哈希数进行哈希运算,得到第二哈希数;通过非对称加密算法对第二哈希数进行加密,得到加密哈希数;将所述加密哈希数和节点身份信息发送至客户端。其中,客户端(计算机设备)可以但不限于各种个人计算机、笔记本电脑、智能手机、平板电脑和便携式可穿戴设备。服务端可以用独立的服务器或者是多个服务器组成的服务器集群来实现。The method for data signature in the blockchain provided by the embodiment of the present application can be applied in the application environment as shown in FIG. 1, in which the client (computer equipment) communicates with the server through the network. The server obtains the data signing request sent by the client, the data signing request includes signature information; obtains the node identity information and the signing key according to the data signing request; combines the signature information and the node identity information to obtain Information to be signed; hash the information to be signed to obtain the first hash number; obtain an array of random numbers from the random number cache channel as the signature random number; to the signature key and the signature random Perform a hash operation on the number and the first hash number to obtain the second hash number; encrypt the second hash number by an asymmetric encryption algorithm to obtain the encrypted hash number; combine the encrypted hash number with the node The identity information is sent to the client. Among them, the client (computer equipment) can be, but is not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices. The server can be implemented with an independent server or a server cluster composed of multiple servers.
在一实施例中,如图2所示,提供一种区块链中数据签名的方法,以该方法应用在图1中的服务端为例进行说明,包括如下步骤:In one embodiment, as shown in FIG. 2, a method for data signing in a blockchain is provided. Taking the method applied to the server in FIG. 1 as an example for description, the method includes the following steps:
S10:获取数据签名请求,所述数据签名请求包括签名信息。S10: Obtain a data signature request, where the data signature request includes signature information.
其中,所述数据签名请求为对数据发起签名的触发请求。可选地,该数据签名请求可以由客户端发起,也可以由服务端触发。数据签名请求中包括签名信息,该签名信息可以为原始的需要进行签名的数据,也可以为经过处理后的签名数据。示例性地,可以为需要进行签名的数据进行哈希运算,得到一个哈希值,构成签名信息。在此场景下,也可以由客户端发送需要进行签名的数据到服务端,服务端再对该需要进行签名的数据进行哈希运算,得到一个哈希值,构成签名信息,进而生成一个数据签名请求。Wherein, the data signature request is a trigger request for initiating a signature on data. Optionally, the data signing request can be initiated by the client or triggered by the server. The data signature request includes signature information, and the signature information may be original data that needs to be signed, or processed signature data. Exemplarily, a hash operation may be performed for the data that needs to be signed to obtain a hash value to form signature information. In this scenario, the client can also send the data that needs to be signed to the server, and the server then hashes the data that needs to be signed to obtain a hash value to form the signature information, and then generate a data signature request.
S20:根据所述数据签名请求获取节点身份信息和签名密钥。S20: Obtain the node identity information and the signature key according to the data signing request.
具体地,可以根据数据签名请求的发送端(客户端)对应的标识来获取到该发送端对应的节点身份信息和签名密钥。节点身份信息为对应客户端的身份信息,该身份信息可以通过不同的形式来体现,例如数字、字母、符号或者文字中的至少一项。签名密钥为不同客户端所携带的密钥。Specifically, the node identity information and signature key corresponding to the sending end can be obtained according to the identifier corresponding to the sending end (client) of the data signing request. The node identity information is the identity information of the corresponding client, and the identity information can be embodied in different forms, such as at least one of numbers, letters, symbols, or words. The signature key is a key carried by different clients.
可选地,可以通过查询本地MSP(Membership service provider)信息获取节点身份 信息和签名密钥。MSP是一个提供虚拟成员操作的管理框架的组件。MSP抽取出签发和验证证书以及用户认证背后的所有加密机制和协议。MSP可以定义自己的身份概念,以及这些身份管理的规则(身份验证)和身份验证(签名生成和验证)。Optionally, the node identity information and signature key can be obtained by querying local MSP (Membership service provider) information. MSP is a component that provides a management framework for virtual member operations. MSP extracts all the encryption mechanisms and protocols behind issuing and verifying certificates and user authentication. MSP can define its own identity concept, as well as these identity management rules (identity verification) and identity verification (signature generation and verification).
S30:将所述签名信息和所述节点身份信息组合,得到待签名信息。S30: Combine the signature information and the node identity information to obtain information to be signed.
具体地,可以直接将所述签名信息和所述节点身份信息组合在一起,形成待签名信息。示例性地,可以按照“签名信息+节点身份信息”或者“节点身份信息+签名信息”的方式进行组合,得到待签名信息。进一步地,也可以将节点身份信息插入到签名信息中的任一位置中,并形成一位置标识,以供后续验证时做对应的操作,进一步提供了数据的安全性。Specifically, the signature information and the node identity information can be directly combined to form the information to be signed. Exemplarily, a combination of "signature information + node identity information" or "node identity information + signature information" can be used to obtain the information to be signed. Further, the node identity information can also be inserted into any position in the signature information, and a position identification is formed for subsequent verification to perform corresponding operations, which further provides data security.
S40:对所述待签名信息进行哈希运算,得到第一哈希数。S40: Perform a hash operation on the information to be signed to obtain a first hash number.
哈希运算通常通过哈希函数实现,哈希函数(Hash Function),也称为散列函数或杂凑函数。哈希函数是一个公开函数,可以将任意长度的消息M映射成为一个长度较短且长度固定的值H(M),称H(M)为哈希值、散列值(Hash Value)、杂凑值或者消息摘要(Message Digest)。哈希函数是一种单向密码体制,即一个从明文到密文的不可逆映射,只有加密过程,没有解密过程。示例性地,可以通过MD5、SHA-1或SHA-2算法对所述待签名信息进行哈希运算。由于MD5加密算法生成的是32位MD5码,SHA加密算法生成的是40位SHA码,所以在密码分析的安全性上,使用SHA加密算法(SHA-1或SHA-2算法)加密比使用MD5算法加密更不易受密码分析的攻击;在运行速度上,使用MD5算法加密比使用SHA算法加密的运行速度更快,性能更高。因此,在考虑数据加密的加密速度时,可以选择MD5加密算法,在考虑数据加密的安全性时,可以选择SHA加密算法。通过将待签名信息进行哈希运算,得到一个预设位数的第一哈希数。示例性地,该第一哈希数为一个32位的哈希数。Hash operation is usually implemented through a hash function, a hash function, which is also called a hash function or hash function. The hash function is a public function that can map a message M of any length into a shorter and fixed-length value H(M), which is called hash value, hash value (Hash Value), and hash Value or Message Digest. The hash function is a one-way cryptosystem, that is, an irreversible mapping from plaintext to ciphertext, with only an encryption process and no decryption process. Exemplarily, the information to be signed may be hashed by MD5, SHA-1 or SHA-2 algorithms. Since the MD5 encryption algorithm generates a 32-bit MD5 code, and the SHA encryption algorithm generates a 40-bit SHA code, in terms of the security of cryptanalysis, using the SHA encryption algorithm (SHA-1 or SHA-2 algorithm) is better than using MD5. Algorithm encryption is less susceptible to cryptanalysis attacks; in terms of operating speed, encryption using MD5 algorithm runs faster and has higher performance than encryption using SHA algorithm. Therefore, when considering the encryption speed of data encryption, you can choose the MD5 encryption algorithm, and when considering the security of data encryption, you can choose the SHA encryption algorithm. By performing a hash operation on the information to be signed, a first hash number with a preset number of bits is obtained. Exemplarily, the first hash number is a 32-bit hash number.
S50:从随机数缓存通道中获取一随机数数组,作为签名随机数。S50: Obtain a random number array from the random number cache channel as the signature random number.
随机数缓存通道为预先建立的一个缓存通道,用以缓存随机数组。该随机数缓存通道可以通过启动一个协程来实现。预先定义一个随机数缓存通道,再往该随机数缓存通道中存入生成的随机数组。传统的获取随机数字节数组的方式是通过urandom文件锁实现的。然而,每次数据签名都需要实时调用系统资源来获取随机数,耗时过长。并且当多个线程同时需要进行数据的签名时,容易引发文件锁的竞争。在本实施例中该步骤从从随机数缓存通道中获取一随机数数组,作为签名随机数,可以直接通过随机数缓存通道获取随机数,从而绕开可能因多线程并发签名时引起的文件锁竞争。可选地,该签名随机数为一个32位的随机数数组。The random number cache channel is a pre-established cache channel for caching random arrays. The random number cache channel can be implemented by starting a coroutine. Define a random number cache channel in advance, and then store the generated random array in the random number cache channel. The traditional way to obtain the random number section array is realized through urandom file lock. However, every time a data signature needs to call system resources in real time to obtain a random number, it takes too long. And when multiple threads need to sign data at the same time, it is easy to cause file lock competition. In this embodiment, this step obtains a random number array from the random number cache channel. As a signature random number, the random number can be directly obtained through the random number cache channel, thereby bypassing the file lock that may be caused by multi-threaded concurrent signatures. competition. Optionally, the signature random number is a 32-bit random number array.
S60:对所述签名密钥、所述签名随机数和所述第一哈希数进行哈希运算,得到第二哈希数。S60: Perform a hash operation on the signature key, the signature random number, and the first hash number to obtain a second hash number.
在该步骤中,将所述签名密钥、所述签名随机数和所述第一哈希数进行整合之后再进行一次哈希运算,得到一个第二哈希数。可选地,可以通过SHA-512算法对所述签名密钥、所述签名随机数和所述第一哈希数进行哈希运算,得到第二哈希数。In this step, after integrating the signature key, the signature random number, and the first hash number, a hash operation is performed again to obtain a second hash number. Optionally, the signature key, the signature random number, and the first hash number may be hashed by using the SHA-512 algorithm to obtain the second hash number.
S70:通过非对称加密算法对第二哈希数进行加密,得到加密哈希数。S70: Encrypt the second hash number by using an asymmetric encryption algorithm to obtain the encrypted hash number.
非对称加密算法需要两个密钥:公开密钥(publickey:简称公钥)和私有密钥(privatekey:简称私钥)。公钥与私钥是一对,如果用公钥对数据进行加密,只有用对应的私钥才能解密。由于加密和解密使用的是两个不同的密钥,所以这种算法叫作非对称加密算法。对于每一节点,都预先分配了公钥和私钥。可选地,可以通过一个密钥管理中心来为每一节点(客户端)生成密钥对(公钥和私钥)。密钥管理中心(KMC,Key Management Center)是公钥基础设施中的一个重要组成部分,负责为认证中心(CA,Certification Authority)系统提供密钥的生成、保存、备份、更新、恢复或查询等密钥服务,以解决分布式企业应用环境中大规模密码技术应用所带来的密钥管理问题。通过该节点的私钥采用非对称加密算法对第二哈希数进行加密,得到加密哈希数。可选地,可以采用RSA或Elgamal等非对称加密算法对第二哈希数进行加密。An asymmetric encryption algorithm requires two keys: a public key (publickey: public key for short) and a private key (privatekey: private key for short). The public key and the private key are a pair. If the public key is used to encrypt data, only the corresponding private key can be used to decrypt it. Since encryption and decryption use two different keys, this algorithm is called an asymmetric encryption algorithm. For each node, a public key and a private key are pre-allocated. Optionally, a key management center can be used to generate a key pair (public key and private key) for each node (client). The Key Management Center (KMC, Key Management Center) is an important part of the public key infrastructure and is responsible for providing key generation, storage, backup, update, restoration, or query for the certification authority (CA, Certification Authority) system. Key service to solve the key management problems caused by large-scale cryptographic technology applications in distributed enterprise application environments. The second hash number is encrypted by the private key of the node using an asymmetric encryption algorithm to obtain the encrypted hash number. Optionally, an asymmetric encryption algorithm such as RSA or Elgamal may be used to encrypt the second hash number.
S80:将所述加密哈希数和节点身份信息发送至客户端。S80: Send the encrypted hash number and node identity information to the client.
将完成数据签名之后的加密哈希数和节点身份信息发送至客户端。Send the encrypted hash number and node identity information after the data signature is completed to the client.
在本实施例中,在获取数据签名请求之后,根据所述数据签名请求获取节点身份信息和签名密钥;再将所述签名信息和所述节点身份信息组合,得到待签名信息;将所述待签名信息进行哈希运算,得到第一哈希数;从随机数缓存通道中获取一随机数数组,作为签名随机数;对所述签名密钥、所述签名随机数和所述第一哈希数进行哈希运算,得到第二哈希数;通过非对称加密算法对第二哈希数进行加密,得到加密哈希数;最后将所述加密哈希数和节点身份信息发送至客户端。该方法在进行数字签名的过程中通过缓存的channel提前缓存随机数数组,签名时直接通过channel获取随机数,从而绕开可能因多线程并发签名时引起的文件锁竞争,更好地保证了CPU的性能,提高了处理器的并发能力。并且,通过将签名信息进行多次哈希运算之后再进行加密,能够很好地保证数据不轻易受到篡改,也保证了数据的安全性。In this embodiment, after obtaining the data signature request, obtain the node identity information and the signature key according to the data signature request; then combine the signature information and the node identity information to obtain the information to be signed; The information to be signed is hashed to obtain the first hash number; an array of random numbers is obtained from the random number cache channel as the signature random number; the signature key, the signature random number, and the first hash are obtained The Greek number performs a hash operation to obtain the second hash number; the second hash number is encrypted by an asymmetric encryption algorithm to obtain the encrypted hash number; finally the encrypted hash number and node identity information are sent to the client . In the process of digital signature, this method caches the random number array in advance through the cached channel, and obtains the random number directly through the channel when signing, thereby bypassing the file lock competition that may be caused by multi-threaded concurrent signing, and better guarantees the CPU The performance improves the concurrency of the processor. Moreover, by performing multiple hash operations on the signature information and then encrypting it, it is possible to ensure that the data is not easily tampered with, and the security of the data is also ensured.
在一个实施例中,如图3所示,所述将所述签名信息和所述节点身份信息组合,可以包括:In an embodiment, as shown in FIG. 3, combining the signature information and the node identity information may include:
S31:采用随机函数生成一随机数。S31: Use a random function to generate a random number.
预先设定生成的随机数的范围,采用随机函数生成一个随机数。可选地,可以采用rand()函数来生产随机数。该随机数的范围可以根据签名信息或者所述节点身份信息的数据长度来确定。示例性地,若根据节点身份信息的数据长度来设置随机数的范围,以节点身份信息的数据长度为8为例,则可以设定生成的随机数的范围为1-8或者0-7的整数。Set the range of random numbers to be generated in advance, and use a random function to generate a random number. Optionally, the rand() function can be used to produce random numbers. The range of the random number can be determined according to the data length of the signature information or the node identity information. Exemplarily, if the range of the random number is set according to the data length of the node identity information, taking the data length of the node identity information as an example, the range of the random number generated can be set to be 1-8 or 0-7. Integer.
S32:根据所述随机数从签名信息或者所述节点身份信息中确定信息插入位置。S32: Determine an information insertion position from the signature information or the node identity information according to the random number.
在得到随机数之后,根据该随机数从签名信息或者所述节点身份信息中确定信息插入位置。信息插入位置是用于指示在将所述签名信息和所述节点身份信息组合的时候两个信息的具体组合的位置。具体地,以将签名信息插入节点身份信息为例,根据随机数从节点身份信息中确定插入位置。可以以节点身份信息从左到右或者从右到左的方式根据随机数从节点身份信息中确定信息插入位置。可以理解地,将所述节点身份信息插入签名信息的过程和上述将签名信息插入节点身份信息的过程类似,在此不再赘述。After the random number is obtained, the information insertion position is determined from the signature information or the node identity information according to the random number. The information insertion position is used to indicate the specific combination position of the two pieces of information when combining the signature information and the node identity information. Specifically, taking the insertion of the signature information into the node identity information as an example, the insertion position is determined from the node identity information according to a random number. The node identity information can be used to determine the information insertion position from the node identity information based on random numbers in a left-to-right or right-to-left manner. Understandably, the process of inserting the node identity information into the signature information is similar to the foregoing process of inserting the signature information into the node identity information, and will not be repeated here.
S33:根据所述信息插入位置将所述签名信息和所述节点身份信息组合,得到组合信息。S33: Combine the signature information and the node identity information according to the information insertion position to obtain combined information.
在确定信息插入位置之后,根据所述信息插入位置将所述签名信息和所述节点身份信息组合。具体地,将所述签名信息和所述节点身份信息两者按照信息插入位置将一方插入到另一方当中(将签名信息插入节点身份信息中或者将指节点身份信息插入签名信息中),得到组合信息。After the information insertion position is determined, the signature information and the node identity information are combined according to the information insertion position. Specifically, both the signature information and the node identity information are inserted into the other party according to the information insertion position (the signature information is inserted into the node identity information or the node identity information is inserted into the signature information) to obtain a combination information.
S34:将所述随机数加入到所述组合信息中,得到待签名信息。S34: Add the random number to the combined information to obtain information to be signed.
再将随机数加入到组合信息中,得到待签名信息,以利后续可以根据随机数进行数据的还原。Then the random number is added to the combined information to obtain the information to be signed, so that the subsequent data can be restored based on the random number.
在本实施例中,首先采用随机函数生成一随机数;再根据所述随机数从签名信息或者所述节点身份信息中确定信息插入位置;根据所述插入位置将所述签名信息和所述节点身份信息组合,得到组合信息;最后将所述随机数加入到所述组合信息中,得到待签名信息。在将所述签名信息和所述节点身份信息组合的过程中,对组合位置进行了更多样化的选择,更好地保证了信息的安全性。In this embodiment, first a random function is used to generate a random number; then the information insertion position is determined from the signature information or the node identity information according to the random number; the signature information and the node identity information are combined according to the insertion position. The identity information is combined to obtain combined information; finally, the random number is added to the combined information to obtain the information to be signed. In the process of combining the signature information and the node identity information, more diversified choices are made for the combined location, which better guarantees the security of the information.
在一个实施例中,如图4所示,在所述从随机数缓存通道中获取随机数数组之前,该区块链中数据签名的方法还包括:In an embodiment, as shown in FIG. 4, before the random number array is obtained from the random number cache channel, the method for signing data in the blockchain further includes:
S51:创建预设容量的随机数缓存通道。S51: Create a random number cache channel with a preset capacity.
具体地,启动一个协程,创建预设容量的随机数缓存通道。具体地,可以使用缓冲区创建该随机数缓存通道。该缓冲区中的随机数缓存通道在缓冲区数据存储已满时会阻止对随机数缓存通道的数据发送。在缓冲区中数据为空时会阻止对随机数缓存通道的数据接收。该随机数缓存通道可以通过如下方式创建:Specifically, a coroutine is started to create a random number cache channel with a preset capacity. Specifically, a buffer can be used to create the random number cache channel. The random number buffer channel in the buffer will prevent data transmission to the random number buffer channel when the buffer data storage is full. When the data in the buffer is empty, data reception to the random number buffer channel will be blocked. The random number cache channel can be created as follows:
ch:=make(chan type,capacity)。通过“type”定义数据类型,通过“capacity”定义该缓存通道的容量。在该实施例中,可以定义随机数缓存通道的数据类型为数组类型。ch:=make(chan type, capacity). The data type is defined by "type", and the capacity of the cache channel is defined by "capacity". In this embodiment, the data type of the random number buffer channel can be defined as an array type.
S52:通过预设方式重复生成随机数数组,并将生成的所述随机数数组存入所述随机数缓存通道中,直至所述随机数缓存通道存满,则停止生成所述随机数数组。S52: Generate a random number array repeatedly in a preset manner, and store the generated random number array in the random number buffer channel, and stop generating the random number array until the random number buffer channel is full.
该预设方式是指生成随机数数组的方式,可以通过随机函数rand()来生成随机数数组,并将每一生成的随机数数组存入所述随机数缓存通道中。当所述随机数缓存通道存满,则停止执行生成所述随机数数组的步骤。The preset method refers to a method of generating a random number array. The random number array can be generated through the random function rand(), and each generated random number array is stored in the random number buffer channel. When the random number buffer channel is full, the step of generating the random number array is stopped.
具体地,可以通过读取随机数缓存通道中的length来判断随机数缓存通道是否存满。length是指当前缓冲通道中的元素个数。通过比较length和capacity两个值的大小,若length的值等于capacity,则说明所述随机数缓存通道存满,则停止生成所述随机数数组。Specifically, the length in the random number buffer channel can be read to determine whether the random number buffer channel is full. length refers to the number of elements in the current buffer channel. By comparing the size of the two values of length and capacity, if the value of length is equal to capacity, it means that the random number buffer channel is full, and the generation of the random number array is stopped.
在本实施例中,先创建预设容量的随机数缓存通道,并且通过预设方式重复生成随机数数组,并将生成的所述随机数数组存入所述随机数缓存通道(channel)中,直至所述随机数缓存通道存满,则停止生成所述随机数数组。保证了在随机数缓存通道中缓存随机数数组的效率,进一步确保了后续读取随机数数组的效率,提高处理器的并发能力。In this embodiment, a random number cache channel with a preset capacity is first created, and a random number array is repeatedly generated in a preset manner, and the generated random number array is stored in the random number cache channel, Until the random number buffer channel is full, stop generating the random number array. This ensures the efficiency of caching the random number array in the random number cache channel, further ensures the efficiency of subsequent reading of the random number array, and improves the concurrency of the processor.
在一个实施例中,如图5所示,在所述从随机数缓存通道中获取随机数数组之前,该区块链中数据签名的方法还包括:In one embodiment, as shown in FIG. 5, before the random number array is obtained from the random number cache channel, the method for signing data in the blockchain further includes:
S51’:创建预设容量的随机数缓存通道,并构建数组对象池。S51’: Create a random number cache channel with a preset capacity, and build an array object pool.
具体地,启动一个协程,创建预设容量的随机数缓存通道。可以通过如下方式创建:Specifically, a coroutine is started to create a random number cache channel with a preset capacity. It can be created as follows:
ch:=make(chan type,capacity)。通过“type”定义数据类型,通过“capacity”定义该缓存通道的容量。在该实施例中,定义随机数缓存通道的数据类型为数组。ch:=make(chan type, capacity). The data type is defined by "type", and the capacity of the cache channel is defined by "capacity". In this embodiment, the data type of the random number buffer channel is defined as an array.
S52’:通过预设方式重复生成随机数数组,并将生成的所述随机数数组存入所述随机数缓存通道中,直至所述随机数缓存通道存满,则停止生成所述随机数数组。S52': Generate a random number array repeatedly in a preset manner, and store the generated random number array in the random number buffer channel, and stop generating the random number array until the random number buffer channel is full .
可以通过随机函数rand()来生成随机数数组,并将每一生成的随机数数组存入所述随机数缓存通道中。当所述随机数缓存通道存满,则停止生成所述随机数数组的步骤。The random number array can be generated by the random function rand(), and each generated random number array can be stored in the random number buffer channel. When the random number buffer channel is full, the step of generating the random number array is stopped.
具体地,可以通过读取随机数缓存通道中的length来判断随机数缓存通道是否存满。length是指当前缓冲通道中的元素个数。通过比较length和capacity两个值的大小,若length的值等于capacity,则说明所述随机数缓存通道存满,则停止生成所述随机数数组。Specifically, the length in the random number buffer channel can be read to determine whether the random number buffer channel is full. length refers to the number of elements in the current buffer channel. By comparing the size of the two values of length and capacity, if the value of length is equal to capacity, it means that the random number buffer channel is full, and the generation of the random number array is stopped.
S53’:从所述随机数缓存通道中获取预设数量的随机数数组,并将获取的随机数数组传入数组对象池中。S53': Obtain a preset number of random number arrays from the random number cache channel, and transfer the acquired random number arrays to the array object pool.
其中,该预设数量根据数组对象池的大小确定,将从所述随机数缓存通道中获取预设数量的随机数数组传入数组对象池中,以提高后续随机数数组的获取效率。Wherein, the preset number is determined according to the size of the array object pool, and the preset number of random number arrays obtained from the random number cache channel are transferred to the array object pool to improve the subsequent acquisition efficiency of the random number array.
在本实施例中,在创建随机数缓存通道的基础上,还构建了数组对象池,并在随机数缓存通道中存满随机数数组之后,将预设数量的随机数数组传入数组对象池中,以方便后续随机数数组的获取,提高数据获取速度,降低对CPU性能的影响。In this embodiment, on the basis of creating the random number cache channel, an array object pool is also constructed, and after the random number array is filled in the random number cache channel, a preset number of random number arrays are transferred to the array object pool In order to facilitate subsequent acquisition of random number arrays, increase the speed of data acquisition, and reduce the impact on CPU performance.
在一个实施例中,在从随机数缓存通道中获取一随机数数组之前,该区块链中数据签名的方法还包括:In one embodiment, before obtaining a random number array from the random number cache channel, the method for signing data in the blockchain further includes:
构建临时对象池。Build a temporary object pool.
通过协程构建一个临时对象池,以回收使用后的随机数数组,增加数组对象的复用。Construct a temporary object pool through the coroutine to recycle the used random number array and increase the reuse of array objects.
在所述从随机数缓存通道中获取随机数数组之后,如图6所示,该区块链中数据签名的方法还包括:After the random number array is obtained from the random number cache channel, as shown in FIG. 6, the method for signing data in the blockchain further includes:
S53:通过预设方式生成新的随机数数组,并将新生成的所述随机数数组存入所述随机数缓存通道中。S53: Generate a new random number array in a preset manner, and store the newly generated random number array in the random number buffer channel.
在从随机数缓存通道中获取随机数数组之后,服务端随机通过预设方式生成新的随机数数组,并将新生成的所述随机数数组存入所述随机数缓存通道中,以保证数据生成的及时性。After obtaining the random number array from the random number cache channel, the server randomly generates a new random number array through a preset method, and stores the newly generated random number array in the random number cache channel to ensure data Timeliness of generation.
S54:将所述签名随机数放入所述临时对象池中。S54: Put the signed random number into the temporary object pool.
从随机数缓存通道中获取出来签名随机数之后,再将签名随机数放入所述临时对象池中,方便后续对该签名随机数的复用,以方便数据的循环利用。After the signature random number is obtained from the random number cache channel, the signature random number is put into the temporary object pool to facilitate subsequent reuse of the signature random number to facilitate data recycling.
在本实施例中,先构建一个临时对象池,并且在从随机数缓存通道中获取随机数数组之后,通过预设方式生成新的随机数数组,并将新生成的所述随机数数组存入所述随机数缓存通道中。将所述签名随机数放入所述临时对象池中。保证了数据更新的及时性,并且增加了对签名随机数的复用,以方便数据的循环利用。In this embodiment, a temporary object pool is first constructed, and after the random number array is obtained from the random number cache channel, a new random number array is generated in a preset manner, and the newly generated random number array is stored in The random number cache channel. Put the signed random number into the temporary object pool. The timeliness of data update is guaranteed, and the multiplexing of signed random numbers is increased to facilitate the recycling of data.
应理解,上述实施例中各步骤的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本申请实施例的实施过程构成任何限定。It should be understood that the size of the sequence number of each step in the foregoing embodiment does not mean the order of execution. The execution sequence of each process should be determined by its function and internal logic, and should not constitute any limitation on the implementation process of the embodiment of the present application.
在一实施例中,提供一种区块链中数据签名的装置,该区块链中数据签名的装置与上述实施例中区块链中数据签名的方法一一对应。如图7所示,该区块链中数据签名的装置包括签名请求获取模块10、签名密钥获取模块20、组合模块30、第一哈希运算模块40、随机数获取模块50、第二哈希运算模块60、加密模块70和发送模块80。各功能模块详细说明如下:In one embodiment, a device for signing data in a blockchain is provided, and the device for signing data in the blockchain corresponds to the method for signing data in the blockchain in the above-mentioned embodiment in a one-to-one correspondence. As shown in FIG. 7, the device for signing data in the blockchain includes a signature request acquiring module 10, a signature key acquiring module 20, a combination module 30, a first hash operation module 40, a random number acquiring module 50, and a second hash module. Greek arithmetic module 60, encryption module 70 and sending module 80. The detailed description of each functional module is as follows:
签名请求获取模块10,用于获取数据签名请求,所述数据签名请求包括签名信息;The signature request acquiring module 10 is configured to acquire a data signature request, where the data signature request includes signature information;
签名密钥获取模块20,用于根据所述数据签名请求获取节点身份信息和签名密钥;The signature key acquisition module 20 is configured to acquire the node identity information and the signature key according to the data signature request;
组合模块30,用于将所述签名信息和所述节点身份信息进行组合,得到待签名信息;The combination module 30 is configured to combine the signature information and the node identity information to obtain the information to be signed;
第一哈希运算模块40,用于对所述待签名信息进行哈希运算,得到第一哈希数;The first hash operation module 40 is configured to perform a hash operation on the information to be signed to obtain a first hash number;
随机数获取模块50,用于从随机数缓存通道中获取一随机数数组,作为签名随机数;The random number acquisition module 50 is used to acquire a random number array from the random number cache channel as a signature random number;
第二哈希运算模块60,用于对所述签名密钥、所述签名随机数和所述第一哈希数进行哈希运算,得到第二哈希数;The second hash operation module 60 is configured to perform a hash operation on the signature key, the signature random number, and the first hash number to obtain a second hash number;
加密模块70,用于通过非对称加密算法对第二哈希数进行加密,得到加密哈希数;The encryption module 70 is used to encrypt the second hash number by an asymmetric encryption algorithm to obtain the encrypted hash number;
发送模块80,用于将所述加密哈希数和节点身份信息发送至客户端。The sending module 80 is configured to send the encrypted hash number and node identity information to the client.
优选地,如图8所示,所述组合模块包括随机数生成单元31、插入位置确定单元32、组合信息获取单元33和待签名信息获取单元34。Preferably, as shown in FIG. 8, the combination module includes a random number generation unit 31, an insertion position determination unit 32, a combination information acquisition unit 33 and a to-be-signed information acquisition unit 34.
随机数生成单元31,用于采用随机函数生成一随机数;The random number generating unit 31 is configured to generate a random number by using a random function;
插入位置确定单元32,用于根据所述随机数从签名信息或者所述节点身份信息中确定信息插入位置;The insertion position determining unit 32 is configured to determine the information insertion position from the signature information or the node identity information according to the random number;
组合信息获取单元33,用于根据所述信息插入位置将所述签名信息和所述节点身份信息组合,得到组合信息;The combined information obtaining unit 33 is configured to combine the signature information and the node identity information according to the information insertion position to obtain combined information;
待签名信息获取单元34,用于将所述随机数加入到所述组合信息中,得到待签名信息。The information to be signed acquisition unit 34 is configured to add the random number to the combined information to obtain the information to be signed.
优选地,如图9所示,所述区块链中数据签名的装置还包括创建模块51、缓存通道存储模块52和对象池构建模块53。Preferably, as shown in FIG. 9, the device for signing data in the blockchain further includes a creation module 51, a cache channel storage module 52 and an object pool construction module 53.
创建模块51,用于创建预设容量的随机数缓存通道,并构建数组对象池;The creation module 51 is used to create a random number cache channel with a preset capacity and build an array object pool;
缓存通道存储模块52,用于通过预设方式重复生成随机数数组,并将生成的所述随机数数组存入所述随机数缓存通道中,直至所述随机数缓存通道存满,则停止生成所述随机数数组;The cache channel storage module 52 is configured to repeatedly generate a random number array in a preset manner, and store the generated random number array in the random number cache channel, and stop generating until the random number cache channel is full The random number array;
对象池构建模块53,用于从所述随机数缓存通道中获取预设数量的随机数数组,并将获取的随机数数组传入数组对象池中。The object pool construction module 53 is configured to obtain a preset number of random number arrays from the random number cache channel, and transfer the obtained random number arrays to the array object pool.
优选地,所述区块链中数据签名的装置还用于创建预设容量的随机数缓存通道;通过预设方式重复生成随机数数组,并将生成的所述随机数数组存入所述随机数缓存通道中,直至所述随机数缓存通道存满,则停止生成所述随机数数组。Preferably, the device for signing data in the blockchain is also used to create a random number cache channel with a preset capacity; repeatedly generate a random number array in a preset manner, and store the generated random number array in the random number array. In the number buffer channel, until the random number buffer channel is full, stop generating the random number array.
优选地,所述区块链中数据签名的装置还用于构建临时对象池;并且,在所述从随机 数缓存通道中获取随机数数组之后,所述区块链中数据签名的装置还用于通过预设方式生成新的随机数数组,并将新生成的所述随机数数组存入所述随机数缓存通道中;将所述签名随机数放入所述临时对象池中。Preferably, the data signing device in the blockchain is also used to construct a temporary object pool; and, after the random number array is obtained from the random number cache channel, the data signing device in the blockchain is also used To generate a new random number array in a preset manner, and store the newly generated random number array in the random number cache channel; and put the signed random number into the temporary object pool.
关于区块链中数据签名的装置的具体限定可以参见上文中对于区块链中数据签名的方法的限定,在此不再赘述。上述区块链中数据签名的装置中的各个模块可全部或部分通过软件、硬件及其组合来实现。上述各模块可以硬件形式内嵌于或独立于计算机设备中的处理器中,也可以以软件形式存储于计算机设备中的存储器中,以便于处理器调用执行以上各个模块对应的操作。Regarding the specific limitation of the data signing device in the blockchain, please refer to the above limitation on the data signing method in the blockchain, which will not be repeated here. Each module in the device for data signing in the above-mentioned blockchain can be implemented in whole or in part by software, hardware, and a combination thereof. The above-mentioned modules may be embedded in the form of hardware or independent of the processor in the computer equipment, or may be stored in the memory of the computer equipment in the form of software, so that the processor can call and execute the operations corresponding to the above-mentioned modules.
在一个实施例中,提供了一种计算机设备,该计算机设备可以是服务器,其内部结构图可以如图10所示。该计算机设备包括通过系统总线连接的处理器、存储器、网络接口和数据库。其中,该计算机设备的处理器用于提供计算和控制能力。该计算机设备的存储器包括非易失性存储介质、内存储器。该非易失性存储介质存储有操作系统、计算机程序和数据库。该内存储器为非易失性存储介质中的操作系统和计算机程序的运行提供环境。该计算机设备的数据库用于上述实施例中所述区块链中数据签名的方法所使用的数据。该计算机设备的网络接口用于与外部的终端通过网络连接通信。该计算机程序被处理器执行时以实现一种区块链中数据签名的方法。In one embodiment, a computer device is provided. The computer device may be a server, and its internal structure diagram may be as shown in FIG. 10. The computer equipment includes a processor, a memory, a network interface, and a database connected through a system bus. Among them, the processor of the computer device is used to provide calculation and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage medium. The database of the computer equipment is used for the data used in the method for data signing in the blockchain described in the above embodiment. The network interface of the computer device is used to communicate with an external terminal through a network connection. The computer program is executed by the processor to realize a method of data signature in the blockchain.
在一个实施例中,提供了一种计算机设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,处理器执行计算机程序时实现以下步骤:In one embodiment, a computer device is provided, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor, and the processor implements the following steps when the processor executes the computer program:
获取数据签名请求,所述数据签名请求包括签名信息;Acquiring a data signature request, where the data signature request includes signature information;
根据所述数据签名请求获取节点身份信息和签名密钥;Obtaining node identity information and signing key according to the data signing request;
将所述签名信息和所述节点身份信息进行组合,得到待签名信息;Combine the signature information and the node identity information to obtain the information to be signed;
对所述待签名信息进行哈希运算,得到第一哈希数;Perform a hash operation on the information to be signed to obtain the first hash number;
从随机数缓存通道中获取一随机数数组,作为签名随机数;Obtain a random number array from the random number cache channel as a signature random number;
对所述签名密钥、所述签名随机数和所述第一哈希数进行哈希运算,得到第二哈希数;Performing a hash operation on the signature key, the signature random number, and the first hash number to obtain a second hash number;
通过非对称加密算法对第二哈希数进行加密,得到加密哈希数;Encrypt the second hash number by an asymmetric encryption algorithm to obtain the encrypted hash number;
将所述加密哈希数和节点身份信息发送至客户端。Send the encrypted hash number and node identity information to the client.
在一个实施例中,提供了一种计算机可读存储介质,其上存储有计算机程序,计算机程序被处理器执行时实现以下步骤:In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored, and when the computer program is executed by a processor, the following steps are implemented:
获取数据签名请求,所述数据签名请求包括签名信息;Acquiring a data signature request, where the data signature request includes signature information;
根据所述数据签名请求获取节点身份信息和签名密钥;Obtaining node identity information and signing key according to the data signing request;
将所述签名信息和所述节点身份信息进行组合,得到待签名信息;Combine the signature information and the node identity information to obtain the information to be signed;
对所述待签名信息进行哈希运算,得到第一哈希数;Perform a hash operation on the information to be signed to obtain the first hash number;
从随机数缓存通道中获取一随机数数组,作为签名随机数;Obtain a random number array from the random number cache channel as a signature random number;
对所述签名密钥、所述签名随机数和所述第一哈希数进行哈希运算,得到第二哈希数;Performing a hash operation on the signature key, the signature random number, and the first hash number to obtain a second hash number;
通过非对称加密算法对第二哈希数进行加密,得到加密哈希数;Encrypt the second hash number by an asymmetric encryption algorithm to obtain the encrypted hash number;
将所述加密哈希数和节点身份信息发送至客户端。Send the encrypted hash number and node identity information to the client.
其中,所述计算机可读存储介质可以是非易失性,也可以是易失性的。本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的计算机程序可存储于一非易失性计算机可读取存储介质中,该计算机程序在执行时,可包括如上述各方法的实施例的流程。其中,本申请所提供的各实施例中所使用的对存储器、存储、数据库或其它介质的任何引用,均可包括非易失性和/或易失性存储器。非易失性存储器可包括只读存储器(ROM)、可编程ROM(PROM)、电可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)或闪存。易失性存储器可包括随机存取存储器(RAM)或者外部高速缓冲存储器。作为说明而非局限,RAM以多种形式可得,诸如静态RAM(SRAM)、动态RAM(DRAM)、同步DRAM(SDRAM)、双数据率SDRAM(DDRSDRAM)、增强型SDRAM(ESDRAM)、同步链路(Synchlink)DRAM(SLDRAM)、存储器总线(Rambus)直接RAM(RDRAM)、直接存储器总线动态RAM(DRDRAM)、以及存储器总线动态RAM(RDRAM)等。Wherein, the computer-readable storage medium may be non-volatile or volatile. A person of ordinary skill in the art can understand that all or part of the processes in the above-mentioned embodiment methods can be implemented by instructing relevant hardware through a computer program. The computer program can be stored in a non-volatile computer readable storage. In the medium, when the computer program is executed, it may include the procedures of the above-mentioned method embodiments. Wherein, any reference to memory, storage, database or other media used in the embodiments provided in this application may include non-volatile and/or volatile memory. Non-volatile memory may include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory may include random access memory (RAM) or external cache memory. As an illustration and not a limitation, RAM is available in many forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous chain Channel (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.
以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以所述权利要求的保护范围为准。The above are only specific implementations of this application, but the protection scope of this application is not limited to this. Any person skilled in the art can easily think of changes or substitutions within the technical scope disclosed in this application. Should be covered within the scope of protection of this application. Therefore, the protection scope of this application should be subject to the protection scope of the claims.

Claims (20)

  1. 一种区块链中数据签名的方法,其中,包括:A method for signing data in a blockchain, which includes:
    获取数据签名请求,所述数据签名请求包括签名信息;Acquiring a data signature request, where the data signature request includes signature information;
    根据所述数据签名请求获取节点身份信息和签名密钥;Obtaining node identity information and signing key according to the data signing request;
    将所述签名信息和所述节点身份信息进行组合,得到待签名信息;Combine the signature information and the node identity information to obtain the information to be signed;
    对所述待签名信息进行哈希运算,得到第一哈希数;Perform a hash operation on the information to be signed to obtain the first hash number;
    从随机数缓存通道中获取一随机数数组,作为签名随机数;Obtain a random number array from the random number cache channel as a signature random number;
    对所述签名密钥、所述签名随机数和所述第一哈希数进行哈希运算,得到第二哈希数;Performing a hash operation on the signature key, the signature random number, and the first hash number to obtain a second hash number;
    通过非对称加密算法对第二哈希数进行加密,得到加密哈希数;Encrypt the second hash number by an asymmetric encryption algorithm to obtain the encrypted hash number;
    将所述加密哈希数和节点身份信息发送至客户端。Send the encrypted hash number and node identity information to the client.
  2. 如权利要求1所述的区块链中数据签名的方法,其中,所述将所述签名信息和所述节点身份信息进行组合,得到待签名信息,包括:The method for data signing in a blockchain according to claim 1, wherein said combining said signature information and said node identity information to obtain the information to be signed comprises:
    采用随机函数生成一随机数;Use a random function to generate a random number;
    根据所述随机数从签名信息或者所述节点身份信息中确定信息插入位置;Determining the information insertion position from the signature information or the node identity information according to the random number;
    根据所述信息插入位置将所述签名信息和所述节点身份信息组合,得到组合信息;Combine the signature information and the node identity information according to the information insertion position to obtain combined information;
    将所述随机数加入到所述组合信息中,得到待签名信息。The random number is added to the combined information to obtain the information to be signed.
  3. 如权利要求1所述的区块链中数据签名的方法,其中,在所述从随机数缓存通道中获取随机数数组之前,所述区块链中数据签名的方法还包括:The method for data signing in the blockchain according to claim 1, wherein, before said obtaining the random number array from the random number cache channel, the method for data signing in the blockchain further comprises:
    创建预设容量的随机数缓存通道;Create a random number cache channel of preset capacity;
    通过预设方式重复生成随机数数组,并将生成的所述随机数数组存入所述随机数缓存通道中,直至所述随机数缓存通道存满,则停止生成所述随机数数组。The random number array is repeatedly generated in a preset manner, and the generated random number array is stored in the random number buffer channel, and the generation of the random number array is stopped until the random number buffer channel is full.
  4. 如权利要求1所述的区块链中数据签名的方法,其中,在所述从随机数缓存通道中获取随机数数组之前,所述区块链中数据签名的方法还包括:The method for data signing in the blockchain according to claim 1, wherein, before said obtaining the random number array from the random number cache channel, the method for data signing in the blockchain further comprises:
    创建预设容量的随机数缓存通道,并构建数组对象池;Create a random number cache channel with a preset capacity, and build an array object pool;
    通过预设方式重复生成随机数数组,并将生成的所述随机数数组存入所述随机数缓存通道中,直至所述随机数缓存通道存满,则停止生成所述随机数数组;Generate a random number array repeatedly in a preset manner, and store the generated random number array in the random number buffer channel, and stop generating the random number array until the random number buffer channel is full;
    从所述随机数缓存通道中获取预设数量的随机数数组,并将获取的随机数数组传入数组对象池中。A preset number of random number arrays are obtained from the random number cache channel, and the obtained random number arrays are transferred to the array object pool.
  5. 如权利要求1所述的区块链中数据签名的方法,其中,在所述从随机数缓存通道中获取随机数数组之前,所述区块链中数据签名的方法还包括:The method for data signing in the blockchain according to claim 1, wherein, before said obtaining the random number array from the random number cache channel, the method for data signing in the blockchain further comprises:
    构建临时对象池;Build a temporary object pool;
    在所述从随机数缓存通道中获取随机数数组之后,所述区块链中数据签名的方法还包括:After the random number array is obtained from the random number cache channel, the method for signing data in the blockchain further includes:
    通过预设方式生成新的随机数数组,并将新生成的所述随机数数组存入所述随机数缓存通道中;Generating a new random number array in a preset manner, and storing the newly generated random number array in the random number buffer channel;
    将所述签名随机数放入所述临时对象池中。Put the signed random number into the temporary object pool.
  6. 一种区块链中数据签名的装置,其中,包括:A device for signing data in a blockchain, which includes:
    签名请求获取模块,用于获取数据签名请求,所述数据签名请求包括签名信息;A signature request acquisition module, configured to acquire a data signature request, the data signature request including signature information;
    签名密钥获取模块,用于根据所述数据签名请求获取节点身份信息和签名密钥;A signature key acquisition module, configured to acquire node identity information and a signature key according to the data signature request;
    组合模块,用于将所述签名信息和所述节点身份信息进行组合,得到待签名信息;The combination module is used to combine the signature information and the node identity information to obtain the information to be signed;
    第一哈希运算模块,用于对所述待签名信息进行哈希运算,得到第一哈希数;The first hash operation module is configured to perform a hash operation on the information to be signed to obtain the first hash number;
    随机数获取模块,用于从随机数缓存通道中获取一随机数数组,作为签名随机数;Random number acquisition module, used to acquire a random number array from the random number cache channel as a signature random number;
    第二哈希运算模块,用于对所述签名密钥、所述签名随机数和所述第一哈希数进行哈希运算,得到第二哈希数;A second hash operation module, configured to perform a hash operation on the signature key, the signature random number, and the first hash number to obtain a second hash number;
    加密模块,用于通过非对称加密算法对第二哈希数进行加密,得到加密哈希数;The encryption module is used to encrypt the second hash number through an asymmetric encryption algorithm to obtain the encrypted hash number;
    发送模块,用于将所述加密哈希数和节点身份信息发送至客户端。The sending module is used to send the encrypted hash number and node identity information to the client.
  7. 如权利要求6所述的区块链中数据签名的装置,其中,所述组合模块包括:The device for data signing in the blockchain according to claim 6, wherein the combination module comprises:
    随机数生成单元,用于采用随机函数生成一随机数;Random number generating unit, used to generate a random number by using a random function;
    插入位置确定单元,用于根据所述随机数从签名信息或者所述节点身份信息中确定信息插入位置;An insertion position determining unit, configured to determine an information insertion position from the signature information or the node identity information according to the random number;
    组合信息获取单元,用于根据所述信息插入位置将所述签名信息和所述节点身份信息组合,得到组合信息;A combined information obtaining unit, configured to combine the signature information and the node identity information according to the information insertion position to obtain combined information;
    待签名信息获取单元,用于将所述随机数加入到所述组合信息中,得到待签名信息。The information to be signed acquisition unit is configured to add the random number to the combined information to obtain the information to be signed.
  8. 如权利要求6所述的区块链中数据签名的装置,其中,所述区块链中数据签名的装置还包括第一处理模块,所述第一处理模块用于:7. The device for signing data in the blockchain according to claim 6, wherein the device for signing data in the blockchain further comprises a first processing module, and the first processing module is configured to:
    创建预设容量的随机数缓存通道;Create a random number cache channel of preset capacity;
    通过预设方式重复生成随机数数组,并将生成的所述随机数数组存入所述随机数缓存通道中,直至所述随机数缓存通道存满,则停止生成所述随机数数组。The random number array is repeatedly generated in a preset manner, and the generated random number array is stored in the random number buffer channel, and the generation of the random number array is stopped until the random number buffer channel is full.
  9. 如权利要求6所述的区块链中数据签名的装置,其中,所述区块链中数据签名的装置还包括:7. The device for signing data in the blockchain according to claim 6, wherein the device for signing data in the blockchain further comprises:
    创建模块,用于创建预设容量的随机数缓存通道,并构建数组对象池;The creation module is used to create a random number cache channel with a preset capacity and build an array object pool;
    缓存通道存储模块,用于通过预设方式重复生成随机数数组,并将生成的所述随机数数组存入所述随机数缓存通道中,直至所述随机数缓存通道存满,则停止生成所述随机数数组;The cache channel storage module is used to repeatedly generate a random number array in a preset manner, and store the generated random number array in the random number cache channel, until the random number cache channel is full, then stop generating all the random numbers. The random number array;
    对象池构建模块,用于从所述随机数缓存通道中获取预设数量的随机数数组,并将获取的随机数数组传入数组对象池中。The object pool construction module is used to obtain a preset number of random number arrays from the random number cache channel, and transfer the obtained random number arrays to the array object pool.
  10. 如权利要求6所述的区块链中数据签名的装置,其中,所述区块链中数据签名的装置还包括第二处理模块,所述第二处理模块用于:7. The device for signing data in the blockchain according to claim 6, wherein the device for signing data in the blockchain further comprises a second processing module, and the second processing module is used for:
    构建临时对象池;Build a temporary object pool;
    所述第二处理模块还用于:The second processing module is also used for:
    通过预设方式生成新的随机数数组,并将新生成的所述随机数数组存入所述随机数缓存通道中;Generating a new random number array in a preset manner, and storing the newly generated random number array in the random number buffer channel;
    将所述签名随机数放入所述临时对象池中。Put the signed random number into the temporary object pool.
  11. 一种计算机设备,包括存储器和处理器,所述处理器、和所述存储器相互连接,其中,所述存储器用于存储计算机程序,所述计算机程序包括程序指令,所述处理器用于执行所述存储器的所述程序指令,其中:A computer device includes a memory and a processor, the processor and the memory are connected to each other, wherein the memory is used to store a computer program, the computer program includes program instructions, and the processor is used to execute the The program instructions of the memory, wherein:
    获取数据签名请求,所述数据签名请求包括签名信息;Acquiring a data signature request, where the data signature request includes signature information;
    根据所述数据签名请求获取节点身份信息和签名密钥;Obtaining node identity information and signing key according to the data signing request;
    将所述签名信息和所述节点身份信息进行组合,得到待签名信息;Combine the signature information and the node identity information to obtain the information to be signed;
    对所述待签名信息进行哈希运算,得到第一哈希数;Perform a hash operation on the information to be signed to obtain the first hash number;
    从随机数缓存通道中获取一随机数数组,作为签名随机数;Obtain a random number array from the random number cache channel as a signature random number;
    对所述签名密钥、所述签名随机数和所述第一哈希数进行哈希运算,得到第二哈希数;Performing a hash operation on the signature key, the signature random number, and the first hash number to obtain a second hash number;
    通过非对称加密算法对第二哈希数进行加密,得到加密哈希数;Encrypt the second hash number by an asymmetric encryption algorithm to obtain the encrypted hash number;
    将所述加密哈希数和节点身份信息发送至客户端。Send the encrypted hash number and node identity information to the client.
  12. 如权利要求11所述的计算机设备,其中,所述处理器用于:The computer device of claim 11, wherein the processor is configured to:
    采用随机函数生成一随机数;Use a random function to generate a random number;
    根据所述随机数从签名信息或者所述节点身份信息中确定信息插入位置;Determining the information insertion position from the signature information or the node identity information according to the random number;
    根据所述信息插入位置将所述签名信息和所述节点身份信息组合,得到组合信息;Combine the signature information and the node identity information according to the information insertion position to obtain combined information;
    将所述随机数加入到所述组合信息中,得到待签名信息。The random number is added to the combined information to obtain the information to be signed.
  13. 如权利要求11所述的计算机设备,其中,所述处理器用于:The computer device of claim 11, wherein the processor is configured to:
    创建预设容量的随机数缓存通道;Create a random number cache channel of preset capacity;
    通过预设方式重复生成随机数数组,并将生成的所述随机数数组存入所述随机数缓存通道中,直至所述随机数缓存通道存满,则停止生成所述随机数数组。The random number array is repeatedly generated in a preset manner, and the generated random number array is stored in the random number buffer channel, and the generation of the random number array is stopped until the random number buffer channel is full.
  14. 如权利要求11所述的计算机设备,其中,所述处理器用于:The computer device of claim 11, wherein the processor is configured to:
    创建预设容量的随机数缓存通道,并构建数组对象池;Create a random number cache channel with a preset capacity, and build an array object pool;
    通过预设方式重复生成随机数数组,并将生成的所述随机数数组存入所述随机数缓存通道中,直至所述随机数缓存通道存满,则停止生成所述随机数数组;Generate a random number array repeatedly in a preset manner, and store the generated random number array in the random number buffer channel, and stop generating the random number array until the random number buffer channel is full;
    从所述随机数缓存通道中获取预设数量的随机数数组,并将获取的随机数数组传入数组对象池中。A preset number of random number arrays are obtained from the random number cache channel, and the obtained random number arrays are transferred to the array object pool.
  15. 如权利要求11所述的计算机设备,其中,所述处理器用于:The computer device of claim 11, wherein the processor is configured to:
    构建临时对象池;Build a temporary object pool;
    所述处理器还用于:The processor is also used for:
    通过预设方式生成新的随机数数组,并将新生成的所述随机数数组存入所述随机数缓存通道中;Generating a new random number array in a preset manner, and storing the newly generated random number array in the random number buffer channel;
    将所述签名随机数放入所述临时对象池中。Put the signed random number into the temporary object pool.
  16. 一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,所述计算机程序包括程序指令,所述程序指令被处理器执行时,用于实现以下步骤:A computer-readable storage medium, the computer-readable storage medium stores a computer program, the computer program includes program instructions, and when the program instructions are executed by a processor, they are used to implement the following steps:
    获取数据签名请求,所述数据签名请求包括签名信息;Acquiring a data signature request, where the data signature request includes signature information;
    根据所述数据签名请求获取节点身份信息和签名密钥;Obtaining node identity information and signing key according to the data signing request;
    将所述签名信息和所述节点身份信息进行组合,得到待签名信息;Combine the signature information and the node identity information to obtain the information to be signed;
    对所述待签名信息进行哈希运算,得到第一哈希数;Perform a hash operation on the information to be signed to obtain the first hash number;
    从随机数缓存通道中获取一随机数数组,作为签名随机数;Obtain a random number array from the random number cache channel as a signature random number;
    对所述签名密钥、所述签名随机数和所述第一哈希数进行哈希运算,得到第二哈希数;Performing a hash operation on the signature key, the signature random number, and the first hash number to obtain a second hash number;
    通过非对称加密算法对第二哈希数进行加密,得到加密哈希数;Encrypt the second hash number by an asymmetric encryption algorithm to obtain the encrypted hash number;
    将所述加密哈希数和节点身份信息发送至客户端。Send the encrypted hash number and node identity information to the client.
  17. 如权利要求16所述的计算机可读存储介质,其中,所述程序指令被处理器执行时,还用于实现以下步骤:15. The computer-readable storage medium of claim 16, wherein when the program instructions are executed by the processor, they are further used to implement the following steps:
    采用随机函数生成一随机数;Use a random function to generate a random number;
    根据所述随机数从签名信息或者所述节点身份信息中确定信息插入位置;Determining the information insertion position from the signature information or the node identity information according to the random number;
    根据所述信息插入位置将所述签名信息和所述节点身份信息组合,得到组合信息;Combine the signature information and the node identity information according to the information insertion position to obtain combined information;
    将所述随机数加入到所述组合信息中,得到待签名信息。The random number is added to the combined information to obtain the information to be signed.
  18. 如权利要求16所述的计算机可读存储介质,其中,所述程序指令被处理器执行时,还用于实现以下步骤:15. The computer-readable storage medium of claim 16, wherein when the program instructions are executed by the processor, they are further used to implement the following steps:
    创建预设容量的随机数缓存通道;Create a random number cache channel of preset capacity;
    通过预设方式重复生成随机数数组,并将生成的所述随机数数组存入所述随机数缓存通道中,直至所述随机数缓存通道存满,则停止生成所述随机数数组。The random number array is repeatedly generated in a preset manner, and the generated random number array is stored in the random number buffer channel, and the generation of the random number array is stopped until the random number buffer channel is full.
  19. 如权利要求16所述的计算机可读存储介质,其中,所述程序指令被处理器执行时,还用于实现以下步骤:15. The computer-readable storage medium of claim 16, wherein when the program instructions are executed by the processor, they are further used to implement the following steps:
    创建预设容量的随机数缓存通道,并构建数组对象池;Create a random number cache channel with a preset capacity, and build an array object pool;
    通过预设方式重复生成随机数数组,并将生成的所述随机数数组存入所述随机数缓存通道中,直至所述随机数缓存通道存满,则停止生成所述随机数数组;Generate a random number array repeatedly in a preset manner, and store the generated random number array in the random number buffer channel, and stop generating the random number array until the random number buffer channel is full;
    从所述随机数缓存通道中获取预设数量的随机数数组,并将获取的随机数数组传入数组对象池中。A preset number of random number arrays are obtained from the random number cache channel, and the obtained random number arrays are transferred to the array object pool.
  20. 如权利要求16所述的计算机可读存储介质,其中,所述程序指令被处理器执行时,还用于实现以下步骤:15. The computer-readable storage medium of claim 16, wherein when the program instructions are executed by the processor, they are further used to implement the following steps:
    构建临时对象池;Build a temporary object pool;
    所述程序指令被处理器执行时,还用于实现以下步骤:When the program instructions are executed by the processor, they are also used to implement the following steps:
    通过预设方式生成新的随机数数组,并将新生成的所述随机数数组存入所述随机数缓存通道中;Generating a new random number array in a preset manner, and storing the newly generated random number array in the random number buffer channel;
    将所述签名随机数放入所述临时对象池中。Put the signed random number into the temporary object pool.
PCT/CN2020/099555 2019-09-06 2020-06-30 Data signature method and device for use in blockchain, computer apparatus, and storage medium WO2021042851A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910842139.3 2019-09-06
CN201910842139.3A CN110781140B (en) 2019-09-06 2019-09-06 Method, device, computer equipment and storage medium for signing data in blockchain

Publications (1)

Publication Number Publication Date
WO2021042851A1 true WO2021042851A1 (en) 2021-03-11

Family

ID=69383575

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/099555 WO2021042851A1 (en) 2019-09-06 2020-06-30 Data signature method and device for use in blockchain, computer apparatus, and storage medium

Country Status (2)

Country Link
CN (1) CN110781140B (en)
WO (1) WO2021042851A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110781140B (en) * 2019-09-06 2023-08-18 平安科技(深圳)有限公司 Method, device, computer equipment and storage medium for signing data in blockchain
CN111935075A (en) * 2020-06-23 2020-11-13 浪潮云信息技术股份公司 Block chain-based digital identity signing and issuing method, equipment and medium
CN112580114B (en) * 2020-12-21 2023-05-16 歌尔科技有限公司 Information processing method, device, equipment and storage medium
CN112636926B (en) * 2020-12-24 2022-05-27 网易(杭州)网络有限公司 Signature processing method and device and electronic equipment
CN115766055A (en) * 2022-09-08 2023-03-07 中国联合网络通信集团有限公司 Method and device for communication message verification

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102082796A (en) * 2011-01-20 2011-06-01 北京融易通信息技术有限公司 Method for encrypting channels and simplified method and system for encrypting channels based on HTTP (hyper text transport protocol)
US20120134491A1 (en) * 2010-11-29 2012-05-31 Beijing Z & W Technology Consulting Co., Ltd Cloud Storage Data Encryption Method, Apparatus and System
CN102761557A (en) * 2012-07-31 2012-10-31 飞天诚信科技股份有限公司 Terminal device authentication method and device
CN103795545A (en) * 2014-02-14 2014-05-14 飞天诚信科技股份有限公司 Safety communication method and system
CN109559122A (en) * 2018-12-07 2019-04-02 北京瑞卓喜投科技发展有限公司 Block chain data transmission method and block chain data transmission system
CN110175467A (en) * 2019-04-25 2019-08-27 平安科技(深圳)有限公司 Signature file store method, device and computer equipment based on block chain
CN110781140A (en) * 2019-09-06 2020-02-11 平安科技(深圳)有限公司 Method and device for data signature in block chain, computer equipment and storage medium

Family Cites Families (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100258310B1 (en) * 1997-11-12 2000-06-01 정명식 Method of cryptographing
JP2006319485A (en) * 2005-05-10 2006-11-24 Ntt Docomo Inc Signature device, signature encryption device, verification device, decoding device, restoration device, information providing device, communication system, signature method, signature encryption method, and verification method
JP4856933B2 (en) * 2005-11-18 2012-01-18 株式会社エヌ・ティ・ティ・ドコモ Signature device, verification device, decryption device, plaintext restoration device, information providing device, signature system, communication system, key generation device, and signature method
KR101253683B1 (en) * 2011-02-09 2013-04-11 주식회사 국민은행 Digital Signing System and Method Using Chained Hash
US10200199B2 (en) * 2013-08-05 2019-02-05 Guardtime Holdings Limited Strengthened entity identity for digital record signature infrastructure
DE102013114493A1 (en) * 2013-12-19 2015-06-25 Deutsche Telekom Ag Method for ensuring authenticity, integrity and anonymity of a data link, in particular when presenting the data link in the form of a two-dimensional optical code
CN105975868A (en) * 2016-04-29 2016-09-28 杭州云象网络技术有限公司 Block chain-based evidence preservation method and apparatus
WO2018046009A1 (en) * 2016-09-12 2018-03-15 上海鼎利信息科技有限公司 Block chain identity system
US10102526B1 (en) * 2017-03-31 2018-10-16 Vijay K. Madisetti Method and system for blockchain-based combined identity, ownership, integrity and custody management
CN107241196A (en) * 2017-06-30 2017-10-10 杰创智能科技股份有限公司 Digital signature method and system based on block chain technology
CN107342867B (en) * 2017-07-07 2020-10-09 深圳和信安达科技有限公司 Signature verification method and device
CN107741947B (en) * 2017-08-30 2020-04-24 浙江九州量子信息技术股份有限公司 Method for storing and acquiring random number key based on HDFS file system
CN108418680B (en) * 2017-09-05 2021-12-07 矩阵元技术(深圳)有限公司 Block chain key recovery method and medium based on secure multi-party computing technology
CN107579817A (en) * 2017-09-12 2018-01-12 广州广电运通金融电子股份有限公司 User ID authentication method, apparatus and system based on block chain
CN107862215B (en) * 2017-09-29 2020-10-16 创新先进技术有限公司 Data storage method, data query method and device
CN107508686B (en) * 2017-10-18 2020-07-03 克洛斯比尔有限公司 Identity authentication method and system, computing device and storage medium
CN108959911A (en) * 2018-06-14 2018-12-07 联动优势科技有限公司 A kind of key chain generates, verification method and its device
CN108964905A (en) * 2018-07-18 2018-12-07 胡祥义 A kind of safe and efficient block chain implementation method
CN109522698A (en) * 2018-10-11 2019-03-26 平安科技(深圳)有限公司 User authen method and terminal device based on block chain
CN109409884A (en) * 2018-10-25 2019-03-01 北京安如山文化科技有限公司 A kind of block chain secret protection scheme and system based on SM9 algorithm
CN109583219A (en) * 2018-11-30 2019-04-05 国家电网有限公司 A kind of data signature, encryption and preservation method, apparatus and equipment
CN109919610A (en) * 2019-01-14 2019-06-21 如般量子科技有限公司 Anti- quantum calculation block chain secure transactions method and system based on P2P public key pond
CN110069939A (en) * 2019-03-12 2019-07-30 平安科技(深圳)有限公司 Encryption data consistency desired result method, apparatus, computer equipment and storage medium
CN110166425B (en) * 2019-04-09 2021-08-20 北京奇艺世纪科技有限公司 Data processing method, device, system and computer readable storage medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120134491A1 (en) * 2010-11-29 2012-05-31 Beijing Z & W Technology Consulting Co., Ltd Cloud Storage Data Encryption Method, Apparatus and System
CN102082796A (en) * 2011-01-20 2011-06-01 北京融易通信息技术有限公司 Method for encrypting channels and simplified method and system for encrypting channels based on HTTP (hyper text transport protocol)
CN102761557A (en) * 2012-07-31 2012-10-31 飞天诚信科技股份有限公司 Terminal device authentication method and device
CN103795545A (en) * 2014-02-14 2014-05-14 飞天诚信科技股份有限公司 Safety communication method and system
CN109559122A (en) * 2018-12-07 2019-04-02 北京瑞卓喜投科技发展有限公司 Block chain data transmission method and block chain data transmission system
CN110175467A (en) * 2019-04-25 2019-08-27 平安科技(深圳)有限公司 Signature file store method, device and computer equipment based on block chain
CN110781140A (en) * 2019-09-06 2020-02-11 平安科技(深圳)有限公司 Method and device for data signature in block chain, computer equipment and storage medium

Also Published As

Publication number Publication date
CN110781140B (en) 2023-08-18
CN110781140A (en) 2020-02-11

Similar Documents

Publication Publication Date Title
WO2021042851A1 (en) Data signature method and device for use in blockchain, computer apparatus, and storage medium
TWI725655B (en) Method, apparatus and system for program execution and data proof for executing a sub-logic code within a trusted execution environment
CN112688784B (en) Digital signature and verification method, device and system
US10142107B2 (en) Token binding using trust module protected keys
WO2021013245A1 (en) Data key protection method and system, electronic device and storage medium
CN107689869B (en) User password management method and server
CN111095256A (en) Securely executing intelligent contract operations in a trusted execution environment
US11184164B2 (en) Secure crypto system attributes
Yun et al. On protecting integrity and confidentiality of cryptographic file system for outsourced storage
US20170244687A1 (en) Techniques for confidential delivery of random data over a network
US20050221766A1 (en) Method and apparatus to perform dynamic attestation
CN113691502B (en) Communication method, device, gateway server, client and storage medium
CN107592202B (en) Application signature method, device, system, computing equipment and storage medium
WO2020215685A1 (en) Block chain-based information processing and acquisition methods and apparatus, device, and medium
WO2020224138A1 (en) Blockchain technology-based multi-party authorization method and device
CN114157415A (en) Data processing method, computing node, system, computer device and storage medium
WO2020140626A1 (en) Salt-based data possession verification method and terminal device
CN112637156B (en) Key distribution method, device, computer equipment and storage medium
US10785193B2 (en) Security key hopping
US10268832B1 (en) Streaming authenticated encryption
CN113347143A (en) Identity authentication method, device, equipment and storage medium
CN109586898B (en) Dual-system communication key generation method and computer-readable storage medium
CN108574687B (en) Communication connection establishment method and device, electronic equipment and computer readable medium
CN111241492A (en) Product multi-tenant secure credit granting method, system and electronic equipment
WO2021109817A1 (en) Key update method, data decryption method, and digital signature authentication method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20861647

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20861647

Country of ref document: EP

Kind code of ref document: A1