CN108768636B - Method for recovering private key by utilizing multi-party cooperation - Google Patents

Method for recovering private key by utilizing multi-party cooperation Download PDF

Info

Publication number
CN108768636B
CN108768636B CN201810555643.0A CN201810555643A CN108768636B CN 108768636 B CN108768636 B CN 108768636B CN 201810555643 A CN201810555643 A CN 201810555643A CN 108768636 B CN108768636 B CN 108768636B
Authority
CN
China
Prior art keywords
user
private key
cooperative party
party
cooperative
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810555643.0A
Other languages
Chinese (zh)
Other versions
CN108768636A (en
Inventor
罗荣阁
段玺
陈聿宸
赵远明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Wanxiang Blockchain Inc
Original Assignee
Shanghai Wanxiang Blockchain Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Wanxiang Blockchain Inc filed Critical Shanghai Wanxiang Blockchain Inc
Priority to CN201810555643.0A priority Critical patent/CN108768636B/en
Publication of CN108768636A publication Critical patent/CN108768636A/en
Application granted granted Critical
Publication of CN108768636B publication Critical patent/CN108768636B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Abstract

The invention discloses a method for recovering a private key by utilizing multi-party cooperation, which backups a user private key which can be migrated or exported and is convenient to recover. The private key recovery method does not depend on hardware equipment or a centralized mechanism, and has great practical value. The technical scheme is as follows: and key information msg1 is generated by utilizing multi-party cooperative encryption of the private key S to be protected in sequence, and then the msg1 is decrypted in a multi-party reverse sequence to recover the private key S. The public key of the asymmetric encryption algorithm is public, and a user can not directly contact any one collaborating party, so that the public key of the collaborating party is used for encrypting the private key S. This ensures that only the user knows all collaborators selected and the encryption order. Each cooperative party only stores part of data, and each cooperative party cannot recover the private key S according to the data stored by each cooperative party, so that the private key S is not exposed to any cooperative party, and the backup of the private key S can be performed by using the cooperative parties.

Description

Method for recovering private key by utilizing multi-party cooperation
Technical Field
The invention relates to a recovery technology of an encrypted private key, in particular to a method for recovering a private key of an asymmetric encryption algorithm.
Background
At present, the backup of the private key in the asymmetric encryption algorithm is usually realized by hardware equipment, and most of the few private key recovery methods which do not depend on the hardware need to rely on a certain central mechanism to provide services. For the existing recovery method relying on hardware devices, once the hardware is lost or damaged, the private key cannot be recovered. For the existing recovery method relying on the central mechanism, the central mechanism is easy to attack and damage, and once the central mechanism is damaged, the private key cannot be recovered.
At present, a method for recovering a private key is urgently needed in the industry, which is convenient for recovering a private key of a user when an operating system is damaged and the private key is lost, and can be applied to recovering the private key of the user on other computers.
Disclosure of Invention
The following presents a simplified summary of one or more aspects in order to provide a basic understanding of such aspects. This summary is not an extensive overview of all contemplated aspects, and is intended to neither identify key or critical elements of all aspects nor delineate the scope of any or all aspects. Its sole purpose is to present some concepts of one or more aspects in a simplified form as a prelude to the more detailed description that is presented later.
The invention aims to solve the problems and provides a method for recovering a private key by utilizing multi-party cooperation, which backs up a user private key which can be migrated or exported and is used for decrypting encrypted data, is convenient for recovering the user private key under the conditions that an operating system is damaged and the private key is lost, and is also suitable for recovering the user private key on other computers. The private key recovery method does not depend on hardware equipment or a centralized mechanism, and has great practical value.
The technical scheme of the invention is as follows: the invention discloses a method for recovering a private key by utilizing multi-party cooperation, which comprises the following steps:
step 1: the user sends F1 application for recovering the private key S to a third cooperative party to acquire information including F1 ', msg2 and msg1, wherein F1 is a character string randomly generated by the user and used for confusing the cooperative party, msg1 is key information used by the user for recovering the private key S, msg2 is decrypted information of msg1, and F1' is decrypted information of F1;
step 2: then, the user sends msg2 application for recovering the private key S in step 1 to the second cooperative party to obtain information including msg3, R1 'and R1, wherein msg3 is the decrypted information of msg2, R1 is a random string used by the user to confuse the cooperative party, and R1' is the decrypted information of R1;
and step 3: meanwhile, the user sends F3 application for recovering the private key S to the first cooperative party to obtain information including F3 ', K ' and K, wherein F3 is a character string randomly generated by the user and used for confusing the cooperative party, K is a private key generated by the user for backing up the private key S, and K ' is information decrypted by K;
and 4, step 4: and (3) the user decrypts the msg3 in the step 2 by using the private key K in the step 3 and the public key of the user to obtain a private key S.
According to an embodiment of the method for recovering a private key by multi-party cooperation of the present invention, the method further includes a step for obfuscating the cooperating parties so that the cooperating parties cannot distinguish whether their public key is used by the user for encrypting the private key S, further including:
the user sends F2 to a fourth cooperative party which does not participate in the backup of the private key S, and applies for the recovery of the private key S to the fourth cooperative party, wherein F2 is data randomly generated by the user and used for confusing the cooperative parties;
the fourth cooperative party and the user carry out identity authentication;
the fourth cooperative party judges whether the conditions for carrying out the private key recovery operation on the user are met, and the private key recovery operation on the user can be carried out only if the following three conditions are met simultaneously:
condition 1: the identity authentication of the fourth cooperative party and the user is passed;
condition 2: the fourth collaborator holds R2, wherein R2 is a random string used by the user to confuse the collaborators;
condition 3: r2 belongs to a user;
the fourth cooperative party decrypts F2 by using the own private key and the public key of the user to generate F2 ', the fourth cooperative party decrypts R2 by using the own private key and the public key of the user to generate R2', and the fourth cooperative party sends F2 ', R2' and R2 to the user.
According to an embodiment of the method for recovering a private key by using multi-party cooperation of the present invention, step 1 further includes:
the user sends a random string F1 to the third cooperative party, wherein F1 is randomly generated by the user and is used for confusing the cooperative party, and applies for recovering the private key S from the third cooperative party;
the third cooperative party and the user carry out identity authentication;
the third cooperative party judges whether the conditions for carrying out the private key recovery operation on the user are met, and the private key recovery operation on the user can be carried out only if the following three conditions are met simultaneously:
condition 1: the third cooperative party and the user pass the authentication;
condition 2: the third collaborator holds msg1, wherein msg1 is key information used by the user to recover the private key S;
condition 3: msg1 belongs to the user;
the third cooperative party decrypts F1 by using a private key of the third cooperative party and a public key of the user to obtain F1 ', decrypts msg1 by using a private key of the third cooperative party and a public key of the user to obtain msg2, and the third cooperative party transmits F1', msg2 and msg1 to the user.
According to an embodiment of the method for recovering a private key by using multi-party collaboration, step 2 further includes:
the user sends msg2 to the second cooperative party and applies for recovering the private key S from the second cooperative party;
the second cooperative party and the user perform identity authentication;
the second cooperative party judges whether the conditions for carrying out the private key recovery operation on the user are met, and the private key recovery operation on the user can be carried out only if the following three conditions are met simultaneously:
condition 1: the identity authentication of the user and the second cooperative party is passed;
condition 2: the second collaborator holds R1, wherein R1 is a random string used by the user to confuse the collaborators;
condition 3: r1 belongs to a user;
the second cooperative party decrypts msg2 by using the private key of the second cooperative party and the public key of the user to generate msg3, decrypts R1 by using the private key of the second cooperative party and the public key of the user to generate R1 ', and the second cooperative party transmits msg3, R1' and R1 to the user.
According to an embodiment of the method for recovering a private key by using multi-party cooperation of the present invention, step 3 further includes:
the user sends F3 to the first cooperative party, wherein F3 is randomly generated by the user and is used for confusing the cooperative party, and applies for recovering the private key S from the first cooperative party;
the first cooperative party and the user perform identity authentication;
the first cooperative party judges whether the conditions for carrying out the private key recovery operation on the user are met, and the private key recovery operation on the user can be carried out only if the following three conditions are met simultaneously:
condition 1: the first cooperative party and the user pass the authentication;
condition 2: the first cooperative party holds a private key K, wherein the private key K is generated by a user for backing up a private key S to be protected, and the private key K is only used for recovering the private key for the user and cannot be used for recovering the private key for other users at the same time;
condition 3: the private key K belongs to the user;
the first cooperative party decrypts F3 by using the own private key and the public key of the user to generate F3 ', the first cooperative party decrypts K by using the own private key and the public key of the user to generate K', and the first cooperative party sends F3 ', K' and K to the user.
According to an embodiment of the method for recovering the private key by utilizing multi-party cooperation, the identity verification of the cooperation party and the user is realized in a mode of sending a random character string to the mobile phone number of the user by the cooperation party, or the identity is verified by a third-party system including an electronic mail or a WeChat.
According to an embodiment of the method for recovering a private key by using multi-party collaboration, the private key S is generated and backed up by the following steps:
a user generates a key pair S and a key pair S through an elliptic curve encryption algorithm, wherein a private key S is secret and only held by the user, and a public key S is public and can be obtained by anyone;
the user generates msg4 using private key S;
the user randomly selects at least three cooperative parties from a plurality of cooperative parties, and only the user knows the encryption sequence of the cooperative parties and all the selected cooperative parties;
a user generates a key pair K and K through an elliptic curve encryption algorithm, wherein K is a public key, and K is a private key;
the user encrypts the msg4 by using the private key S and the public key k to generate msg 3;
the user encrypts the msg3 by using the private key S and the public key of the second cooperative party to generate msg 2;
the user encrypts the msg2 by using the private key S and the public key of the third cooperative party to generate msg1, and then the following four aspects of operation are carried out simultaneously;
on the first hand, a user encrypts msg1 and a user 'S mobile phone number by using a private key S and a public key of a third cooperative party to generate E1, and sends E1 to the third cooperative party, the third cooperative party decrypts E1 by using the own private key and the user' S public key to obtain msg1 and the user 'S mobile phone number, the third cooperative party stores msg1 and the user' S mobile phone number, and records that msg1 belongs to the user;
in the second aspect, a user encrypts a private key K and a user 'S mobile phone number by using the private key S and a public key of a first cooperative party to generate E2, and sends E2 to the first cooperative party, the first cooperative party decrypts E2 by using the private key of the first cooperative party and the user' S public key to obtain the private key K and the user 'S mobile phone number, stores the private key K and the user' S mobile phone number, and records that the private key K belongs to the user;
in the third aspect, a user encrypts a random string R1 and a mobile phone number of the user by using a private key S and a public key of a second cooperative party to generate E3, wherein R1 is randomly generated by the user, has the same length as msg1 and is used for confusing the cooperative party, E3 is sent to the second cooperative party, the second cooperative party decrypts E3 by using the private key of the second cooperative party and the public key of the user to obtain R1 and the mobile phone number of the user, stores R1 and the mobile phone number of the user, and records that R1 belongs to the user;
in the fourth aspect, a user encrypts a random string R2 and a user 'S mobile phone number by using a private key S and a public key of a fourth cooperative party to generate E4, wherein R2 is randomly generated by the user and has the same length as the private key K, and sends E4 to the fourth cooperative party, and the fourth cooperative party decrypts E4 by using the private key of the fourth cooperative party and the user' S public key to obtain R2 and the user 'S mobile phone number, stores R2 and the user' S mobile phone number, and records that R2 belongs to the user.
Compared with the prior art, the invention has the following beneficial effects: the invention utilizes the cooperation of multiple parties to sequentially encrypt the private key S to be protected to generate key information msg1, and then decrypts msg1 in a multi-party reverse order to recover the private key S. The public key of the asymmetric encryption algorithm is public, and the user a may not directly contact any one of the cooperators, so the private key S is encrypted using the public key of the cooperator. This ensures that only user a knows all selected cooperators and the encryption order. Each cooperative party only stores part of the data, and each cooperative party cannot recover the private key S according to the data stored by each cooperative party. The method ensures that the private key S is not exposed to any cooperative party, so the backup of the private key S can be carried out by utilizing the cooperative party. In addition, in order to improve the security of the system, the number of the collaborating parties should be not less than 3. Meanwhile, the invention provides a method for adding the confusion data and the mobile phone verification code to verify the identity, and the method is combined with the multi-party cooperative operation, so that the safety intensity of the system is improved.
Drawings
The above features and advantages of the present disclosure will be better understood upon reading the detailed description of embodiments of the disclosure in conjunction with the following drawings. In the drawings, components are not necessarily drawn to scale, and components having similar relative characteristics or features may have the same or similar reference numerals.
FIG. 1 illustrates a flow diagram of one embodiment of a method of the present invention for recovering a private key with multi-party coordination.
Fig. 2 shows a flow chart of the generation and backup of the private key.
Detailed Description
The invention is described in detail below with reference to the figures and specific embodiments. It is noted that the aspects described below in connection with the figures and the specific embodiments are only exemplary and should not be construed as imposing any limitation on the scope of the present invention.
FIG. 1 illustrates a flow of an embodiment of a method of recovering a private key with multi-party coordination of the present invention. The precondition for the method of this embodiment is that the user a has generated the private key S according to the method shown in fig. 2 and has performed a backup operation of the private key S. When the private key S of the user a is lost, the recovery operation of the private key S may be performed using the method shown in fig. 1. In the whole process of recovering the private key S, the data formats received by all the cooperative parties are the same, the data processing is also the same, and the cooperative parties do not directly carry out data transmission, so that the difficulty of cooperative party joint fraud is improved.
The steps of this embodiment are described in detail below with reference to fig. 1.
Steps 101 to 105 are operation methods for the user a to acquire information from the collaborating party 3, and operation methods for the user a to acquire information from other collaborating parties (e.g., collaborating party 2, collaborating party 4, and collaborating party 1 in fig. 1) are similar.
Step 101: the user a sends a random string F1 to the cooperative party 3 (F1 is randomly generated by the user a and used for confusing the cooperative party), and applies for recovering the private key S from the cooperative party 3.
Step 102: the cooperative party 3 sends the authentication code C1(C1 is a random string) to the phone number of the user a.
The mobile phone number used for encryption can be replaced by a third-party communication means such as an email address or a micro signal. Correspondingly, the identity is verified by the mobile phone verification code, and the identity can be verified by a third-party system such as an electronic mail or a WeChat.
Step 103: the user a sends to the cooperator 3: the verification code C1' received by the handset.
Step 104: the cooperative party 3 determines whether the condition for performing the private key recovery operation on the user a is satisfied, if so, step S105 is executed, otherwise, the process is ended.
The operation of recovering the private key of the user a can be performed only if the following 3 conditions are satisfied at the same time.
Condition 1: the verification code C1' provided by the user a is identical to the C1 sent by the cooperator 3.
Condition 2: the coordinator 3 holds msg1(msg1 is key information used by the user A to recover the private key S, and the coordinator 3 does not know the role of msg1 although holding msg 1. the generation flow of msg1 refers to FIG. 2).
Condition 3: msg1 belongs to user a.
Step 105: the cooperative party 3 decrypts F1 using its own private key and the public key of the user a, resulting in F1'. The cooperative party 3 decrypts the msg1 by using the private key of the cooperative party and the public key of the user A, and obtains msg 2. Coordinator 3 sends F1', msg2, msg1 to user a.
Step 106 to step 110 are operation methods by which the user a acquires information from the cooperative party 2. It can be seen that steps 106 through 110 are similar to steps 101 through 105.
Step 106: the user A sends msg2 to the coordinator 2 and applies for recovering the private key S from the coordinator 2.
Step 107: the cooperative party 2 sends the verification code C2(C2 is a random string) to the phone number of the user a.
Step 108: the user a sends the verification code C2' received by the mobile phone to the cooperative party 2.
Step 109: the cooperative party 2 determines whether the condition for performing the private key recovery operation on the user a is satisfied, if so, step S110 is executed, otherwise, the process is ended.
The operation of recovering the private key of the user a can be performed only if the following 3 conditions are satisfied at the same time.
Condition 1: the verification code C2' provided by user a is identical to C2 sent by the cooperator 2.
Condition 2: the cooperative party 2 holds R1(R1 is a random string used by the user A to confuse the cooperative party, and the cooperative party 2 does not know the role of R1 although it holds R1. the generation flow of R1 refers to FIG. 2).
Condition 3: r1 belongs to user a.
Step 110: the cooperator 2 decrypts the msg2 by using the private key of the cooperator 2 and the public key of the user A, and generates msg 3. The cooperator 2 decrypts R1 using its own private key and the public key of the user a, and generates R1'. Coordinator 2 sends msg3, R1', R1 to user a.
Steps 111 to 115 are operation methods by which the user a acquires information from the cooperative party 4. It can be seen that steps 111-115 are similar to steps 101-105.
Step 111: the user A sends F2 to the collaborator 4 (F2 is randomly generated by the user A and is used for confusing the collaborator), and applies for recovering the private key S from the collaborator 4.
In this example, the user a does not select the public key of the cooperator 4 to backup the private key S, which is a step to confuse the cooperator.
Step 112: the cooperative party 4 sends the authentication code C3(C3 is a random string) to the phone number of the user a.
Step 113: the user a sends the verification code C3' received by the handset to the cooperative party 4.
Step 114: the cooperative party 4 determines whether the condition for performing the private key recovery operation on the user a is satisfied, and if so, executes step 115.
The operation of recovering the private key of the user a can be performed only if the following 3 conditions are satisfied at the same time.
Condition 1: the verification code C3' provided by user a is identical to C3 sent by the cooperator 4.
Condition 2: the cooperative party 4 holds R2(R2 is a random string used by the user A to confuse the cooperative party, and the cooperative party 4 does not know the role of R2 although it holds R2. the generation flow of R2 refers to FIG. 2).
Condition 3: r2 belongs to user a.
Step 115: the cooperator 4 decrypts F2 using its own private key and the public key of the user a, generating F2'. The cooperator 4 decrypts R2 using its own private key and the public key of the user a, and generates R2'. The cooperative party 4 sends F2 ', R2', R2 to the user a.
The steps 111 to 115 are used to confuse the collaborating party, so that the collaborating party cannot distinguish whether the public key of the collaborating party is used by the user a to encrypt the private key S, and the collaborating party cannot distinguish who the actually selected collaborating party is. These several steps may be added, such as sending multiple similar messages to multiple collaborators.
The steps 116 to 120 are that the user a obtains information from the cooperative party 1 by a method similar to the steps 101 to 105.
Step 116: the user A sends F3 to the collaborator 1 (F3 is randomly generated by the user A and used for confusing the collaborator), and applies for recovering the private key S from the collaborator 1.
Step 117: the cooperative party 1 sends the verification code C4(C4 is a random string) to the phone number of the user a.
Step 118: the user a sends the verification code C4' received by the mobile phone to the cooperative party 1.
Step 119: the cooperative party 1 determines whether the condition for performing the private key recovery operation on the user a is satisfied, if so, step 120 is executed, otherwise, the process is ended.
The operation of recovering the private key of the user a can be performed only if the following 3 conditions are satisfied at the same time.
Condition 1: the verification code C4' provided by user a is identical to C4 sent by the cooperator 1.
Condition 2: the cooperative party 1 holds a private key K (the generation flow of the private key K refers to fig. 2. the private key K is not the private key of the cooperative party itself, but the private key generated by the user a for backing up the private key S to be protected.
Condition 3: the private key K belongs to the user a.
Step 120: the cooperator 1 decrypts F3 using its own private key and the public key of the user a, and generates F3'. The cooperative party 1 decrypts K using its own private key and the public key of the user a, and generates K'. The coordinator 1 sends F3', K to the user a.
Step 121: the user A decrypts the msg3 by using the private key K and the public key of the user A to obtain msg4, namely the private key S. This completes the recovery of the secret key S.
Fig. 2 shows the generation and backup process of the private key S in the present invention.
The preconditions for the method shown in fig. 2 are: before the user a generates and backs up the private key S, N (N > ═ 3) cooperators have generated respective key pairs by an ECC (Elliptic curve Cryptography), and have disclosed respective public keys.
The steps of the private key generation and backup in this embodiment are described below with reference to fig. 2.
Step 201: user a generates a key pair S (private key S) and S (public key S) by ECC. The private key S is secret and is held only by the user a. The public key s is public and can be obtained by anyone. The private key S and the public key S are used in pairs.
Step 202: the user A generates msg4, and the content of msg4 is a private key S.
Step 203: the user a randomly selects 3 collaborators from N (N > ═ 3) collaborators. Only user a knows the encryption order of the collaborators and all selected collaborators. In this example, the user a selects the cooperator 1, the cooperator 2, and the cooperator 3. The order in which msg1 is generated is: a cooperative party 1, a cooperative party 2 and a cooperative party 3.
Step 203 may ensure that the method does not rely on a centralized mechanism. Because the user can have a plurality of selection schemes of the cooperative party, the backup can be carried out for a plurality of times.
Step 204: the user A generates a private key K and a public key K of a key pair through ECC.
Step 205: user A encrypts msg4 using private key S and public key k, generating msg 3.
Step 206: the user A encrypts the msg3 using the private key S and the public key of the cooperator 2, generating msg 2.
Step 207: the user A encrypts the msg2 using the private key S and the public key of the cooperator 3, generating msg 1.
Step 204 to step 207 realize that the private key S is sequentially encrypted to generate the msg1 by using the private key and a plurality of public keys. Therefore, the effect that the msg1 can be recovered only by decrypting the msg1 in the reverse order by using the own public key and the private keys corresponding to the public keys can be realized. As long as the private keys of all the collaborating parties cannot be taken, and the correct encryption sequence cannot be found, the private key S cannot be recovered. This improves the safety of the system.
Step 208: the user A encrypts the msg1 and the mobile phone number of the user A by using the private key S and the public key of the cooperative party 3 to generate E1. User a sends E1 to cooperator 3.
Step 209: the cooperative party 3 decrypts the E1 by using the private key of the cooperative party and the public key of the user A to obtain the msg1 and the mobile phone number of the user A. And the cooperative party 3 saves the msg1 and the mobile phone number of the user A and records that the msg1 belongs to the user A.
Step 210: and the user A encrypts the private key K and the mobile phone number of the user A by using the private key S and the public key of the cooperative party 1 to generate E2. User a sends E2 to cooperator 1.
Step 211: the cooperative party 1 decrypts E2 by using the private key of the cooperative party and the public key of the user A to obtain a private key K and the mobile phone number of the user A. The cooperative party 1 stores the private key K and the mobile phone number of the user A, and records that the private key K belongs to the user A.
Step 212: user A encrypts a random string R1(R1 is randomly generated by user A, has the same length as msg1 and is used for confusing cooperators) and the mobile phone number of user A by using a private key S and the public key of cooperator 2 to generate E3, wherein each selected cooperator only knows that the selected cooperator obtains a string of ciphertext and the mobile phone number of user A but does not know the effect of the ciphertext. User a sends E3 to cooperator 2.
Step 213: the cooperative party 2 decrypts the E3 by using the private key of the cooperative party and the public key of the user A to obtain R1 and the mobile phone number of the user A. The cooperative party 3 saves the R1 and the mobile phone number of the user A, and records that R1 belongs to the user A.
Steps 212 and 213 serve to confuse the collaborating parties so that the collaborating parties cannot tell whether their own public key is used by user a to encrypt the private key S, and so that the collaborating parties cannot tell who the really selected collaborating party is. These several steps may be added and multiple similar messages may be sent to multiple collaborators.
Step 214: the user a encrypts a random string R2(R2 is randomly generated by the user a and has the same length as the private key K) and the mobile phone number of the user a by using the private key S and the public key of the cooperative party 4, so as to generate E4. User a sends E4 to cooperator 4.
Step 215: the cooperative party 4 decrypts E4 by using the private key of the cooperative party and the public key of the user A to obtain R2 and the mobile phone number of the user A. The cooperative party 4 saves the R2 and the mobile phone number of the user A, and records that R2 belongs to the user A.
While, for purposes of simplicity of explanation, the methodologies are shown and described as a series of acts, it is to be understood and appreciated that the methodologies are not limited by the order of acts, as some acts may, in accordance with one or more embodiments, occur in different orders and/or concurrently with other acts from that shown and described herein or not shown and described herein, as would be understood by one skilled in the art.
Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The various illustrative logical blocks, modules, and circuits described in connection with the embodiments disclosed herein may be implemented or performed with a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. A general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC. The ASIC may reside in a user terminal. In the alternative, the processor and the storage medium may reside as discrete components in a user terminal.
In one or more exemplary embodiments, the functions described may be implemented in hardware, software, firmware, or any combination thereof. If implemented in software as a computer program product, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a computer. By way of example, and not limitation, such computer-readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. Any connection is properly termed a computer-readable medium. For example, if the software is transmitted from a web site, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, Digital Subscriber Line (DSL), or wireless technologies such as infrared, radio, and microwave, then the coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of medium. Disk (disk) and disc (disc), as used herein, includes Compact Disc (CD), laser disc, optical disc, Digital Versatile Disc (DVD), floppy disk and blu-ray disc where disks (disks) usually reproduce data magnetically, while discs (discs) reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media.
The previous description of the disclosure is provided to enable any person skilled in the art to make or use the disclosure. Various modifications to the disclosure will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other variations without departing from the spirit or scope of the disclosure. Thus, the disclosure is not intended to be limited to the examples and designs described herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (3)

1. A method for recovering a private key by utilizing multi-party collaboration is characterized in that before a user A generates and backups a private key S, N collaborating parties generate respective key pairs through an elliptic curve encryption algorithm and disclose respective public keys, wherein N > is 3, and the method comprises the following steps:
step 1: user A sends F1 application for recovering private key S to a third cooperative party to obtain information including F1 ', msg2 and msg1, wherein F1 is a character string randomly generated by user A and used for confusing the cooperative party, msg1 is key information used by user A for recovering private key S, msg2 is decrypted information of msg1, and F1' is decrypted information of F1;
step 2: then, the user A sends msg2 application for recovering the private key S in the step 1 to the second cooperative party to acquire information including msg3, R1 'and R1, wherein msg3 is the information decrypted by msg2, R1 is a random character string used by the user A for confusing the cooperative party, and R1' is the information decrypted by R1;
and step 3: meanwhile, the user A sends a random character string F3 to the first cooperative party to apply for recovering the private key S so as to obtain information including F3 ', K ' and K, wherein F3 is a character string randomly generated by the user A and used for confusing the cooperative party, K is a private key generated by the user A for backing up the private key S, and K ' is information decrypted by K;
and 4, step 4: the user A decrypts the msg3 in the step 2 by using the private key K in the step 3 and the public key of the user A to obtain a private key S;
wherein, step 1 further comprises:
the user A sends a random character string F1 to the third cooperative party, wherein F1 is randomly generated by the user A and is used for confusing the cooperative party, and applies for recovering the private key S from the third cooperative party;
the third cooperative party and the user A carry out identity authentication;
the third cooperative party judges whether the conditions for carrying out the private key recovery operation on the user A are met, and the private key recovery operation on the user A can be carried out only if the following three conditions are met simultaneously:
condition 1: the third cooperative party and the user A pass the authentication;
condition 2: the third collaborator holds msg1, wherein msg1 is the key information used by user A to recover the private key S;
condition 3: msg1 belongs to user A;
the third cooperative party decrypts F1 by using a private key of the third cooperative party and a public key of the user A to obtain F1 ', decrypts msg1 by using a private key of the third cooperative party and a public key of the user A to obtain msg2, and the third cooperative party sends F1', msg2 and msg1 to the user A;
wherein, step 2 further comprises:
the user A sends msg2 to the second cooperative party and applies for recovering the private key S from the second cooperative party;
the second cooperative party and the user A carry out identity authentication;
the second cooperative party judges whether the conditions for carrying out the private key recovery operation on the user A are met, and the private key recovery operation on the user A can be carried out only if the following three conditions are met simultaneously:
condition 1: the identity authentication of the user A and the second cooperative party is passed;
condition 2: the second collaborator holds R1, where R1 is a random string used by user A to confuse the collaborators;
condition 3: r1 belongs to user a;
the second cooperative party decrypts msg2 by using a private key of the second cooperative party and a public key of the user A to generate msg3, decrypts R1 by using a private key of the second cooperative party and a public key of the user A to generate R1 ', and the second cooperative party sends msg3, R1' and R1 to the user A;
wherein, step 3 further comprises:
the user A sends a random character string F3 to the first cooperative party, wherein F3 is randomly generated by the user A and is used for confusing the cooperative party, and applies for recovering the private key S from the first cooperative party;
the first cooperative party and the user A carry out identity authentication;
the first cooperative party judges whether the conditions for carrying out the private key recovery operation on the user A are met, and the private key recovery operation on the user A can be carried out only if the following three conditions are met simultaneously:
condition 1: the first cooperative party and the user A pass the authentication;
condition 2: the first cooperative party holds a private key K, wherein the private key K is generated by the user A for backing up the private key S to be protected, and the private key K is only used for recovering the private key for the user A and cannot be used for recovering the private key for other users at the same time;
condition 3: the private key K belongs to the user A;
the first cooperative party decrypts F3 by using the private key of the first cooperative party and the public key of the user A to generate F3 ', decrypts K by using the private key of the first cooperative party and the public key of the user A to generate K', and the first cooperative party sends F3 ', K' and K to the user A;
the private key S is generated and backed up through the following steps:
the user A generates a key pair S and a key pair S through an elliptic curve encryption algorithm, wherein a private key S is secret, only the user A holds the private key S, and a public key S is public and can be obtained by anyone;
the user A generates msg4, and the content of msg4 is a private key S;
the user A randomly selects at least three cooperative parties from a plurality of cooperative parties, and only the user A knows the encryption sequence of the cooperative parties and all the selected cooperative parties;
a user A generates a key pair K and K through an elliptic curve encryption algorithm, wherein K is a public key, and K is a private key; the user A encrypts the msg4 by using the private key S and the public key k to generate msg 3;
the user A encrypts the msg3 by using the private key S and the public key of the second cooperative party to generate msg 2;
the user A encrypts the msg2 by using the private key S and the public key of the third cooperative party to generate msg1, and then the following four aspects of operation are carried out simultaneously;
on the first hand, a user A encrypts the msg1 and the mobile phone number of the user A by using a private key S and a public key of a third cooperative party to generate E1, and sends E1 to the third cooperative party, the third cooperative party decrypts the E1 by using the private key of the third cooperative party and the public key of the user A to obtain the msg1 and the mobile phone number of the user A, the third cooperative party stores the msg1 and the mobile phone number of the user A, and records that the msg1 belongs to the user A;
in the second aspect, a user A encrypts a private key K and a mobile phone number of the user A by using the private key S and a public key of a first cooperative party to generate E2, and sends E2 to the first cooperative party, the first cooperative party decrypts E2 by using the private key of the first cooperative party and the public key of the user A to obtain the private key K and the mobile phone number of the user A, stores the private key K and the mobile phone number of the user A, and records that the private key K belongs to the user A;
in the third aspect, a user A encrypts a random character string R1 and the mobile phone number of the user A by using a private key S and a public key of a second cooperative party to generate E3, wherein R1 is randomly generated by the user A, has the same length as msg1 and is used for confusing the cooperative party, and sends E3 to the second cooperative party, the second cooperative party decrypts E3 by using the private key of the second cooperative party and the public key of the user A to obtain R1 and the mobile phone number of the user A, stores the R1 and the mobile phone number of the user A, and records that R1 belongs to the user A;
in the fourth aspect, the user A encrypts the random character string R2 and the mobile phone number of the user A by using the private key S and the public key of the fourth cooperative party to generate E4, wherein R2 is randomly generated by the user A and has the same length as the private key K, the E4 is sent to the fourth cooperative party, the fourth cooperative party decrypts the E4 by using the private key of the fourth cooperative party and the public key of the user A to obtain R2 and the mobile phone number of the user A, the R2 and the mobile phone number of the user A are stored, and the R2 is recorded as belonging to the user A.
2. The method for recovering a private key by multi-party collaboration as claimed in claim 1, wherein the method further comprises a step for obfuscating the collaborating parties so that the collaborating parties cannot tell whether their public key is used by user a for encrypting the private key S, further comprising:
the user A sends F2 to a fourth cooperative party which does not participate in the backup of the private key S, and applies for the recovery private key S to the fourth cooperative party, wherein F2 is data randomly generated by the user A and used for confusing the cooperative parties;
the fourth cooperative party and the user A carry out identity authentication;
the fourth cooperative party judges whether the conditions for carrying out the private key recovery operation on the user A are met, and the private key recovery operation on the user A can be carried out only if the following three conditions are met simultaneously:
condition 1: the identity authentication of the fourth cooperative party and the user A is passed;
condition 2: the fourth collaborator holds R2, where R2 is a random string used by user A to confuse the collaborators;
condition 3: r2 belongs to user a;
the fourth cooperative party decrypts F2 by using the own private key and the public key of the user A to generate F2 ', the fourth cooperative party decrypts R2 by using the own private key and the public key of the user A to generate R2', and the fourth cooperative party sends F2 ', R2' and R2 to the user A.
3. The method for recovering the private key by utilizing multi-party cooperation according to any one of claims 1 to 2, wherein the authentication between the cooperative party and the user a is performed by sending a random string to the mobile phone number of the user a through the cooperative party.
CN201810555643.0A 2018-05-31 2018-05-31 Method for recovering private key by utilizing multi-party cooperation Active CN108768636B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810555643.0A CN108768636B (en) 2018-05-31 2018-05-31 Method for recovering private key by utilizing multi-party cooperation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810555643.0A CN108768636B (en) 2018-05-31 2018-05-31 Method for recovering private key by utilizing multi-party cooperation

Publications (2)

Publication Number Publication Date
CN108768636A CN108768636A (en) 2018-11-06
CN108768636B true CN108768636B (en) 2021-02-19

Family

ID=64001806

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810555643.0A Active CN108768636B (en) 2018-05-31 2018-05-31 Method for recovering private key by utilizing multi-party cooperation

Country Status (1)

Country Link
CN (1) CN108768636B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109523317A (en) * 2018-11-16 2019-03-26 上海万向区块链股份公司 A kind of logical card system of distributed ecology
CN109547203A (en) * 2018-12-25 2019-03-29 深圳市安信认证系统有限公司 A kind of backup method of private key, back-up device and terminal device
CN111435394B (en) 2019-01-15 2021-05-14 创新先进技术有限公司 Safety calculation method and device based on FPGA hardware
CN112488685B (en) * 2020-12-23 2023-12-12 杨宁波 User private key protection method for blockchain
CN114065241A (en) * 2021-11-11 2022-02-18 北京海泰方圆科技股份有限公司 Key safety processing system, method, equipment and medium

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6396929B1 (en) * 1998-12-31 2002-05-28 International Business Machines Corporation Apparatus, method, and computer program product for high-availability multi-agent cryptographic key recovery
CN107347058B (en) * 2016-05-06 2021-07-23 阿里巴巴集团控股有限公司 Data encryption method, data decryption method, device and system
CN106330868B (en) * 2016-08-14 2019-11-26 北京数盾信息科技有限公司 A kind of high speed network encryption storage key management system and method
CN106548345B (en) * 2016-12-07 2020-08-21 北京信任度科技有限公司 Method and system for realizing block chain private key protection based on key partitioning

Also Published As

Publication number Publication date
CN108768636A (en) 2018-11-06

Similar Documents

Publication Publication Date Title
CN108768636B (en) Method for recovering private key by utilizing multi-party cooperation
US10785019B2 (en) Data transmission method and apparatus
US10313114B2 (en) Authentication method, device and system for quantum key distribution process
CN109040090B (en) A kind of data ciphering method and device
US8429408B2 (en) Masking the output of random number generators in key generation protocols
CN110100422B (en) Data writing method and device based on block chain intelligent contract and storage medium
CN112084521B (en) Unstructured data processing method, device and system for block chain
CN111342955B (en) Communication method and device and computer storage medium
CN104967612A (en) Data encryption storage method, server and system
CN112118098B (en) Post quantum security enhanced digital envelope method, device and system
CN110635901A (en) Local Bluetooth dynamic authentication method and system for Internet of things equipment
CN108599928B (en) Key management method and device
CN113824551B (en) Quantum key distribution method applied to secure storage system
CN114631285A (en) Key generation for use in secure communications
CN114338005A (en) Data transmission encryption method and device, electronic equipment and storage medium
CN110266483B (en) Quantum communication service station key negotiation method, system and device based on asymmetric key pool pair and QKD
CA2742530C (en) Masking the output of random number generators in key generation protocols
AU753951B2 (en) Voice and data encryption method using a cryptographic key split combiner
CN103384233A (en) Agency conversion method, device and system
US20230188330A1 (en) System and method for identity-based key agreement for secure communication
TWI430643B (en) Secure key recovery system and method
CN115204876A (en) Quantum security U shield equipment and method for mobile payment
CN112019335B (en) SM2 algorithm-based multiparty collaborative encryption and decryption method, device, system and medium
CN111010386B (en) Privacy protection and data supervision control method based on shared account book
CN117254911B (en) Multiparty security computing processing method and multiparty security computing processing system based on secret sharing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant