CN107395349A - A kind of block chain network cryptographic key distribution method based on self-certified public key system - Google Patents

A kind of block chain network cryptographic key distribution method based on self-certified public key system Download PDF

Info

Publication number
CN107395349A
CN107395349A CN201710699693.1A CN201710699693A CN107395349A CN 107395349 A CN107395349 A CN 107395349A CN 201710699693 A CN201710699693 A CN 201710699693A CN 107395349 A CN107395349 A CN 107395349A
Authority
CN
China
Prior art keywords
mrow
msub
key
user
block chain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710699693.1A
Other languages
Chinese (zh)
Inventor
刘鹏辉
于松亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
GUOWEI TEIH CO Ltd SHENZHEN
Shenzhen State Micro Technology Co Ltd
Original Assignee
GUOWEI TEIH CO Ltd SHENZHEN
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by GUOWEI TEIH CO Ltd SHENZHEN filed Critical GUOWEI TEIH CO Ltd SHENZHEN
Priority to CN201710699693.1A priority Critical patent/CN107395349A/en
Publication of CN107395349A publication Critical patent/CN107395349A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0847Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving identity based encryption [IBE] schemes

Abstract

The invention discloses a kind of block chain network cryptographic key distribution method based on self-certified public key system, comprise the following steps:(1)System initialization, TA nodes produce and announce respective block chain network systematic parameter, then complete the distribution of block catenary system master key by multiple KDC node cooperations;(2)The user's registration of block chain is carried out, the user node u for participating in block chain business network first has to carry out offline registration at TA nodes, audits its identity by TA nodes and issues registration voucher;(3)Block chain user key is distributed, multiple distributed key distribution center nodes transmission key request of the user node into network, after KDC's checking request, distributes corresponding user key to the user node.The invention provides safer and more flexible Key Issuance mechanism, the block chain business operation for safety provides Cryptographic Assurance About, is adapted to the block chain network participated in large-scale consumer node, and have stronger exploitativeness.

Description

A kind of block chain network cryptographic key distribution method based on self-certified public key system
Technical field
The present invention relates to netkey administrative skill field, more particularly to a kind of block chain based on self-certified public key system Netkey distribution method.
Background technology
Block chain is the core support technology using bit coin as the digital encryption currency system of representative.The core of block chain technology Heart advantage is decentralization, can be encrypted, the means such as timestamp, distributed common recognition and economic incentives, saved by maintenance data The point-to-point transaction based on decentralization credit, coordination are realized in the distributed system that point need not trust each other with cooperating, so as to Solution is provided to solve the problems such as high cost of centralization mechanism generally existing, poor efficiency and data storage are dangerous.
With the fast development of bit coin in recent years and popularization, research and the application of block chain technology also show explosion type Growing trend, it is considered to be the 5th top of normal form is calculated after large scale computer, PC, internet, movement/social networks Formula innovation is covered, is the 4th mileage on mankind's credit evolutionary history after blood relation's credit, noble metal credit, Central Bank's paper credit Upright stone tablet.Blank of the block chain technology as cloud computing of future generation, it will be expected to as internet thoroughly remold human social activity's shape State, and realize the transformation from current information interconnected network to value internet.
Block chain technology originates from 2008, not yet forms the generally acknowledged block chain definition of industry at present.For narrow sense, block Chain be it is a kind of data block is combined into specific data structure in a manner of chain sequentially in time, and protected in a manner of cryptography General ledger (Decentralized shared ledger), Neng Gouan are shared in the decentralization that can not be distorted He can not forge of card It is complete to store data simple, having precedence relationship, being verified in system.
The block chain technology of broad sense is verified with data storage, saved using distribution using chain type block structure is encrypted Point common recognition algorithm programs one kind with operation data to generate and update the data, using automatized script code (intelligent contract) Brand-new decentralization architecture and Distributed Calculation normal form.
Block chain has the characteristics that decentralization, time series data, collective's maintenance, programmable and secure and trusted.Go first Centralization:The processes such as checking, book keeping operation, storage, maintenance and the transmission of block chain data are all based on distributed system architecture, use Pure mathematical method rather than central authority establish the trusting relationship between distributed node, so as to form the trusted of decentralization Distributed system;Next to that time series data:Block chain use with timestamp chain type block structure data storage, so as to for Data add time dimension, have extremely strong verifiability and trackability;3rd is that collective safeguards:Block catenary system uses Specific economic limit water cut ensures that all nodes in distributed system each may participate in verification process (such as bit of data block The digging ore deposit process of coin), and select specific node that new block is added into block chain by knowing together algorithm;4th is to compile Journey:Block chain technology can provide flexible scripted code system, support user create advanced intelligent contract, currency or other go Centralization application.For example, ether mill (Ethereum) platform is to provide the figure complete script of spirit so that user builds It is any can be with the intelligent contract or type of transaction of explication;It is finally secure and trusted:Block chain technology uses asymmetric cryptography Learn principle data are encrypted, while the common recognition algorithm formation such as proof of work by each node of distributed system is powerful Calculation power is to resist external attack, guarantee block chain data can not distort and can not forge, thus has higher security.
It is, in general, that block catenary system is made up of data Layer, Internet, common recognition layer, excitation layer, contract layer and application layer. Wherein, data Layer encapsulates the technologies such as data encryption and the timestamp of bottom data block and correlation;Internet then includes dividing Cloth networking mechanism, data dissemination mechanism and data authentication mechanism etc.;All kinds of common recognitions of common recognition layer predominant package network node are calculated Method;Economic factor is integrated into block chain technical system by excitation layer, main issuing mechanism and distribution including economic incentives Mechanism etc.;All kinds of scripts of contract layer predominant package, algorithm and intelligent contract, it is the basis of block chain programmable features;Application layer Then encapsulate the various application scenarios and case of block chain.Chain type block structure, the common recognition of distributed node based on timestamp The intelligent contract of mechanism, the economic incentives based on common recognition calculation power and flexible programmable is the most representational innovation of block chain technology Point.
At present, security threat is the sixty-four dollar question that block chain is faced so far, the secret protection of block chain There is also security risks.Each node is not full energy matries in block catenary system, but passes through the ground of similar e-mail address Sender is required for transaction when location identifies (such as bit coin public key address) to realize transmission of transaction data, while merchandise every time Information is signed, and recipient needs to carry out sign test after receiving Transaction Information, to prove the credibility of transaction business, prevents falseness Business is spread unchecked, while in order to adapt to the needs of different transaction scenes, block chain business needs to enter on the basis of safeguard protection Industry business is evolved, such as encrypted transaction message, multiple party signatures etc., and these safety services are required for using one or more correlations Privacy key, and then the distribution or generation of key need a reliable key management mechanism.
The content of the invention
To solve existing technical problem, the embodiment of the present invention provides a kind of block based on self-certified public key system Chain network cryptographic key distribution method, it is safe, flexible, and can preferably be embedded into existing block chain operation system, reduces Implementation cost, there is stronger exploitativeness.
To reach above-mentioned purpose, what the technical scheme of the embodiment of the present invention was realized in:
A kind of block chain network cryptographic key distribution method based on self-certified public key system, comprises the following steps:
Step 1, system initialization
TA nodes produce and announce respective block chain network systematic parameter, then complete area by multiple KDC node cooperations The distribution of block catenary system master key;
Step 2, the user's registration for carrying out block chain
The user node u for participating in block chain business network first has to carry out offline registration at TA nodes, is examined by TA nodes Its identity of core simultaneously issues registration voucher;
Step 3, the distribution of block chain user key
Multiple distributed key distribution center nodes of the user node into network send key request, KDC After checking request, distribute corresponding user key to the user node.
Further, step 1 specifically includes:
Step 10, block catenary system parameter are established
Define the security system parameter needed for the key distribution mechanism of whole block chain network;
Step 11, the distribution of block catenary system master key
First, n KDC node generates system master key s by distributed collaborative, and then each KDC nodes calculate itself Secret shadow.
Further, step 11 specifically comprises the following steps:
Step 110, each KDC node is (i=1,2 ..., n) one secret (t-1) rank multinomial of construction:
fi(x)=di+ai,1x+ai,2x2+…+ai,t-1xt-1(mod q) (2)
Wherein, ai,j∈Zq *(j=1,2 ..., t-1);Then calculate and announce the public key P of itselfi=diP;
Step 111, KDC node is calculate and safely send the sub-secret share s of other KDC nodes j (j ≠ i)i,j=fi (j), then calculate and send corresponding experimental evidence Vi,0=diP, Vi,j=ai,jP (j=1,2 ..., t-1);
Step 112 ,] KDC nodes j receives the sub-secret share s from KDC node isi,jAnd after experimental evidence, utilize formula (3) its validity is verified;
It is effective then receive, otherwise distribute again.
Further, step 2 specifically comprises the following steps:
Step 20, user u select a secret random number wu∈Zq *, calculate evidence Wu=wuP, then by { IDu、WuCarry Give TA nodes;
After step 21, TA nodes receive user u log-on message, if auditing its identity not by refusal user u;Otherwise Calculate user u registration voucher Ceru=dTAVu, wherein, Vu=H0(IDu||IDTA||Tu,Wu), TuTo register voucher CeruConjunction The method time limit;Then by { Ceru、TuIt is sent to user u;
After step 22, user u receive the registration voucher of TA nodes return, V is calculatedu=H0(IDu||IDTA||Tu,Wu), and Utilize the public key P of TA nodesTARegistration voucher Cer is verified by formula (4)uValidity;
It is verified and then receives registration voucher Ceru, otherwise re-register.
Further, step 3 specifically comprises the following steps:
Step 30, user u select t secret random number kiRZq *;CalculateWith r=kP;Then auxiliary is calculated Key Kui=H1(wuPi), auxiliary information Yui=Kui⊕kiAnd authentication information Rui=HKui(Yui);Then by { IDu、IDTA、Tu、 Wu、Ceru、r、Yui、RuiIt is sent to node KDCi(i=1,2 ..., t);
Step 31, node KDCiAfter the cipher key request information for receiving user u, V is calculatedu=H0(IDu||IDTA||Tu,Wu), and Checking registration voucher CeruLegitimacy;Then K is calculatedui'=H1(diWu) and Rui'=HKui'(Yui), and verified by formula (5) YuiValidity;
It is above-mentioned be verified after, receive user u request, otherwise refuse;
Step 32, user u receive node KDCiAfter the signing messages of transmission, S is calculatedui'=HKui(Eui), and pass through formula (7) Verify EuiValidity;
Then signature e is recoveredi=Kui⊕Eui, calculate Xi=rirx+eiP simultaneously utilizes node KDCiPublic key PiAnd open letter Cease sj,iP (j=t+1 ..., n) pass through formula (8) checking signature eiValidity;
After being verified, receive signature ei, otherwise resubmit key request.
The beneficial effect of technical scheme provided in an embodiment of the present invention is:
Block chain network cryptographic key distribution method of the invention based on self-certified public key system provides safer and more flexible Key Issuance mechanism, for safety block chain business operation Cryptographic Assurance About is provided, be adapted to have large-scale consumer node participation Block chain network, such as alliance's block chain and publicly-owned block chain, on the premise of large-scale redevelopment system is not needed, the present invention Key distribution function can preferably be embedded into existing block chain operation system, reduce implementation cost, have it is stronger Exploitativeness.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are only this Some embodiments of invention, for those of ordinary skill in the art, without having to pay creative labor, may be used also To obtain other accompanying drawings according to these accompanying drawings.
Fig. 1 is the block catenary system management structure without complete trusted key Distribution Center;
Fig. 2 is that have 5 block catenary system master key distribution procedure schematic diagrames without complete trusted key Distribution Center;
Fig. 3 is the block chain key distribution overall process schematic diagram of the present invention;
Fig. 4 is the block chain cipher key user registration process of the present invention;
Fig. 5 A are the block chain key request process schematics of the present invention;
Fig. 5 B are the block chain key distribution procedure schematic diagrames of the present invention.
Embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing to embodiment party of the present invention Formula is described in further detail.
, it is necessary to dispose trusted party or private key generation center (private key in key managing project Generator, PKG) carry out the private key of dispatch user or the identity of certification user, block chain network are no exception.Fig. 1 show nothing The block catenary system management structure of complete trusted key Distribution Center, Fig. 2 are that prior art has 5 without complete trusted key point The block catenary system master key distribution procedure schematic diagram at hair center, it is assumed that block chain network is made up of N number of node, is designated as U= { ID1, ID2 ..., IDN }, IDi (1≤i≤N) represent i-th of user, TA or KDC nodes globally unique identity in a network Mark.The present invention carries out the function of single PKG nodes decentralized distributed treatment, by n KDC (key Distribution center, KDC) node and trusted authority mechanism (trusted authority, a TA) node on behalf of Perform, so as to avoid block catenary system from only relying upon the problem of single PKG nodes are also easy to produce single point failure, and mitigate single The burden of PKG nodes.
Shown in reference picture 3, the block chain network cryptographic key distribution method of the invention based on self-certified public key system includes as follows Step:
Step 1, system initialization
First, TA nodes produce and announce respective block chain network systematic parameter, then by multiple KDC node cooperations Lai complete Into the distribution of block catenary system master key, and after the completion of initialization, TA nodes will be in offline (off-line) state.This hair Bright is in embodiment, it is assumed that the node that the distribution of system master key is participated in block chain network is n (1≤n≤N) individual KDC nodes, its Threshold value is t (t≤n≤2t-1).
Specifically, the system initialization comprises the following steps:
Step 10, block catenary system parameter are established;
Systematic parameter establishes the safety that process is used mainly to define needed for the key distribution mechanism of whole block chain network System parameter.
First, TA joint structures meet the Bilinear map ê of GDH (gap Diffie-Hellman) group property:G1×G1→ G2.The generation point that P is group G1 is made, while constructs the one-way hash function of lower big powers impact resistant:
H0:{0,1}*×G1*→G1*;
H1:G1*→Zq*;
H2:{0,1}*×G1*→Zq*;
Hk:{ 0,1 } * → Zq*,
Wherein k is auxiliary key;
Then randomly choose n secret number di ∈ Zq* and be securely distributed to corresponding KDC node is (i=1,2 ..., n);System public key is calculated by formula (1) again
Then, the private key dTA ∈ Zq* of itself are randomly choosed, and calculate public key PTA=dTAP;Then delete all secret Close several di (i=1,2 ..., n) simultaneously announce block catenary system parameter { G1, G2, ê, P, Ppub, PTA, H0, H1, H2, Hk }.
Step 11, the distribution of block catenary system master key
System master key distribution procedure is mainly used in when block chain business network is established, and the master for initializing whole system is close Key (public/private keys to), got ready for the distribution of follow-up key, the master key of whole system equivalent to system root key, The whole network is credible, when can be used for follow-up block chain network operation, verifies the user key distributed in network.
First, n KDC node generates system master key s by distributed collaborative, and then each KDC nodes calculate itself (on master key s's) secret shadow, specific distributing step is as follows:
Step 110, each KDC node is (i=1,2 ..., n) one secret (t-1) rank multinomial of construction:
fi(x)=di+ai,1x+ai,2x2+…+ai,t-1xt-1(mod q) (2)
Wherein, ai,j∈Zq *(j=1,2 ..., t-1);Then calculate and announce the public key P of itselfi=diP。
Step 111, KDC node is calculate and safely send the sub-secret share s of other KDC nodes j (j ≠ i)i,j=fi (j), then calculate and send corresponding experimental evidence Vi,0=diP, Vi,j=ai,jP (j=1,2 ..., t-1).
Step 112 ,] KDC nodes j receives the sub-secret share s from KDC node isi,jAnd after experimental evidence, utilize formula (3) its validity is verified.
It is effective then receive, otherwise distribute again, receive all other n-1 sub- secret shadow si,jAfter (j ≠ i), institute is preserved There is sub-secret share and announce si,jP;Finally, the sub-secret share s of itself is combinedj,jCalculate the secret shadow of itself
By said process, system safely establishes master key s, moreover, according to any t secret shadow siJust can weight Structure goes out system master keySystem public key Ppub=sP.
Step 2, the user's registration for carrying out block chain
User registration course is mainly used in auditing the identity information of user node, only true enough and satisfactory section Point could add block chain network, and after auditing user node identity, system can issue a registration voucher, for subsequently participating in net The behavior checking of network activity, this process can be carried out in a manner of online or be offline.
Shown in reference picture 4, before dispatch user key, it is intended to participate in user node u (its body of block chain business network Part is identified as IDu) TA nodes (its identity is IDTA) place progress offline registration is first had to, its identity is audited by TA nodes And issue registration voucher.Comprise the following steps that:
Step 20, user u select a secret random number wu∈Zq *, calculate evidence Wu=wuP, then by { IDu、WuCarry Give TA nodes;
After step 21, TA nodes receive user u log-on message, if auditing its identity not by refusal user u;Otherwise Calculate user u registration voucher Ceru=dTAVu, wherein, Vu=H0(IDu||IDTA||Tu,Wu), TuTo register voucher CeruConjunction The method time limit;Then by { Ceru、TuIt is sent to user u;
After step 22, user u receive the registration voucher of TA nodes return, V is calculatedu=H0(IDu||IDTA||Tu,Wu), and Utilize the public key P of TA nodesTARegistration voucher Cer is verified by formula (4)uValidity.
It is verified and then receives registration voucher Ceru, otherwise re-register.
Step 3, the distribution of block chain user key
User key distribution procedure is mainly used in (asymmetric close to participate in the user node of block chain network distribution key Key, public/private keys to), multiple distributed key distribution center nodes of the user node into network send key request, key After Distribution Center's checking request, distribute corresponding user key (public/private keys to) to the user node.Key distribution function by Multiple block chain network entities are taken on jointly, the problem of can avoiding single point failure.
In order to obtain private key SKu, user u needs to select t KDC node and to submit key request, assumes in the present embodiment The t KDC node chosen is node KDCi, its public key is Pi(i=1,2 ..., t).Specific distributing step is as follows:
Step 30, user u select t secret random number kiRZq *;CalculateAnd r=kP;Then calculate auxiliary Help key Kui=H1(wuPi), auxiliary information Yui=Kui⊕kiAnd authentication information Rui=HKui(Yui);Then by { IDu、IDTA、 Tu、Wu、Ceru、r、Yui、RuiIt is sent to node KDCi(i=1,2 ..., t);
Step 31, node KDCiAfter the cipher key request information for receiving user u, V is calculatedu=H0(IDu||IDTA||Tu,Wu), and Registration voucher Cer is verified by formula (4)uLegitimacy;Then K is calculatedui'=H1(diWu) and Rui'=HKui'(Yui), and pass through Formula (5) verifies YuiValidity.
It is above-mentioned be verified after, receive user u request, otherwise refuse.Then k is calculatedi=Kui'⊕YuiWith signature ei
Wherein, rxFor coordinates of the point r in x-axis;Further, auxiliary information E is calculatedui=Kui'⊕eiAnd authentication information Sui=HKui'(Eui);Then by { Eui、SuiIt is sent to user u;
Step 32, user u receive node KDCiAfter the signing messages of transmission, S is calculatedui'=HKui(Eui), and pass through formula (7) Verify EuiValidity.
Then signature e is recoveredi=Kui⊕Eui, calculate Xi=rirx+eiP simultaneously utilizes node KDCiPublic key PiAnd open letter Cease sj,iP (j=t+1 ..., n) pass through formula (8) checking signature eiValidity.
It is above-mentioned be verified after, receive signature ei, otherwise resubmit key request.Receive t effective signature eiAfterwards, CalculateAnd private key SK is calculated by formula (9)u
SKu=wu+e+k (9)
Further, E=eP is calculated, and generates the public key PK of itselfu={ Wu, E, r }, followed by block chain network system Unite public key PpubIts validity is verified by formula (10).
Or utilize the private key SK of itselfuIt is verified by formula (11).
SKuP=Wu+E+r (11)
It is above-mentioned be verified after, show public key PKu={ Wu, E, r } and it is effective, otherwise recalculate public key PKu
By said process, block chain user u can obtain the believable public/private keys of the whole network in the block catenary system of oneself To { PKu, SKu}.Key needed for follow-up other subsystems can be block chain business system by this key to further expanding System provides support.
In the embodiment of the present invention, the key distributed is unsymmetrical key, can be that subsequent zone block chain service communication uses, For example, generate wallet account etc. and make basis.
Block chain key request process and key distribution when Fig. 5 A, Fig. 5 B is are (n, t)=(5,3) with thresholding t=3 Process schematic.In Fig. 5 A, user node transmits key distribution request message to KDC nodes, calculates auxiliary information, authentication information Deng being sent to node KDCi(i=0,1,2 ..., 4).Fig. 5 B are that KDC nodes transmit key generation message, section to user node Point KDCiAfter the cipher key request information for receiving user, by calculating, checking, user is then sent to.
In step 3, distribute use by the registration evidence of user and based on the group signature method of elliptic curve cryptosystem Family private key, because single KDC is merely able to generating portion private key for user, even if multiple KDCs combine To crack, the complete private key of user can not be also obtained, overcomes key escrow present in identity-based cipher key scheme.Separately Outside, the public key of distribution has Self-certified, realizes client public key and signature verification in logic single step while completes.
The embodiment of the present invention by introducing Identity- based cryptography, threshold cryptography model and Bilinear map mechanism, and Use for reference self-certified public key concept and group ranking thought, for block chain network provide one newly based on self-certified public key system The thresholding cryptographic key distribution method without complete trusted key Distribution Center.In the present embodiment, PKG is common by multiple network entities Take on, avoid single point failure problem;And system master key is protected using threshold cryptography model, system has well fault-tolerant Property;In addition, by the registration evidence of user and based on the group signature method of elliptic curve cryptosystem come dispatch user private key, by In being merely able to generating portion private key for user, even if multiple KDCs join together to crack, the complete of user can not be also obtained Whole private key, overcome key escrow present in IBC schemes.Meanwhile the public key of the inventive method generation has Self-certified Property, client public key and signature verification are realized in logic single step while are completed;In key distribution procedure, centre can be resisted The various attacks such as people's attack, identity personation, the confederate crack, message-replay and passive wiretapping;Be effectively saved computing resource and Network bandwidth.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program Product.Therefore, the shape of the embodiment in terms of the present invention can use hardware embodiment, software implementation or combination software and hardware Formula.Moreover, the present invention can use the computer for wherein including computer usable program code in one or more to use storage The form for the computer program product that medium is implemented on (including but is not limited to magnetic disk storage and optical memory etc.).
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided The processors of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which produces, to be included referring to Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, so as in computer or The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in individual square frame or multiple square frames.
The all or part of above-mentioned technical proposal provided in an embodiment of the present invention can pass through the related hardware of programmed instruction To complete, described program can be stored in the storage medium that can be read, and the storage medium includes:ROM, RAM, magnetic disc or light Disk etc. is various can be with the medium of store program codes.
The foregoing is only presently preferred embodiments of the present invention, be not intended to limit the invention, it is all the present invention spirit and Within principle, any modification, equivalent substitution and improvements made etc., it should be included in the scope of the protection.

Claims (5)

1. a kind of block chain network cryptographic key distribution method based on self-certified public key system, it is characterised in that comprise the following steps:
Step 1, system initialization
TA nodes produce and announce respective block chain network systematic parameter, then complete block chain by multiple KDC node cooperations The distribution of system master key;
Step 2, the user's registration for carrying out block chain
The user node u for participating in block chain business network is first had to carry out offline registration at TA nodes, and it is audited by TA nodes Identity simultaneously issues registration voucher;
Step 3, the distribution of block chain user key
Multiple distributed key distribution center nodes of the user node into network send key request, KDC's checking After request, distribute corresponding user key to the user node.
2. the block chain network cryptographic key distribution method according to claim 1 based on self-certified public key system, its feature exist In step 1 specifically includes:
Step 10, block catenary system parameter are established
Define the security system parameter needed for the key distribution mechanism of whole block chain network;
Step 11, the distribution of block catenary system master key
First, n KDC node generates system master key s by distributed collaborative, and then each KDC nodes calculate the secret of itself Close share.
3. the block chain network cryptographic key distribution method according to claim 2 based on self-certified public key system, its feature exist In step 11 specifically comprises the following steps:
Step 110, each KDC node is (i=1,2 ..., n) one secret (t-1) rank multinomial of construction:
fi(x)=di+ai,1x+ai,2x2+…+ai,t-1xt-1(mod q) (2)
Wherein, ai,j∈Zq *(j=1,2 ..., t-1);Then calculate and announce the public key P of itselfi=diP;
Step 111, KDC node is calculate and safely send the sub-secret share s of other KDC nodes j (j ≠ i)i,j=fi(j), Then calculate and send corresponding experimental evidence Vi,0=diP, Vi,j=ai,jP (j=1,2 ..., t-1);
Step 112 ,] KDC nodes j receives the sub-secret share s from KDC node isi,jAnd after experimental evidence, tested using formula (3) Demonstrate,prove its validity;
<mrow> <msub> <mi>s</mi> <mrow> <mi>i</mi> <mo>,</mo> <mi>j</mi> </mrow> </msub> <mi>P</mi> <mover> <mo>=</mo> <mo>?</mo> </mover> <msub> <mi>V</mi> <mrow> <mi>i</mi> <mo>,</mo> <mn>0</mn> </mrow> </msub> <mo>+</mo> <msubsup> <mo>&amp;Sigma;</mo> <mrow> <mi>k</mi> <mo>=</mo> <mn>1</mn> </mrow> <mrow> <mi>t</mi> <mo>-</mo> <mn>1</mn> </mrow> </msubsup> <msup> <mi>j</mi> <mi>k</mi> </msup> <msub> <mi>V</mi> <mrow> <mi>i</mi> <mo>,</mo> <mi>k</mi> </mrow> </msub> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>3</mn> <mo>)</mo> </mrow> </mrow>
It is effective then receive, otherwise distribute again.
4. the block chain network cryptographic key distribution method according to claim 3 based on self-certified public key system, its feature exist In step 2 specifically comprises the following steps:
Step 20, user u select a secret random number wu∈Zq *, calculate evidence Wu=wuP, then by { IDu、WuSubmit to TA Node;
After step 21, TA nodes receive user u log-on message, if auditing its identity not by refusal user u;Otherwise calculate User u registration voucher Ceru=dTAVu, wherein, Vu=H0(IDu||IDTA||Tu,Wu), TuTo register voucher CeruThe legal phase Limit;Then by { Ceru、TuIt is sent to user u;
After step 22, user u receive the registration voucher of TA nodes return, V is calculatedu=H0(IDu||IDTA||Tu,Wu), and utilize TA The public key P of nodeTARegistration voucher Cer is verified by formula (4)uValidity;
<mrow> <mover> <mi>e</mi> <mo>^</mo> </mover> <mrow> <mo>(</mo> <msub> <mi>Cer</mi> <mi>u</mi> </msub> <mo>,</mo> <mi>P</mi> <mo>)</mo> </mrow> <mover> <mo>=</mo> <mo>?</mo> </mover> <mover> <mi>e</mi> <mo>^</mo> </mover> <mrow> <mo>(</mo> <msub> <mi>V</mi> <mi>u</mi> </msub> <mo>,</mo> <msub> <mi>P</mi> <mrow> <mi>T</mi> <mi>A</mi> </mrow> </msub> <mo>)</mo> </mrow> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>4</mn> <mo>)</mo> </mrow> </mrow>
It is verified and then receives registration voucher Ceru, otherwise re-register.
5. the block chain network cryptographic key distribution method according to claim 4 based on self-certified public key system, its feature exist In step 3 specifically comprises the following steps:
Step 30, user u select t secret random number kiRZq *;CalculateAnd r=kP;Then it is close to calculate auxiliary Key Kui=H1(wuPi), auxiliary informationAnd authentication information Rui=HKui(Yui);Then by { IDu、IDTA、Tu、 Wu、Ceru、r、Yui、RuiIt is sent to node KDCi(i=1,2 ..., t);
Step 31, node KDCiAfter the cipher key request information for receiving user u, V is calculatedu=H0(IDu||IDTA||Tu,Wu), and verify Register voucher CeruLegitimacy;Then K is calculatedui'=H1(diWu) and Rui'=HKui'(Yui), and Y is verified by formula (5)ui's Validity;
<mrow> <msub> <mi>R</mi> <mrow> <mi>u</mi> <mi>i</mi> </mrow> </msub> <mover> <mo>=</mo> <mo>?</mo> </mover> <msup> <msub> <mi>R</mi> <mrow> <mi>u</mi> <mi>i</mi> </mrow> </msub> <mo>&amp;prime;</mo> </msup> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>5</mn> <mo>)</mo> </mrow> </mrow>
It is above-mentioned be verified after, receive user u request, otherwise refuse;
Step 32, user u receive node KDCiAfter the signing messages of transmission, S is calculatedui'=HKui(Eui), and verified by formula (7) EuiValidity;
<mrow> <msub> <mi>S</mi> <mrow> <mi>u</mi> <mi>i</mi> </mrow> </msub> <mover> <mo>=</mo> <mo>?</mo> </mover> <msup> <msub> <mi>S</mi> <mrow> <mi>u</mi> <mi>i</mi> </mrow> </msub> <mo>&amp;prime;</mo> </msup> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>7</mn> <mo>)</mo> </mrow> </mrow>
Then signature is recoveredCalculate Xi=rirx+eiP simultaneously utilizes node KDCiPublic key PiAnd public information sj,iP (j=t+1 ..., n) pass through formula (8) checking signature eiValidity;
<mrow> <msub> <mi>H</mi> <mn>2</mn> </msub> <mrow> <mo>(</mo> <msub> <mi>ID</mi> <mi>u</mi> </msub> <mo>,</mo> <msub> <mi>W</mi> <mi>u</mi> </msub> <mo>)</mo> </mrow> <mo>&amp;lsqb;</mo> <msub> <mi>P</mi> <mi>i</mi> </msub> <mo>+</mo> <mrow> <mo>(</mo> <msubsup> <mo>&amp;Sigma;</mo> <mrow> <mi>j</mi> <mo>=</mo> <mi>t</mi> <mo>+</mo> <mn>1</mn> </mrow> <mi>n</mi> </msubsup> <msub> <mi>s</mi> <mrow> <mi>j</mi> <mo>,</mo> <mi>i</mi> </mrow> </msub> <msubsup> <mo>&amp;Pi;</mo> <mrow> <mi>k</mi> <mo>=</mo> <mn>1</mn> <mo>,</mo> <mi>k</mi> <mo>&amp;NotEqual;</mo> <mi>i</mi> </mrow> <mi>t</mi> </msubsup> <mfrac> <mi>k</mi> <mrow> <mi>k</mi> <mo>-</mo> <mi>i</mi> </mrow> </mfrac> <mo>)</mo> </mrow> <mi>P</mi> <mo>&amp;rsqb;</mo> <mover> <mo>=</mo> <mo>?</mo> </mover> <msub> <mi>X</mi> <mi>i</mi> </msub> <mo>-</mo> <mo>-</mo> <mo>-</mo> <mrow> <mo>(</mo> <mn>8</mn> <mo>)</mo> </mrow> </mrow>
After being verified, receive signature ei, otherwise resubmit key request.
CN201710699693.1A 2017-08-16 2017-08-16 A kind of block chain network cryptographic key distribution method based on self-certified public key system Pending CN107395349A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710699693.1A CN107395349A (en) 2017-08-16 2017-08-16 A kind of block chain network cryptographic key distribution method based on self-certified public key system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710699693.1A CN107395349A (en) 2017-08-16 2017-08-16 A kind of block chain network cryptographic key distribution method based on self-certified public key system

Publications (1)

Publication Number Publication Date
CN107395349A true CN107395349A (en) 2017-11-24

Family

ID=60352515

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710699693.1A Pending CN107395349A (en) 2017-08-16 2017-08-16 A kind of block chain network cryptographic key distribution method based on self-certified public key system

Country Status (1)

Country Link
CN (1) CN107395349A (en)

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108835779A (en) * 2018-09-06 2018-11-20 深圳市安思科电子科技有限公司 A kind of intelligence payment bracelet convenient for scanning based on block chain technology
CN108851388A (en) * 2018-09-06 2018-11-23 深圳市乐业科技有限公司 A kind of Intelligent bracelet with fingerprint identification function based on block chain technology
CN108898039A (en) * 2018-09-06 2018-11-27 深圳市晓控通信科技有限公司 A kind of shatter-resistant based on block chain technology and energy-efficient barcode scanning gun
CN109008095A (en) * 2018-08-17 2018-12-18 深圳市安思科电子科技有限公司 A kind of comfort type Intelligent bracelet for authentication based on block chain technology
CN109043750A (en) * 2018-08-17 2018-12-21 深圳市安思科电子科技有限公司 A kind of Intelligent bracelet based on block chain technology
CN109118179A (en) * 2018-08-31 2019-01-01 篱笆墙网络科技有限公司 A kind of office worker's recruitment methods and recruitment platform
CN109222350A (en) * 2018-09-06 2019-01-18 深圳市乐业科技有限公司 A kind of Intelligent bracelet with emergency function based on block chain technology
CN109274499A (en) * 2018-09-29 2019-01-25 四川赢才多多科技有限公司 Timestamp distribution collection method for block chain
CN109344625A (en) * 2018-07-24 2019-02-15 东方银谷(北京)投资管理有限公司 User account management method and device for block chain
CN109377644A (en) * 2018-10-12 2019-02-22 深圳市贝优通新能源技术开发有限公司 A kind of vending machine with anti-theft function based on block chain technology
CN109472924A (en) * 2018-10-12 2019-03-15 深圳市雷凌广通技术研发有限公司 A kind of vending machine with monitoring and regulating function based on block chain technology
CN109493521A (en) * 2018-10-12 2019-03-19 深圳市乐业科技有限公司 A kind of self-service machine based on block chain technology
WO2019072281A2 (en) 2018-11-27 2019-04-18 Alibaba Group Holding Limited Asymmetric key management in consortium blockchain networks
CN109660340A (en) * 2018-12-11 2019-04-19 北京安御道合科技有限公司 A kind of application system and its application method based on quantum key
CN109727032A (en) * 2018-12-29 2019-05-07 杭州趣链科技有限公司 A kind of alliance's block chain access control method of identity-based id password
CN109921900A (en) * 2019-02-18 2019-06-21 深圳市优学链科技有限公司 A kind of algorithm of distributed key generation
CN109962777A (en) * 2017-12-26 2019-07-02 航天信息股份有限公司 The key in block catenary system is permitted to generate, obtain the method and apparatus of key
CN110084622A (en) * 2019-04-18 2019-08-02 西安邮电大学 A kind of commodity are traced to the source block catenary system and code key saves and method for retrieving
CN110278076A (en) * 2019-05-29 2019-09-24 电子科技大学 A kind of audit of transparence data integrity and transparence encryption data duplicate removal agreement based on block chain
WO2019179277A1 (en) * 2018-03-19 2019-09-26 华为技术有限公司 Data access rights control method and device
CN111010280A (en) * 2019-12-09 2020-04-14 中山大学 Group signature-based construction method for monitorable block chain
CN109493521B (en) * 2018-10-12 2021-06-01 广东乘心电器实业有限公司 Unmanned vending machine based on block chain technology

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106487821A (en) * 2017-01-04 2017-03-08 北京天云智汇科技有限公司 A kind of digital signature method based on internet block chain technology
CN106534092A (en) * 2016-11-02 2017-03-22 西安电子科技大学 Message-based and key-dependent privacy data encryption method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106534092A (en) * 2016-11-02 2017-03-22 西安电子科技大学 Message-based and key-dependent privacy data encryption method
CN106487821A (en) * 2017-01-04 2017-03-08 北京天云智汇科技有限公司 A kind of digital signature method based on internet block chain technology

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
肖自金,: ""一种基于自认证公钥体制思想的MANET网络密钥分发方案"", 《计算机应用与软件》 *

Cited By (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109962777A (en) * 2017-12-26 2019-07-02 航天信息股份有限公司 The key in block catenary system is permitted to generate, obtain the method and apparatus of key
WO2019179277A1 (en) * 2018-03-19 2019-09-26 华为技术有限公司 Data access rights control method and device
CN109344625A (en) * 2018-07-24 2019-02-15 东方银谷(北京)投资管理有限公司 User account management method and device for block chain
CN109008095A (en) * 2018-08-17 2018-12-18 深圳市安思科电子科技有限公司 A kind of comfort type Intelligent bracelet for authentication based on block chain technology
CN109043750A (en) * 2018-08-17 2018-12-21 深圳市安思科电子科技有限公司 A kind of Intelligent bracelet based on block chain technology
CN109043750B (en) * 2018-08-17 2021-03-16 浙江合式信息科技有限公司 Intelligent bracelet based on block chain technology
CN109118179A (en) * 2018-08-31 2019-01-01 篱笆墙网络科技有限公司 A kind of office worker's recruitment methods and recruitment platform
CN108898039A (en) * 2018-09-06 2018-11-27 深圳市晓控通信科技有限公司 A kind of shatter-resistant based on block chain technology and energy-efficient barcode scanning gun
CN108851388A (en) * 2018-09-06 2018-11-23 深圳市乐业科技有限公司 A kind of Intelligent bracelet with fingerprint identification function based on block chain technology
CN108835779A (en) * 2018-09-06 2018-11-20 深圳市安思科电子科技有限公司 A kind of intelligence payment bracelet convenient for scanning based on block chain technology
CN109222350A (en) * 2018-09-06 2019-01-18 深圳市乐业科技有限公司 A kind of Intelligent bracelet with emergency function based on block chain technology
CN109274499A (en) * 2018-09-29 2019-01-25 四川赢才多多科技有限公司 Timestamp distribution collection method for block chain
CN109493521A (en) * 2018-10-12 2019-03-19 深圳市乐业科技有限公司 A kind of self-service machine based on block chain technology
CN109472924A (en) * 2018-10-12 2019-03-15 深圳市雷凌广通技术研发有限公司 A kind of vending machine with monitoring and regulating function based on block chain technology
CN109377644A (en) * 2018-10-12 2019-02-22 深圳市贝优通新能源技术开发有限公司 A kind of vending machine with anti-theft function based on block chain technology
CN109493521B (en) * 2018-10-12 2021-06-01 广东乘心电器实业有限公司 Unmanned vending machine based on block chain technology
RU2733097C1 (en) * 2018-11-27 2020-09-29 Алибаба Груп Холдинг Лимитед Control of asymmetric keys in consortium blockchain networks
TWI706661B (en) * 2018-11-27 2020-10-01 香港商阿里巴巴集團服務有限公司 Asymmetric key management in the alliance blockchain network
US10819509B2 (en) 2018-11-27 2020-10-27 Alibaba Group Holding Limited Asymmetric key management in consortium blockchain networks
WO2019072281A3 (en) * 2018-11-27 2019-09-26 Alibaba Group Holding Limited Asymmetric key management in consortium blockchain networks
WO2019072281A2 (en) 2018-11-27 2019-04-18 Alibaba Group Holding Limited Asymmetric key management in consortium blockchain networks
CN109660340A (en) * 2018-12-11 2019-04-19 北京安御道合科技有限公司 A kind of application system and its application method based on quantum key
CN109727032A (en) * 2018-12-29 2019-05-07 杭州趣链科技有限公司 A kind of alliance's block chain access control method of identity-based id password
CN109921900A (en) * 2019-02-18 2019-06-21 深圳市优学链科技有限公司 A kind of algorithm of distributed key generation
CN110084622A (en) * 2019-04-18 2019-08-02 西安邮电大学 A kind of commodity are traced to the source block catenary system and code key saves and method for retrieving
CN110278076A (en) * 2019-05-29 2019-09-24 电子科技大学 A kind of audit of transparence data integrity and transparence encryption data duplicate removal agreement based on block chain
CN111010280A (en) * 2019-12-09 2020-04-14 中山大学 Group signature-based construction method for monitorable block chain

Similar Documents

Publication Publication Date Title
Jesus et al. A survey of how to use blockchain to secure internet of things and the stalker attack
CN108256859B (en) Financial product transaction consensus method, node and system based on block chain
CN108833081B (en) Block chain-based equipment networking authentication method
CN106357396B (en) Digital signature method and system and quantum key card
JP2019507510A (en) Common secret determination for secure exchange of information and hierarchical and deterministic encryption keys
KR101964254B1 (en) Person to person trading method and apparatus by using blockchain and distributed hash table
Bünz et al. Zether: Towards privacy in a smart contract world
Liu et al. Anonymous reputation system for IIoT-enabled retail marketing atop PoS blockchain
CN107579819B (en) A kind of SM9 digital signature generation method and system
Di Pietro et al. A blockchain-based trust system for the internet of things
CN108052530B (en) Decentralized CA construction method and system based on alliance chain
CN105678182B (en) A kind of method and device of data manipulation control
Zheng et al. Scalable and privacy-preserving data sharing based on blockchain
JP5171991B2 (en) Key agreement and transport protocol
CN103986574B (en) A kind of Tiered broadcast encryption method of identity-based
CN101192928B (en) Mobile ad hoc authentication method and system
CN101674304B (en) Network identity authentication system and method
CN105959111B (en) Information security big data resource access control system based on cloud computing and trust computing
CN107180350A (en) A kind of method of the multi-party shared transaction metadata based on block chain, apparatus and system
CN106961336B (en) A kind of key components trustship method and system based on SM2 algorithm
CN104685826B (en) Method and system for the input consistency desired result of both sides&#39; secure function evaluation
CN106548345A (en) The method and system of block chain private key protection are realized based on Secret splitting
CN107005574A (en) block generation method, device and block chain network
CN101420300B (en) Double factor combined public key generating and authenticating method
CN103259650B (en) A kind of rationality many secret sharings method to honest participant&#39;s justice

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20171124

RJ01 Rejection of invention patent application after publication