A kind of method of independent generation and preservation enciphered digital currency private key and the device of carrying enciphered digital currency private key
Technical field
The present invention relates to the generation of enciphered digital currency private key and the device field of store method and carrying enciphered digital currency private key.
Background technology
Existing enciphered digital currency is as current main flow enciphered digital currency-bit coin, and be a kind of integration P2P (the point-to-point procotol in internet), internet, the digital cash of a kind of decentralization attribute of principle is learned in encryption.
In enciphered digital currency, the money of form of ownership is all the formal description of the rule that agreement (All forms of money are protocol) namely all money all must be observed before concluding the business.As the agreement that bit coin is exactly a kind of higher form, it utilizes Internet technology and cryptography and newly designed software, and cryptographic application ensure that the security of payment system.So, the difference that bit coin is too not large with other currency in this respect.What bit coin was unique is a bit its general ledger system (ledger system) is decentralization, and other currency has a central office to issue currency.
First digital cash user installs the wallet software of this digital cash at computer, this Software Create wallet (as than treating that coin is kept in computer with wallet.dat form).Wallet generates multiple bit coin address, and address is that the account of external disclosure is used for receiving others and issues your bit coin.
The private key that wallet generation enciphered digital currency address just has this address corresponding and PKI, current private key and PKI are included in wallet archives (wallet.dat).
Disclosed in the transaction of all enciphered digital currency is all, as All Activity in bit coin confirms just to be integrated into once the whole network " total account book is disclosed " (shared public ledger) be again block chain (Blockchain), the not independent record of surplus (Balance) of each wallet, the Transaction Information being all through block chain calculates into the surplus that owner takes in payment.Block chain is through encryption and forms according to transaction record and time sequencing integration." transaction of bit coin " is exactly that value between each bit coin wallet turns money record and is incorporated into block chain.
In enciphered digital currency, private key (private key) is a string information be kept in wallet.As in bit coin, private key is just kept in wallet archives wallet.dat.The effect of private key is used to produce PKI (this PKI can derive bit coin address), and is used for the digital signature of transacting business.This signature ensure that the reliability of transaction, is not tampered, undeniable integrality.All transaction records all can be broadcast to customer group, and are confirmed by the whole network in the next stipulated time (if bit coin is exactly next 10 minutes), and this process is also called digs ore deposit (Mining).
Figure 1 shows that current bit coin process of exchange:
For the transaction 1 in such as Fig. 1, if B thinks that payment 100 bit coin (100BTC) are to C, so B not only needs to indicate the amount of money on trading card, and needs the source of these 100 bit coin dated.As shown in Figure 1, the 100BTC of B, in fact from A, is that B passes through transaction 0 and obtains, and 0 certification that have passed the whole network user of concluding the business here, is kept in the computer of all users.
The information of filling on trading card is needed to comprise for completing transaction 1, B:
The source of 100BTC is the ID of trading card 0 herein;
The PKI of C is also the bit coin gathering address of C;
Be the PKI input hash function by the content of trading card 0 and C, obtain string number.B this string numeral of encrypted private key of oneself, is placed in trading card 1 as digital signature.C, after receiving trading card 1, can find trading card 0 by the ID wherein deposited, and obtain the PKI of B.C can use this PKI to be decrypted the digital signature in trading card 1.Meanwhile, C the content of the PKI of oneself and trading card 0, can input hash function, and the result that the numeral obtained and digital signature are deciphered is compared in the same way.
If comparison success, following two facts just can be determined:
One, the source of 100BTC is true.Because contain the signature of A in trading card 0, and trading card 0 is through that all-web authentication crosses, and namely 100BTC is given B by A really;
Its two, transaction 1 really via B signature.Private key due to B is unique, and it is easy that he cannot deny this single cross.
The structure of existing enciphered digital currency has following shortcoming:
First be the hidden danger of secure context:
As the main representative of enciphered digital currency, although the checking experienced more than 5 years of the agreement of bit coin and encryption technology confirms that the security of bit coin is very high.But the private key of user (private key) is kept at the inner a string information of bit coin wallet (generally existing in computer hard disc with the archives form of wallet.dat), and your private key is exactly your bit coin! Because private key exists in wallet, and wallet is the archives of the wallet.dat that there is computer.As long as archives are just likely read or lose! Other enciphered digital currency nearly all is all adopt this mechanism.This mechanism can because the not rigorous of user's ubiquitous inertia behavior brings greatly risk and inconvenience.
Private key is generated by wallet software, and the producing method of private key is easily controlled and illegally utilized.
Private key is stored in wallet file, and the preserving type of private key easily causes losing, damaging or be stolen.
Use private key to be completed by wallet software the process of signing of concluding the business, the signature scheme of private key easily causes private key tackled by unused code and reveal.
In addition, the structure of above-mentioned enciphered digital currency causes complex operation, uses inconvenience, causes user group single, can not attract more user.
Wallet is generated by the client software of computer, is used by computer position limitation.Use the use habit of bank card different from general tradition, user needs study and is bundled in equipment (computer or mobile phone).Cause to fear and use, cannot generally apply in daily life.
Even if bit coin industry has some improvement projects, except software wallet also has some as network wallet (Web Wallet), paper money bag (Paper wallet), brain wallet (Brain wallet), all do not flee from private key exists oneself computer with the form of archives, or the possibility of in third party's network wallet server, just likely losing (computer damages or website is closed) and being stolen.
Summary of the invention
The present invention is directed to current enciphered digital currency due to private key preserves brought deficiency together with wallet, the invention provides a kind of private key and wallet etc. being arrived physically to isolate in logic, and the carrier and internet of preserving private key are isolated, ensure a kind of enciphered digital currency private key store method of private key safety and the device of carrying digital cash private key.
Technical scheme of the present invention is: a kind of independent method generating and preserve enciphered digital currency private key, comprises the following steps,
A. private key generates: adopt an intelligent apparatus, and this intelligent apparatus produces private key and PKI pair from inside;
B: private key is preserved, and be stored in by private key in intelligent apparatus, private key is completely enclosed within intelligent apparatus inside, and outside cannot be read;
C: private key uses, intelligent apparatus utilizes private key to generate signing messages; Intelligent apparatus has the communication interface with the intelligent terminal be connected on the internet, transmits PKI and signing messages by communication interface to intelligent terminal, receives the information of intelligent terminal.
The present invention just private key separates wallet; seal up for safekeeping separately in intelligent apparatus, intelligent apparatus externally only has PKI and electronic signature information, stops any my wish non-and the possibility that is stolen; break off the approach of all acquisition private keys, protect the currency right of user completely.
Optimal way of the present invention comprises:
Described intelligent apparatus calculates private/public key pair by elliptic curve encryption algorithm, wherein PKI is supplied to the intelligent terminal on internet with clear-text way, for generation of wallet address and transaction information needed, private key is by being stored in the storer of smart machine after encryption.
By communication interface, PKI is passed to intelligent terminal when private key uses, intelligent terminal calculates the wallet address of respective encrypted digital cash, as the information that process of exchange needs, and is broadcast to all nodes of digital cash network.
When private key uses, after in process of exchange, intelligent apparatus obtains the hashed value of associated transaction data from intelligent terminal, the private key being sealed in inside is utilized to calculate signing messages, and signing messages is sent to intelligent terminal in mode expressly, outwards issued by intelligent terminal thus complete the electronic signature required for process of exchange.
In addition, intelligent apparatus has and comprises USB interface, IC-card contact interface or near field communication interface with the communication interface of the intelligent terminal be connected on the internet.
Present invention also offers a kind of device carrying digital cash private key, comprise,
A. elliptic curve key generation module;
B. computing module: computing module is connected with elliptic curve key generation module, calculates private/public key pair;
C. storer: be connected with computing module, preserves private key;
D. safety encipher and control module: be connected with computing module with storer, preserves the encrypted private key that computing module generates, and controlling calculation module utilizes the private key preserved in memory to generate digital signature;
The communication interface communicated with other intelligent terminal, this communication interface receives the transaction hash information of enciphered digital currency, sends PKI or digital signature, by intelligent terminal to enciphered digital currency Web broadcast Transaction Information to intelligent terminal.
The device of this carrying digital cash private key preserves private key, only has the interface that produced signature and PKI are sent to internet, but does not possess the communication interface transmitted by private key, can ensure the safety of private key.
The profile of the device of carrying digital cash private key of the present invention is diversified, comprising:
Described device is a kind of card, and communication interface is IC-card contact interface or near field communication interface.
Described device is a kind of mobile terminal, and communication interface is USB interface or near field communication interface.
Described device is a kind of wearable portable intelligent equipment, and communication interface is near field communication interface.
Below in conjunction with specific embodiment, the present invention is described in more detail.
Accompanying drawing explanation
Fig. 1 is normal bit coin transaction flow.
Fig. 2 is the PKC structural drawing in the embodiment of the present invention 1.
Fig. 3 is PKC in the embodiment of the present invention 1 and internet connection layout.
Fig. 4 is bit coin transaction flow after employing method protection of the present invention private key.
Embodiment
The present embodiment is the bit coin private key card of a kind of bank card shape of carrying bit coin private key, also referred to as PKC, as shown in Figure 1, a computing module is provided with in card, this computing module can utilize relevant elliptic curve encryption algorithm (ECC) in bit coin wallet software to generate private/public key pair, PKI can utilize PKC and the communication interface of intelligent terminal being provided with bit coin APP, be sent to intelligent terminal, and then it is open to all terminals, private key is preserved in memory, encryption before preservation, this PKC generates private key voluntarily and stores and close and is in PKC when being stuck in initial activation, private key cannot be read in any method in outside, private key is protected fully.
In the present embodiment, computing module generates private/public key pair by closing elliptic curve encryption algorithm (ECC), PKI is outwards announced by communication interface, be broadcast to all nodes (Node) of bit coin network, App calculates the wallet address (Address) of respective encrypted digital cash.
Be kept at by encrypted private key in the storer on card, cut off the passage of all read-write private keys, the Transaction Information only having computing module to utilize private key to combine to receive generates signs.
Major function is as follows:
One group of private key can be generated, PKI; This utilizes computing module by elliptic curve encryption algorithm relevant in bit coin wallet software.
Cryptographic calculation can be processed; To be kept at after encrypted private key in storer own.
Communication interface can through ISO14443 NFC, ISO7816 IC contact card, and the interfaces such as USB and exterior terminal are linked up and transmitted public key information, enciphered message, the necessary information of the various enciphered digital moneytary operations such as electronic signature.
Because the transaction of enciphered digital currency does not need private key information, so private key is enclosed in PKC, outside cannot be read. and do not affect the flow process of having concluded the business and key element yet, and reach the object that private key protects completely.
The technology of the PKC of the present embodiment illustrates:
by in enciphered digital currency wallet software about the private/public key of elliptic curve encryption algorithm (ECC) to generation code and signature code be stripped out, by band microprocessor chip portable smart card (PKC) come.
PKI is passed to through communication interface (IC-card contact interface 7816 or NFC) terminal software (App) being installed on computer or mobile phone by PKC, thus App calculates the wallet address (Address) of respective encrypted digital cash.As the information that process of exchange needs, and be broadcast to all nodes (Node) of bit coin network.
After process of exchange PKC also will obtain hash (Hash) value of associated transaction data from App, utilize the private key being sealed in inside to calculate signing messages, and signing messages is sent to App in mode expressly thus completes the electronic signature (Signature) required for process of exchange.
PKC calculates private/public key pair by elliptic curve encryption algorithm (ECC), and wherein PKI clear-text way can be supplied to terminal software (App), and private key is by being stored in the built-in storer of microprocessor after encryption.
Smart card (PKC) is all ostensible cleartext information with the interactive information of wallet software (App), there is not safety worries.
The communication protocol of PKC and App can be usb protocol, IC-card contact interface 7816 or near field communication (NFC) agreement.
Smart card (PKC) can be used for enciphered digital currency all at present, has versatility.
The concrete structure of PKC is as shown in Figure 2: this PKC is made up of 5 modules:
Communication interface: the hardware interface of linking up with the external world and agreement; Mainly contain USB, NFC or IC-card contact interface 7816 etc.
Computing module: the main arithmetic core of chip.
Storer: deposit code and data.
Elliptic curve secret key generation module: a kind of logical circuit being solidificated in chip internal, is responsible for fast and generates private/public key group safely; Private key is disposable to be stored in storer, and outside cannot obtain.
Safety encipher and control module: be also a kind of logical circuit being solidificated in chip internal, return to computing module after the data being responsible for being sent by computing module according to cryptographic algorithm are encrypted. and alleviate the computing power consumption of computing module and shorten the cryptographic calculation time. the requirement of the fastest computing of minimum power consumption is especially more needed in the interface application of passive non-contact type.
Utilizing PKC to pass through intelligence is connected as shown in Figure 3 with internet:
PKC opens card flow process and assigns activation instruction by intelligent terminal and communicate with computing module through communication interface to PKC..
The computing module notice elliptic curve key generation module generation private key of PKC and the double secret key of PKI are returned to safety encipher and control module, and safety encipher and control module are sealed up for safekeeping in storer disposable after encrypted private key.
PKC safety encipher and control module PKI are returned to intelligent terminal, and PKI is derived the wallet address of applicable different enciphered digital currency agreement by intelligent terminal, and address information is attached in the packaging of PKC in the clear text format and after Quick Response Code format print.Intelligent terminal is provided with the APP of bit coin, realizes, with the communication of bit coin, if other digital cash, other APP being just installed.
Whole process sends activation instruction by intelligent terminal, produces double secret key, generates wallet address, completes out card operation.
The PKC of the present embodiment and method is adopted to carry out the process of bit coin transaction as shown in Figure 4: whole chain transaction can exist existing bit coin mode and mode of the present invention simultaneously.The mode of the transaction of commonly using: TRM+NET i.e. terminal add network mode.
Friendship mode easy 1: " owner 1 " pays " owner 2 ": (there is computer wallet in private key in private key acquisition, wallet software obtains from the archives of computer), calculate Transaction Information hash (Hash) value, the content that the All Activities such as networking are relevant and work complete at computer terminal TRM entirely.
Terminal 1 is a transaction record from Network Capture " trading card 1 " and " owner 2 " and PKI input hash function, obtain string number. " owner 1 ", by this string numeral of oneself encrypted private key, is placed on as digital signature " trading card 2 " neutralization is taken out exists in TRM1 " user 1 PKI " form this transaction " trading card 2 " and Transaction Information hash (Hash) value be broadcast to NET the whole network.
Process of exchange is above consistent with transaction as shown in Figure 1.
The mode of doing business of the present embodiment: PKC+TRM+NET
Friendship mode easy 2: " owner 2 " pay " owner 3 ":
There is PKC2 outside and cannot obtain in private key, signature work is no longer responsible for by TRM2, but issue the last transaction record of PKC2 by TRM2 " trading card 2 " information, PKC2 has calculated the work of signature again with the encrypted private key that there is inside.PKC the electronic signature of operation result and PKI are passed to TRM2. TRM2 be responsible for from NET obtain a upper transaction record verify and use the PKI of PKC2 and electronic signature formation process this conclude the business into " trading card 3 " and responsible hash calculate and be broadcast to NET the whole network.
The difference of TRM1 and TRM2 is: TRM1=TRM+wallet; Wallet is bundled in computer equipment, the equipment operating that each payment transaction all will limit. any general-purpose computer of TRM2=or mobile phone; As long as namely each payment transaction is held PKC any equipment anywhere (mobile phone, computer, ATM, POS) and can be operated.
The mode of transaction 3 can adopt the mode 2 of the mode 1 or the present embodiment commonly used.
Namely can be TRM3+NET; Or PKC3+TRM3+NET
The present invention, under the terms of agreement not changing existing enciphered digital currency, really realizes rights and interests security and the simple operation of user.