The content of the invention
It is an object of the invention to provide it is a kind of based on encryption commission technology block chain key keeping and restoration methods, with
Solve that existing user key security is not high or user lose after irreclaimable technical problem.
A kind of keeping of block chain key and restoration methods based on encryption commission technology, including:
(1) registration phase
Private key for user is encrypted in local by user, and proposes application for registration to management sales counter;
User profile including private key for user ciphertext is encrypted management sales counter, and by the user encryption after encryption
Information and corresponding client public key are published on block chain;
(2) the key recovery stage
In the key recovery stage, management sales counter receives user and sends key recovery request, by client public key in block chain
On fetch user encryption information and be decrypted, the user profile included including private key for user ciphertext that will be after decryption is sent to use
Family;
User is in local decryption, recovery key.
The present invention provides a kind of block chain key keeping based on encryption commission technology and the dispensing device recovered, the hair
Device is sent as the node on block chain, wherein, including:
Processing unit:Private key for user and client public key are produced for registration phase, and private key for user is added in local
It is close, it is additionally operable to solve from the private key for user ciphertext received in the secret parameter that the key recovery stage is extracted using biological characteristic
It is close go out private key for user;
Transmit-Receive Unit:For establishing the data transmit-receive between the management sales counter on block catenary system:Registration phase sends bag
Include private key for user ciphertext and the user profile of client public key;The use including private key for user ciphertext is received in the key recovery stage
Family information.
The present invention also provides a kind of block chain key keeping based on encryption commission technology and the management sales counter recovered, bag
Include:
Processing unit:For producing sales counter public key and sales counter private key;It is additionally operable in registration phase using sales counter public key to bag
The user profile including private key for user ciphertext is included to be encrypted;It is additionally operable to send key recovery in key recovery stage reception user
Request, fetches user encryption information on block chain by client public key and is decrypted;
Transmit-Receive Unit:For establishing the data transmit-receive with other nodes on block catenary system:For receiving the registration of user
Request;It is additionally operable to the user encryption information after encryption and corresponding client public key being published on block chain;It is additionally operable to decrypt
Afterwards include private key for user ciphertext including user profile be sent to user.
Compared with prior art, the present invention has advantages below:
First, the introducing of key encryption commission technology of the present invention allows user that the private key after encryption is entrusted into management
Sales counter preserves, and management sales counter is not aware that the true content of private key so that the backup and recovery of private key are safer, protect user
Rights and interests.The deficiency that user in the prior art needs to back up private key on core node is overcome, thus it can be prevented that core section
Point authority is excessive.Meanwhile private key need not be divided into several parts and be backed up on different core nodes by user, can prevent core section
Point collusion, recovers private key for user.
Secondly, sales counter is managed in the present invention private key for user ciphertext after user encryption is again private by managing the sales counter of sales counter
Key is encrypted, and further lifts the security of private key for user ciphertext.Also, user can use own identification identification information and/
Password encryption private key for user, further ensure the security of its private key for user.
Further, the user profile after encryption is synchronized on block chain by management sales counter in the present invention, avoids being stored directly in
Manage sales counter on, further cause management sales counter on can not directly know private key for user ciphertext, so as to more ensure that except with
Family itself, the private key of user will not be known or recovered by remaining each side.
Embodiment
Below in conjunction with accompanying drawing, illustrate.
In block catenary system, core node generally refers to participate in the complete process of exchange of block chain, and node storage is complete
Block chain data and transaction after the completion of, participate in block chain common recognition, have an opportunity to complete book keeping operation function to generate new block, such node
Typically undertaken by the work station of better performances, server or cloud service.In this example, it is possible to achieve block chain key keeping and
The core node of recovery is management sales counter.
Referring to Fig. 1, it is the invention discloses a kind of block chain key keeping based on encryption commission technology and recovered
The flow chart of method.It includes:
S10:Registration phase
S110:Private key for user is encrypted in local by user, and proposes application for registration to management sales counter;
S120:User profile including private key for user ciphertext is encrypted management sales counter, and by the use after encryption
Family encryption information and corresponding client public key are published on block chain;
S20:The key recovery stage
S210:In the key recovery stage, management sales counter receives user and sends key recovery request, by client public key in area
User encryption information is fetched on block chain and is decrypted, by being sent comprising the user profile including private key for user ciphertext after decryption
To user;
S220:User is in local decryption, recovery key.
Technical scheme has used key encryption commission technology to provide user key recovery machine in block catenary system
System, key recovery allow domestic consumer to give private key for change by managing sales counter after private key loss.The present invention above all uses
At itself on hand, any node does not know that or recovered user key to family key, thereby guarantees that its security.
Key recovery scheme is divided into registration phase and key recovery stage.Two class identity in consideration system:Domestic consumer and
Sales counter is managed, detailed process is as follows:
In registration phase, user A is filed an application to management sales counter, if auditing successfully, user is locally being given birth to using itself
Thing feature generates two parameters, own private key is encrypted using wherein secret parameter, the private key ciphertext after being encrypted, it
Private key ciphertext and another open parameter are sent to management sales counter afterwards, management sales counter uses public key encryption algorithm, utilizes cabinet
The ciphertext of private key for user and open parameter are encrypted platform public key, and the ciphertext after encryption and corresponding client public key are issued
Onto block chain.Particular flow sheet is as shown in Figure 2.
1. user shows identity information and log-on message, to management sales counter request login key service.User is in advance in pipe
Identity registration is carried out on reason sales counter.Management sales counter which user that can make an appointment is legal, can allow user's registration.
2. managing sales counter examination & verification user profile, if information is legal, pass through, it is allowed to user's registration;Management sales counter is first audited
The legitimacy of user profile, the user for only allowing to pass through could carry out the registration action of next step.
3. user generates block chain public private key pair (sk1, pk1)。
The mode that user generates block chain public private key pair is a lot, as long as existing generating mode is within the scope of the present invention
It is interior, it is just no longer detailed herein.
4. user utilizes biological characteristic B (including fingerprint, iris, palm print and palm vein, shape of face etc.), Fuzzy extractor, Gen are used
(B) → (P, R), open parameter P and secret parameter R is obtained.Certainly, user can also utilize the existing algorithms such as password information to enter
The open parameter P and secret parameter R of row generation.Equally, open parameter P and secret is obtained using the fuzzy device that carries using biological characteristic
Close parameter R, and a kind of existing algorithm, also no longer illustrate herein.
5. user uses symmetric encipherment algorithm, by the use of secret parameter R cryptographic Hash as key, to sk1Encryption, is obtained close
Literary C (being referred to as user key ciphertext), cipher mode Eh(R)(sk1) → C, wherein h () represent Hash value function;
6. the user profile including ciphertext C and open parameter P is sent to management sales counter by user;
7. the sales counter public private key pair for managing sales counter is (sk2, pk2), using public key encryption algorithm, to including ciphertext C and openly
User profile including parameter P is encrypted, and obtains ciphertext C ' (i.e. user encryption information), and encryption formula is:Epk2(C, P) →
C′;This formula represents the public key pk using management sales counter2Asymmetric encryption is carried out to C and P and obtains C ', only its corresponding private key sk2
Ciphertext can be untied;
8. sales counter is managed by ciphertext C ' (user encryption information) and client public key pk1It is synchronized on block chain, is deposited
Storage;
9th, user registration success.
Disclosed above is only a kind of implementation, and user to user private key has a variety of cipher modes, using itself
Identity identification information is encrypted, simply one of which cipher mode, is not for limiting the present invention.Equally, sales counter is managed
The information is encrypted, disclosure is also only for example bright, is not used for limiting to.
In the key recovery stage when user A has found that the private key of oneself is lost, key recovery request is sent, so as to be tested
Demonstrate,prove and give private key for change, idiographic flow such as Fig. 3:
1. node request recovers private key, private key recovery request is sent to management sales counter;
2. managing sales counter checks user identity, if being proved to be successful, client public key pk is obtained1;
3. management sales counter passes through pk1, searched on block chain and obtain corresponding user encryption information (ciphertext C ');
4. management sales counter uses its private key sk2C ' is decrypted, obtains ciphertext C and open parameter P;
5. management sales counter will be sent to user comprising the user profile including ciphertext C and open parameter P;
6. user using Fuzzy extractor, reduces Rep (P, B ') → R ', by mould by open parameter P and biological characteristic B '
The concept of extractor is pasted, if biological characteristic B ' and raw biometric B distance (B, B ') < θ, then the R ' of front and rear generation
=R;Wherein distance () is similarity distance function, and θ is the numerical value provided in advance, represents the phase of two biological characteristics
This numerical value is necessarily less than like degree distance.
7. user is decrypted using R ' to ciphertext C, if successful decryption, private key sk is obtained1, key recovery success.
A kind of keeping of block chain key and the dispensing device recovered based on encryption commission technology, dispensing device is block chain
On a node, wherein, including:
Processing unit:Private key for user and client public key are produced for registration phase, and private key for user is added in local
It is close, it is additionally operable to solve from the private key for user ciphertext received in the secret parameter that the key recovery stage is extracted using biological characteristic
It is close go out private key for user;
Transmit-Receive Unit:For establishing the data transmit-receive between the management sales counter on block catenary system:Registration phase sends bag
Include private key for user ciphertext and the user profile of client public key;The use including private key for user ciphertext is received in the key recovery stage
Family information.
The dispensing device of the present invention, simply means to the node on block chain, generally can be the terminal in block chain network, wraps
Include but be not limited to light weight node.
A kind of keeping of block chain key and the management sales counter recovered based on encryption commission technology, wherein, including:
Processing unit:For producing sales counter public key and sales counter private key;It is additionally operable in registration phase using sales counter public key to bag
The user profile including private key for user ciphertext is included to be encrypted;It is additionally operable to send key recovery in key recovery stage reception user
Request, fetches user encryption information on block chain by client public key and is decrypted;
Transmit-Receive Unit:For establishing the data transmit-receive with other nodes on block catenary system:For receiving the registration of user
Request;It is additionally operable to the user encryption information after encryption and corresponding client public key being published on block chain;It is additionally operable to decrypt
Afterwards include private key for user ciphertext including user profile be sent to user.
The present invention be with reference to method according to embodiments of the present invention, equipment and computer program product flow chart and/or
Block diagram describes.It should be understood that can be by each flow in computer program instructions implementation process figure and/or square bearer figure
And/or square frame and the flow in string routine figure and/or block diagram and/or the combination of square frame.These computer programs can be provided
Instruct the processor of general-purpose calculator, special-purpose computer, Embedded Processor or other programmable data processing equipments with
Produce a machine so that use is produced by the instruction of computer or the computing device of other programmable data processing equipments
In the function of realizing above-mentioned one flow of flow chart or the instruction of multiple string routines.
Although the present invention is disclosed as above with preferred embodiment, it is not for limiting claim, any this area
Technical staff without departing from the spirit and scope of the present invention, can make possible variation and modification, therefore the present invention
Protection domain should be defined by the scope that the claims in the present invention are defined.