CN109905247B - Block chain based digital signature method, device, equipment and storage medium - Google Patents

Block chain based digital signature method, device, equipment and storage medium Download PDF

Info

Publication number
CN109905247B
CN109905247B CN201910243976.4A CN201910243976A CN109905247B CN 109905247 B CN109905247 B CN 109905247B CN 201910243976 A CN201910243976 A CN 201910243976A CN 109905247 B CN109905247 B CN 109905247B
Authority
CN
China
Prior art keywords
node
private key
secret
nodes
block chain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910243976.4A
Other languages
Chinese (zh)
Other versions
CN109905247A (en
Inventor
程亚歌
胡明生
贾志娟
王利朋
崔文军
雷艳芳
张家蕾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Normal University
Original Assignee
Zhengzhou Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Normal University filed Critical Zhengzhou Normal University
Priority to CN201910243976.4A priority Critical patent/CN109905247B/en
Publication of CN109905247A publication Critical patent/CN109905247A/en
Application granted granted Critical
Publication of CN109905247B publication Critical patent/CN109905247B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention provides a digital signature method based on a block chain, which relates to the technical field of electronic voting systems and mainly comprises the steps of determining a new node private key when the use time of the node private key reaches a preset updating period, replacing a current node private key with the new node private key, carrying out data signature processing according to the new node private key, regularly updating private key information by each node, and deleting the current node private key, so that even if an attacker obtains the current node private key information, the previous information cannot be obtained, the mobile attack is effectively avoided, and the safety of the previous signature information is guaranteed. The invention also discloses a digital signature device and equipment based on the block chain and a readable storage medium, which have the beneficial effects.

Description

Block chain based digital signature method, device, equipment and storage medium
Technical Field
The present invention relates to the field of electronic voting system technologies, and in particular, to a block chain-based digital signature method, apparatus, device, and readable storage medium.
Background
The block chain voting system has no credible center, and is jointly maintained by the whole network voting nodes, so that the non-tamper property of the voting result on the chain can be ensured; meanwhile, the electronic voting system applying the block chain uses a timestamp capable of providing a time certificate, so that the time and data of tampering or fraud votes can be inquired in the block chain record, and an interference node can be traced back; each node can verify the authenticity and integrity of the voting history, so that the voting record is real and credible and is not tampered, and the risk of a voting system is reduced; in addition, the public transparency and anonymity of the block chain enable each voting node to see the voting result, so that the privacy of the voter is guaranteed, and meanwhile, the voting result has the good public and fair characteristic. The block chain electronic voting system is widely applied to electronic voting scenes as a safe and efficient processing mode.
In the process of electronic voting of the block chain, historical contents are automatically stored at the chain nodes of the block chain, when a node is attacked, an attacker can obtain the historical record of the node and can transfer an attack target to a near node until threshold node information is obtained, and the attacker can tamper or forge signature information to influence system safety.
Therefore, how to avoid the mobile attack in the blockchain voting signature and ensure the system security is a technical problem to be solved by those skilled in the art.
Disclosure of Invention
The invention aims to provide a digital signature method based on a block chain, which can avoid mobile attack in block chain voting signature and ensure the system security; another object of the present invention is to provide a block chain-based digital signature apparatus, device and readable storage medium, which have the above-mentioned advantages.
In order to solve the above technical problem, the present invention provides a block chain-based digital signature method, including:
determining a current node private key of a block link point, and performing data signature processing according to the current node private key;
when the time for using the current node private key reaches a preset updating period, determining a new node private key;
replacing the current node private key with the new node private key and deleting the current node private key;
and carrying out data signature processing according to the new node private key.
Optionally, the determining a new node private key includes:
determining a random number as an update factor;
and performing statistical operation on the updating factor and the current node private key, and taking the obtained result as the new node private key.
Optionally, the selecting a random number as an update factor includes:
each node in the block chain electronic voting system inputs the respectively selected first random numbers into an Asmuth-Bloom secret sharing secret share calculation formula, and the obtained calculation result is used as a node update factor;
each node broadcasts the generated node update factor;
correspondingly, the update factor and the current node private key are subjected to statistical operation, and an obtained result is used as the new node private key, specifically: and after receiving the node updating factors of all the nodes, the nodes to be updated take the node updating factors of all the nodes and the statistical result of the current node private key as the new node private key.
Optionally, taking the node update factor of each node and the statistical result of the current node private key as the new node private key, including:
summing the update factors of the nodes to obtain update factor statistical results;
and performing linear summation calculation on the update factor statistical result and the current node private key, and taking the obtained summation result as the new node private key.
Optionally, the block chain-based digital signature method further includes:
each node respectively generates verification information of the node update factor and broadcasts the verification information; wherein the verification information is generated according to the node update factor;
correspondingly, before taking the node update factor of each node and the statistical result of the current node private key as the new node private key, the method further includes: after receiving the verification information and the node updating factors of each node, the node to be updated verifies the correctness of the verification information according to the node updating factors;
and when the verification is successful, taking the node updating factors of the nodes and the statistical result of the current node private key as the new node private key.
Optionally, the generating, by each node, verification information of the node update factor includes:
and each node generates verification information of the node update factor according to the secret share calculation formula shared by the Asmuth-Bloom secret.
Optionally, the data signature processing according to the current node private key includes:
performing data threshold signature according to the current node private key based on the Chinese remainder theorem;
correspondingly, data signature processing is carried out according to the new node private key, and the method specifically comprises the following steps:
and performing data threshold signature according to the private key of the new node based on the Chinese remainder theorem.
The invention discloses a digital signature device based on a block chain, which comprises:
the first private key processing unit is used for determining a current node private key of a block link point and carrying out data signature processing according to the current node private key;
the new private key determining unit is used for determining a new node private key when the time for using the current node private key reaches a preset updating period;
the new private key replacing unit is used for replacing the current node private key with the new node private key and deleting the current node private key;
and the second private key processing unit is used for carrying out data signature processing according to the new node private key.
The invention discloses a digital signature device based on a block chain, which comprises:
a memory for storing a computer program;
a processor for implementing the steps of the blockchain-based digital signature method when executing the computer program.
The invention discloses a readable storage medium, on which a program is stored, which when executed by a processor implements the steps of the block chain based digital signature method.
According to the digital signature method based on the block chain, when the service time of the node private key reaches the preset updating period, the current node private key is determined and replaced by the new node private key, data signature processing is carried out according to the new node private key, each node updates private key information regularly, and the current node private key is deleted, so that even if an attacker obtains the current node private key information, the previous information cannot be obtained, the mobile attack is effectively avoided, and the safety of the previous signature information is guaranteed.
In an embodiment of the invention, a mode of carrying out statistical operation on a new node private key by using an Asmuth-Bloom secret shared secret share and a current node private key is disclosed, and when a certain node private key is lost, the lost private key can be restored by using node private key information higher than a threshold value, so that the reusability of the private key is ensured, and the stability of a system is improved.
The invention also discloses a digital signature device and equipment based on the block chain and a readable storage medium, which have the beneficial effects and are not described again.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a block chain-based digital signature method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a threshold signature process of a block chain electronic voting system based on the chinese remainder theorem according to an embodiment of the present invention;
fig. 3 is a block diagram of a block chain-based digital signature apparatus according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a block chain-based digital signature device according to an embodiment of the present invention.
Detailed Description
The core of the invention is to provide a digital signature method based on a block chain, which can avoid mobile attack in the signature of a block chain electronic voting system and ensure the safety of the system; another core of the present invention is to provide a block chain-based digital signature apparatus, device and readable storage medium, which have the above-mentioned advantages.
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
When an attacker successfully invades and controls one node or server, the attacker can transfer an attack target to another node or server in the system, and the attack is called mobile attack. The block chain node automatically stores the history record, and if a certain node is attacked by an attacker, the attacker can acquire the history record of the node and can transfer an attack target to a near node until threshold node information is obtained, so that the attacker can tamper or forge signature information. Mobile attacks pose a very serious security threat to systems that are in operation for a long time.
The invention provides a digital signature based on a block chain, which is used for periodically updating private key information for each node to resist mobile attack, and even if an attacker obtains the current node private key information of the node, the attacker cannot obtain the previous information, so that the safety of the previous signature information is ensured, and the safety of a system is ensured.
The first embodiment is as follows:
referring to fig. 1, fig. 1 is a flowchart of a block chain-based digital signature method according to an embodiment of the present invention, where the method mainly includes the following steps:
and step s110, determining a current node private key of the block link point, and performing data signature processing according to the current node private key.
And step s120, determining a new node private key when the time for using the current node private key reaches a preset updating period.
The specific time setting of the preset updating period T is not limited, and may be determined according to the period of the actual private key being attacked.
The generation method of the new node private key can refer to the generation method of the current node private key, namely, the node private key can be determined again by referring to the generation method of the node private key in the related technology; the parameter adjustment can also be performed on the basis of the current node private key to generate a new private key, and the generation method of the new private key is not limited in this embodiment.
And step s130, replacing the current node private key with the new node private key, and deleting the current node private key.
When the current private key is replaced by the new private key, the related recorded information of the current private key is immediately deleted, so that even if an attacker illegally obtains the new private key, the information of the private key before the period can not be obtained, the historical data can not be cracked, and the safety of the system is ensured.
And step s140, performing data signature processing according to the private key of the new node.
The electronic voting signature method provided by the embodiment is suitable for any node in an electronic voting system based on the block chain, and can guarantee the safety of the system.
It should be noted that, in this embodiment, the process of performing digital signature processing according to the node private key is not limited, and reference may be specifically made to the description in the related art. Preferably, the data threshold signature can be performed according to the node private key based on the Chinese remainder theorem. As shown in fig. 2, a block chain electronic voting system threshold signature flow diagram based on the chinese remainder theorem is shown, where the block chain threshold signature generates a secret share through mutual cooperation between nodes and calculates correctness of verification information, when a verification result is correct, a group public key and a group private key are generated, and each block chain node calculates an individual private key. The block chain node generates a partial signature of the block chain node by using a private key, and the signature synthesizer synthesizes the signature and the verifier verifies the signature. The signature scheme based on the Chinese remainder theorem has small calculation amount and improves the efficiency of the system when being applied to the block chain voting system. Other digital signature schemes will not be described in detail herein, and reference can be made to the above description.
In addition, the embodiment is mainly applied to an electronic voting background system, and other digital signature scenarios based on the block chain can also be applied to the digital signature method provided by the present invention, and details are not repeated here.
Based on the technical scheme, the digital signature method based on the block chain determines and replaces the current node private key with the new node private key when the using time of the node private key reaches the preset updating period, data signature processing is carried out according to the new node private key, each node updates the private key information regularly, and deletes the current node private key, so that even if an attacker obtains the current node private key information, the previous information cannot be obtained, the mobile attack is effectively avoided, and the safety of the previous signature information is guaranteed.
Example two:
the method for determining the private key of the new node is not limited in the above embodiments, and the embodiment introduces a method for generating the private key of the new node, which can simplify the calculation amount for generating the new private key and ensure the security. Specifically, the process of determining the private key of the new node mainly includes the following two steps:
the method comprises the following steps: determining a random number as an update factor;
step two: and performing statistical operation on the update factor and the current node private key, and taking the obtained result as a new node private key.
The update factor refers to a part updated on the basis of an original private key, wherein the random number comprises a randomly selected number and a numerical value obtained by operating the randomly selected number, and the determination mode of the random number is not limited.
The random number is selected as the updating factor, so that the randomness of the private key of the new node can be increased, and the cracking difficulty is increased. Meanwhile, the original private key and the updating factor are subjected to statistical operation, the randomness of the new private key is guaranteed, the possibility of the loss and the recovery of the private key is also guaranteed, and the stability of the system is improved.
In the above introduction, the determining method of the random number is not limited, wherein preferably, the random number may be determined based on Asmuth-Bloom secret sharing, an Asmuth-Bloom secret sharing scheme has the advantages of small calculation amount and high efficiency, and the recovery of the private key of the lost node may be implemented when the private key higher than the threshold is known, and specifically, selecting the random number as the update factor mainly includes the following two steps:
the method comprises the following steps: each node in the block chain electronic voting system inputs the respectively selected first random numbers into an Asmuth-Bloom secret sharing secret share calculation formula, and the obtained calculation result is used as a node update factor;
step two: and each node broadcasts the generated node updating factor respectively.
Wherein, the secret share calculation formula shared by Asmuth-Bloom secret refers to: assuming DC is the secret distributor, P ═ P1,P2,…,PnAnd the secret is s, and the secret is t. DC selects the large prime number q (q > s), integer A, and strictly increasing positive integersSequence d ═ d1,d2,…,dnAnd d satisfies the following condition:
(1)0≤A≤M/q-1;
(2)d1<d2<…<dn
(3)gcd(di,dj)=1,i≠j;
(4)gcd(di,q)=1,(i=1,2,…,n);
(5)
Figure BDA0002010527870000071
let z be s + Aq, zi=zmoddi(i ═ 1,2, …, n). Secret distributor DC will (z)i,di) Is sent to Pi(i-1, 2, …, n) as PiIs given.
And determining the secret share determined by each node as an updating factor according to the above rules.
Any node recovers the update factor by exchanging secret shares with each other. Specifically, the method for replying the update factor can be described with reference to the following.
Optionally t nodes P1,P2,…,PtAs a set of nodes to recover secrets. After exchanging secrets with each other between nodes, any node PiThe following congruence equation set can be established:
z≡z1(modd1)
z≡z2(modd2)
Figure BDA0002010527870000081
z≡zt(moddt)
from the Chinese remainder theorem, the congruence equation set has a unique solution:
Figure BDA0002010527870000082
therefore, the shared secret s ═ z-Aq, that is, s ═ zmdq can be obtained.
Correspondingly, the update factor and the current node private key are subjected to statistical operation, and the obtained result is used as the new node private key, specifically: and after the node to be updated receives the node updating factors of all the nodes, taking the node updating factors of all the nodes and the statistical result of the current node private key as a new node private key. The statistical method of the update factors of each node can adopt direct summation, proportional summation, mean value calculation and other methods, the statistical calculation method of the update factors and the current node private key can also be set according to the actual calculation requirement, preferably, in order to simplify the calculation method and ensure the diversity of data, the statistical result of the update factors of each node and the current node private key as the new node private key can include the following two steps:
the method comprises the following steps: summing the update factors of all the nodes to obtain update factor statistical results;
step two: and performing linear summation calculation on the update factor statistical result and the current node private key, and taking the obtained summation result as a new node private key.
The linear summation calculation is, for example, to directly add the update factor statistical result to the node private key, or to add the update factor to an integer multiple of the node private key, and the like, which is not limited herein. The linear summation can ensure the randomness of the update factor and the safety of the private key.
In addition, in the introduction, each node directly broadcasts after generating the node update factor, and in order to avoid secret leakage caused by illegal tampering of the node update factor before broadcasting and ensure the security of the private key, preferably, each node can further generate verification information of the node update factor and broadcast the verification information; correspondingly, before taking the node update factor of each node and the statistical result of the current node private key as the new node private key, the method further comprises the following steps: after receiving the verification information of each node and the node updating factor, the node to be updated verifies the correctness of the verification information according to the node updating factor; and when the verification is successful, taking the node updating factors of all the nodes and the statistical result of the current node private key as a new node private key.
The verification information is generated according to the node updating factors, after the node to be updated receives each node updating factor and the corresponding verification information, the security of the updating factors is verified according to the verification information, if the verification is successful, the node updating factors are indicated to be not tampered, if the verification is failed, the node updating factors are indicated to be possibly tampered, and in order to guarantee the security of the private key, the node updating factors which are failed in verification are avoided as much as possible.
The process of generating the verification information of the node update factor by each node may refer to a method for generating verification information in the prior art, wherein, to implement the recovery after the verification information is lost, each node may preferably generate the verification information of the node update factor according to an Asmuth-Bloom secret sharing secret share calculation formula. Please refer to the description in the related art for the Asmuth-Bloom secret sharing scheme, which is not described herein again, and of course, other verification information generating methods may be used, which are not limited herein.
Example three:
in order to deepen understanding of the overall scheme in the embodiment, the description of the overall signature process of the electronic voting system based on the block chain in the embodiment mainly includes six parts, namely key generation, signature verification, private key update, node addition and node quitting, wherein the signature process in the embodiment adopts block chain threshold signature, the private key update adopts the Asmuth-Bloom secret sharing principle, and other modes can refer to the description of the embodiment.
The block chain threshold signature generates a secret share through mutual cooperation among the nodes and calculates the correctness of verification information, when the verification result is correct, a group public key and a group private key are generated, and each block chain node calculates an individual private key. The block chain node generates a partial signature of the block chain node by using a private key, and the signature synthesizer synthesizes the signature and the verifier verifies the signature.
First, key generation
1. Block chain electronic voting system initialization
Common parameters P, n, t, g, P, q, d, S, M are selected. Wherein P ═ { P ═ P1,P2,…,PnN node sets participating in signature of the blockchain voting system, t is a threshold value, g is a generator in a finite field GF (p), p and q are two large prime numbers and satisfy q/(p-1), and d ═ d { (d)1,d2,…,dnIs a set of strictly monotonically increasing positive integer sequences, q and d satisfy the Asmuth-Bloom scheme, the message to be signed is S,
Figure BDA0002010527870000101
n, t, g, p, q, d and M are disclosed.
2. The block chain nodes cooperate with each other to generate secret shares:
each block chain node PiRandomly selecting a sub-secret lambdaiAnd integer ZiThe method is used for generating a node private key and a group key, and meets the following conditions:
Figure BDA0002010527870000102
Figure BDA0002010527870000103
Picalculating secret shares Xij:
Xij=(λi+Ziq)moddj (3)
Node PiRetention of XiiBroadcasting, broadcasting
Figure BDA0002010527870000104
And Xij(i ≠ j) sends the node to Pj
Here, the sub-secret λiAnd integer ZiIs secretly selected by the block link point and is not sent through the communication channel, and cannot be obtained by other people.
3. Block chain node PiCalculating the verification information deltai,μijAnd verifying the correctness of the information:
Figure BDA0002010527870000105
θij=(λi+Ziq-Xij)/dj (5)
Figure BDA0002010527870000106
and broadcasting delta in a blockchain networki,μij
Node PjReceiving the verification information delta sent by the other n-1 nodesiAnd XijThen; the correctness of the information is verified by the following equation:
Figure BDA0002010527870000111
Figure BDA0002010527870000112
4. generating a blockchain node private key:
according to the verification of the third step, if the information is correct, the node PjCalculating own private key:
Figure BDA0002010527870000113
5. generating a group key:
according to the secret number lambda selected by each block chain nodeiGenerating a group public key and a group private key, wherein the group public key is:
Figure BDA0002010527870000114
the group private key is:
Figure BDA0002010527870000115
second, generating a signature
And generating own partial signatures by using own private keys at any t block link points according to the Chinese remainder theorem, wherein the t partial signatures are synthesized into the signature of the message S.
1. Generating partial signatures
(1) Node PiSelecting a random number hi∈ZPAnd calculating and broadcasting:
Figure BDA0002010527870000116
Pjreceive liAnd calculating:
Figure BDA0002010527870000117
Figure BDA0002010527870000121
(2) node PiComputing
Figure BDA0002010527870000122
For generating a partial signature, wherein
Figure BDA0002010527870000123
eiSatisfies the following conditions:
Figure BDA0002010527870000124
(3) node PiComputing a partial signature Wi
Wi=l·hi·S+HimodD (14)
And the partial signature (S,l,Wi) To the signature composer.
2. Composite signature
The signature synthesizer receives partial signatures W sent by t block chain nodesiAfter that, a signature W is synthesized:
Figure BDA0002010527870000125
the signature of the message S is (S, l, W)
Third, verify the signature
Upon receipt of the signature information (S, l, W), the verifier verifies the validity of the signature using the group public key ψ according to the following equation:
gW≡lS·l·Ψmodp (16)
if the above equation is satisfied, the group signature (S, l, W) is valid and the signature is accepted.
Fourth, private key updating
If the update period is T, the detailed update algorithm steps are as follows:
1. block chain node PiRandomly selecting integers
Figure BDA0002010527870000126
Initial conditions are met;
2. node PiCalculating an update factor:
Figure BDA0002010527870000127
the h refers to a hash function, and the calculation of the update factor by using the hash function has the characteristics of forward rapidness, reverse difficulty, sensitive input and collision avoidance.
And will update the factor
Figure BDA0002010527870000131
Is sent to the node PjBroadcasting, broadcasting
Figure BDA0002010527870000132
3. Node PiComputing authentication information
Figure BDA0002010527870000133
Figure BDA0002010527870000134
Figure BDA0002010527870000135
Figure BDA0002010527870000136
Broadcasting
Figure BDA0002010527870000137
The verification mode has a mutual verification function, the nodes are mutually verified, the nodes can be supervised, the node is prevented from being unreliable, and whether data are falsified or forged in the transmission process is verified. And the credibility of the nodes and the credibility of the data are ensured.
4. Node PjReceiving node PiTransmitted information
Figure BDA0002010527870000138
And
Figure BDA0002010527870000139
according to broadcast information
Figure BDA00020105278700001310
Verified by the following two equations
Figure BDA00020105278700001311
The correctness of (2):
Figure BDA00020105278700001312
Figure BDA00020105278700001313
5. node PjThe private key in the period of T-1 is
Figure BDA00020105278700001314
The private key for the T period is:
Figure BDA00020105278700001315
when the node calculates the current private key
Figure BDA00020105278700001316
Then delete it immediately
Figure BDA00020105278700001317
Thus even if the attacker acquires
Figure BDA00020105278700001318
Private key information prior to the period is not available.
Fifth, node joining
Suppose there is a new node Pi+1And adding the block chain network, wherein the adding process is as follows:
1. newly joining node Pi+1Selection modulus dn+1And d isn+1The Asmuth-Bloom secret sharing scheme is satisfied.
2. By t block chain nodes Pi(i-1, 2, …, t) to assist the newly joining node Pi+1A pseudo private key is computed.
Node PiRandomly selecting t random numbers epsilonij∈Zp(j ═ 1,2, …, t), calculation
Figure BDA0002010527870000141
And will be epsilonijIs sent toPj,PjCalculating epsilon'j
Figure BDA0002010527870000142
PiCalculating a pseudo private key:
Figure BDA0002010527870000143
and mixing K'iIs sent to the node Pn+1
3.Pn+1Receipt of t copies of pseudo private Key K'iThen, calculating the private key of the user:
Figure BDA0002010527870000144
when a new node joins the block chain network, the block chain nodes assist the new node to generate a pseudo private key, and the newly joined node calculates the private key of the newly joined node after receiving the pseudo private keys of other t nodes. The group public key, the group private key and the private keys of other nodes are not changed in the whole process, so that the whole signature process is not influenced.
Sixthly, the node exits
Suppose a blockchain node PkDetermining departure from blockchain network, PkBroadcast its message of departure, other n-1 nodes kick dkIs no longer accepting PkThe message to be sent. Node PkAfter leaving, other nodes update the key in time, and the updated group public key is:
Figure BDA0002010527870000145
group private key:
Figure BDA0002010527870000146
and (3) a node private key:
Figure BDA0002010527870000147
it should be noted that, when the number of nodes leaving the block chain network at the same time is greater than or equal to t, the reconstructed secret share can be reconstructed by cooperation of the t nodes, so that the signature algorithm is insecure, and therefore, the system is required to be reinitialized, the operations of the formulas (1) to (11) are repeated, and the key is recalculated at the block link point.
The signature scheme of the block chain voting system provided by the embodiment is based on the Chinese remainder theorem, the calculated amount is small, and the efficiency of the system is improved; meanwhile, the reliability of voting records is guaranteed and the practicability is improved based on the voting technology of the block chain. The voting system and the network do not need to be specially maintained, managed and sorted, so that authoritative fraud and other behaviors are avoided, the transparency of the network is ensured, and the cheating behaviors of malicious voting or tampering with the fraudulent votes are prevented; in addition, the node private key is updated regularly, so that the mobile attack can be effectively resisted, and the safety of the system is improved.
Example four:
referring to fig. 3, fig. 3 is a block chain-based digital signature apparatus according to an embodiment of the present invention, where fig. 3 is a block diagram of the block chain-based digital signature apparatus according to the present invention; the device mainly includes: a first private key processing unit 110, a new private key determining unit 120, a new private key replacing unit 130, and a second private key processing unit 140.
The first private key processing unit 110 is mainly configured to determine a current node private key of a link point of a block, and perform data signature processing according to the current node private key;
the new private key determining unit 120 is mainly configured to determine a new node private key when the time for using the current node private key reaches a preset update period;
the new private key replacing unit 130 is mainly configured to replace the current node private key with the new node private key and delete the current node private key;
the second private key processing unit 140 is mainly configured to perform data signature processing according to the private key of the new node.
The digital signature device based on the block chain can avoid mobile attack in the voting signature of the block chain and guarantee the safety of the system.
Wherein the new private key determining unit may further include: an update factor determination subunit and a statistical calculation subunit;
the updating factor determining subunit is mainly used for determining a random number as an updating factor;
and the statistical calculation subunit is mainly used for performing statistical operation on the update factor and the current node private key, and taking the obtained result as the new node private key.
Wherein the update factor determination subunit may further include: a secret share determination subunit and an update factor broadcast subunit;
the secret share determining subunit is mainly used for each node in the block chain electronic voting system to input the respectively selected first random numbers into an Asmuth-Bloom secret share calculation formula, and the obtained calculation result is used as a node update factor;
the update factor broadcasting subunit is used for broadcasting the generated node update factors by each node;
correspondingly, the statistics calculation subunit is specifically a multi-node statistics subunit, and the multi-node statistics subunit is configured to use the node update factors of the nodes and the statistical results of the current node private keys as the new node private keys after the nodes to be updated receive the node update factors of the nodes.
Wherein the multi-node statistics subunit may further include: a factor summation subunit and a linear summation subunit;
the factor summation subunit is mainly used for carrying out summation calculation on the update factors of all the nodes to obtain the statistical result of the update factors;
and the linear summation subunit is mainly used for performing linear summation calculation on the update factor statistical result and the current node private key, and taking the obtained summation result as a new node private key.
Optionally, the update factor determination subunit may further include: the verification subunit mainly comprises an information generation subunit and an information verification subunit; the information generation subunit is mainly used for controlling each node to respectively generate verification information of the node update factors and broadcasting the verification information; wherein, the verification information is generated according to the node updating factor;
the information verification subunit is mainly used for controlling the nodes to be updated to verify the correctness of the verification information according to the node update factors after receiving the verification information of each node and the node update factors; and when the verification is successful, taking the node updating factors of all the nodes and the statistical result of the current node private key as a new node private key.
Alternatively, the information generating subunit may be a secret sharing information generating subunit configured to control each node to generate the verification information of the node update factor according to a secret share calculation formula of the Asmuth-Bloom secret sharing.
Optionally, the first private key processing unit may be specifically configured to perform data threshold signature on the digital signature device based on the block chain according to the current node private key based on the china remainder theorem;
correspondingly, the second private key processing unit may be specifically configured to perform data threshold signature according to the new node private key based on the chinese remainder theorem.
Example five:
the block chain-based digital signature device provided by the invention is introduced below, and reference may be made to the block chain-based digital signature method and apparatus for the introduction of the block chain-based digital signature device; the apparatus mainly comprises:
a memory for storing a computer program;
and the processor is used for realizing the steps of the data flow theme feature extraction method when executing the computer program.
The digital signature device based on the block chain can avoid mobile attack in the block chain voting signature and guarantee the system safety. .
Referring to fig. 4, an embodiment of the present invention provides a block chain-based digital signature device, which may generate a large difference due to different configurations or performances, and may include one or more processors (CPUs) 322 (e.g., one or more processors) and a memory 332, and one or more storage media 330 (e.g., one or more mass storage devices) storing an application 342 or data 344. Memory 332 and storage media 330 may be, among other things, transient storage or persistent storage. The program stored on the storage medium 330 may include one or more modules (not shown), each of which may include a series of instructions operating on a data processing device. Still further, the central processor 322 may be configured to communicate with the storage medium 330 to execute a series of instruction operations in the storage medium 330 on the blockchain based digital signature device 301.
Block chain based digital signature apparatus 301 may also include one or more power supplies 326, one or more wired or wireless network interfaces 350, one or more input-output interfaces 358, and/or one or more operating systems 341, such as Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, and the like.
The steps in the above-described blockchain-based digital signature method may be implemented by the structure of a blockchain-based digital signature apparatus.
Example six:
the following describes a readable storage medium provided by an embodiment of the present invention, and the readable storage medium described below and the block chain-based digital signature method described above may be referred to correspondingly.
A readable storage medium is disclosed, having a program stored thereon, which, when executed by a processor, performs the steps of a blockchain-based digital signature method.
The readable storage medium may be a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and various other readable storage media capable of storing program codes.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The block chain based digital signature method, apparatus, device and readable storage medium provided in the present application are described in detail above. The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.

Claims (8)

1. A block chain-based digital signature method is characterized by comprising the following steps:
determining a current node private key of a block link point, and performing data signature processing according to the current node private key;
when the time for using the current node private key reaches a preset updating period, each node in the block chain electronic voting system inputs the respectively selected first random number into a secret share calculation formula shared by Asmuth-Bloom secrets, and the obtained calculation result is used as a node updating factor;
each node broadcasts the generated node update factor;
after receiving the node updating factors of all the nodes, the nodes to be updated take the node updating factors of all the nodes and the statistical result of the current node private key as a new node private key;
replacing the current node private key with the new node private key and deleting the current node private key;
carrying out data signature processing according to the new node private key;
wherein, the secret share calculation formula shared by Asmuth-Bloom secret refers to: assuming DC is the secret distributor, P ═ P1,P2,…,PnThe method comprises the steps that a set consisting of n nodes is formed, a threshold value is t, and a secret is s; DC selects a large prime number q, q > s, an integer A, and a strictly increasing positive integer sequence d ═ d { (d)1,d2,…,dnAnd d satisfies the following condition:
(1)0≤A≤M/q-1;
(2)d1<d2<…<dn
(3)gcd(di,dj)=1,i≠j;
(4)gcd(di,q)=1,(i=1,2,…,n);
(5)
Figure FDA0003462911190000011
wherein i is 1,2, …, n, j is 1,2, …, n, z is s + Aq, z isi=zmoddi(ii) a Secret distributor DC will (z)i,di) Is sent to PiAs PiThe secret share of (2);
taking the secret share determined by each node as an updating factor;
the method for recovering the update factor includes that the arbitrary nodes recover the update factor by exchanging secret shares with each other, and specifically includes:
optionally t nodes P1,P2,…,PtAs a group of nodes for recovering the secret, any node P after exchanging the secret between the nodesiThe following congruence equation set can be established:
z≡z1(modd1)
z≡z2(modd2)
Figure FDA0003462911190000021
z≡zt(moddt)
from the Chinese remainder theorem, the congruence equation set has a unique solution:
Figure FDA0003462911190000022
therefore, the shared secret s ═ z-Aq, that is, s ═ zmdq can be obtained.
2. The block chain-based digital signature method as claimed in claim 1, wherein the taking the node update factor of each node and the statistical result of the current node private key as the new node private key comprises:
summing the update factors of the nodes to obtain update factor statistical results;
and performing linear summation calculation on the update factor statistical result and the current node private key, and taking the obtained summation result as the new node private key.
3. The blockchain-based digital signature method of claim 1, further comprising:
each node respectively generates verification information of the node update factor and broadcasts the verification information; wherein the verification information is generated according to the node update factor;
correspondingly, before taking the node update factor of each node and the statistical result of the current node private key as the new node private key, the method further includes: after receiving the verification information and the node updating factors of each node, the node to be updated verifies the correctness of the verification information according to the node updating factors;
and when the verification is successful, taking the node updating factors of the nodes and the statistical result of the current node private key as the new node private key.
4. The block chain-based digital signature method as claimed in claim 3, wherein each node generates verification information of the node update factor, comprising:
and each node generates verification information of the node update factor according to the secret share calculation formula shared by the Asmuth-Bloom secret.
5. The block chain-based digital signature method as claimed in claim 1, wherein the data signature process according to the current node private key comprises:
performing data threshold signature according to the current node private key based on the Chinese remainder theorem;
correspondingly, data signature processing is carried out according to the new node private key, and the method specifically comprises the following steps:
and performing data threshold signature according to the private key of the new node based on the Chinese remainder theorem.
6. A block chain-based digital signature apparatus, comprising:
the first private key processing unit is used for determining a current node private key of a block link point and carrying out data signature processing according to the current node private key;
the new private key determining unit is used for inputting the respectively selected first random numbers into an Asmuth-Bloom secret shared secret share calculation formula by each node in the block chain electronic voting system when the time for using the current node private key reaches a preset updating period, and taking the obtained calculation result as a node updating factor;
each node broadcasts the generated node update factor;
after receiving the node updating factors of all the nodes, the nodes to be updated take the node updating factors of all the nodes and the statistical result of the current node private key as a new node private key;
the new private key replacing unit is used for replacing the current node private key with the new node private key and deleting the current node private key;
the second private key processing unit is used for carrying out data signature processing according to the new node private key;
wherein, the secret share calculation formula shared by Asmuth-Bloom secret refers to: assuming DC is the secret distributor, P ═ P1,P2,…,PnThe method comprises the steps that a set consisting of n nodes is formed, a threshold value is t, and a secret is s; DC selects a large prime number q (q > s), an integer A, and a strictly increasing positive integer sequence d ═ d { (d)1,d2,…,dnAnd d satisfies the following condition:
(1)0≤A≤M/q-1;
(2)d1<d2<…<dn
(3)gcd(di,dj)=1,i≠j;
(4)gcd(di,q)=1,(i=1,2,…,n);
(5)
Figure FDA0003462911190000041
wherein i is 1,2, …, n, j is 1,2, …, n, z is s + Aq, z isi=zmoddi(ii) a Secret distributor DC will (z)i,di) Is sent to PiAs PiThe secret share of (2);
taking the secret share determined by each node as an updating factor;
the method for recovering the update factor includes that the arbitrary nodes recover the update factor by exchanging secret shares with each other, and specifically includes:
optionally t nodes P1,P2,…,PtAs a group of nodes for recovering the secret, any node P after exchanging the secret between the nodesiThe following congruence equation set can be established:
z≡z1(modd1)
z≡z2(modd2)
Figure FDA0003462911190000042
z≡zt(moddt)
from the Chinese remainder theorem, the congruence equation set has a unique solution:
Figure FDA0003462911190000043
therefore, the shared secret s ═ z-Aq, that is, s ═ zmdq can be obtained.
7. A block chain-based digital signature device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the blockchain-based digital signature method according to any one of claims 1 to 5 when executing the computer program.
8. A readable storage medium, characterized in that the readable storage medium has stored thereon a program which, when being executed by a processor, realizes the steps of the block chain based digital signature method according to any one of claims 1 to 5.
CN201910243976.4A 2019-03-28 2019-03-28 Block chain based digital signature method, device, equipment and storage medium Active CN109905247B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910243976.4A CN109905247B (en) 2019-03-28 2019-03-28 Block chain based digital signature method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910243976.4A CN109905247B (en) 2019-03-28 2019-03-28 Block chain based digital signature method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN109905247A CN109905247A (en) 2019-06-18
CN109905247B true CN109905247B (en) 2022-03-15

Family

ID=66953991

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910243976.4A Active CN109905247B (en) 2019-03-28 2019-03-28 Block chain based digital signature method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN109905247B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110555933B (en) * 2019-07-31 2021-04-30 中钞信用卡产业发展有限公司杭州区块链技术研究院 Electronic voting method, device, equipment and computer storage medium
CN110837659B (en) * 2019-09-26 2021-10-15 中国科学院软件研究所 Renewable digital signature method for private key with label and application of renewable digital signature method in PoS block chain protocol
CN110995420A (en) * 2019-11-27 2020-04-10 支付宝(杭州)信息技术有限公司 Data processing method and system
CN113014382A (en) * 2021-03-01 2021-06-22 西安电子科技大学 Service chain integrity detection method, device and medium based on ordered aggregation digital signature
CN112799636B (en) * 2021-04-14 2021-08-27 北京百度网讯科技有限公司 Random number generation method, device, equipment and storage medium
CN114339746B (en) * 2021-12-31 2023-11-17 中国科学技术大学 Internet of vehicles dynamic group key management method and system based on China remainder theorem
CN114329635B (en) * 2022-03-04 2022-06-21 杭州字节方舟科技有限公司 Privacy signature method based on multi-party security calculation and computer system
CN115208676B (en) * 2022-07-19 2023-09-08 中软航科数据科技(珠海横琴)有限公司 Data encryption method and system based on blockchain technology
CN115378616B (en) * 2022-10-21 2023-01-10 三未信安科技股份有限公司 Threshold signature method based on Ed25519

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106411503A (en) * 2016-11-28 2017-02-15 中国银行股份有限公司 Accounting method, accounting system, voting node and accounting node under block chain voting and accounting mode
CN108650085A (en) * 2018-05-10 2018-10-12 杭州智块网络科技有限公司 A kind of group membership's extended method, device, equipment and medium based on block chain
CN108647968A (en) * 2018-05-10 2018-10-12 阿里巴巴集团控股有限公司 A kind of block chain data processing method, device, processing equipment and system
US10162968B1 (en) * 2017-11-30 2018-12-25 Mocana Corporation System and method for securely updating a registered device using a development system and a release management system operated by an update provider and an update publisher
CN109257179A (en) * 2018-10-09 2019-01-22 北京网录科技有限公司 A kind of signature generating method and the block chain account management method using this method
CN109345242A (en) * 2018-09-18 2019-02-15 百度在线网络技术(北京)有限公司 Key storage, update method, device, equipment and medium based on block chain
EP3451579A1 (en) * 2017-09-01 2019-03-06 Accenture Global Solutions Limited Multiple-phase rewritable blockchain
CN109447634A (en) * 2018-10-09 2019-03-08 北京网录科技有限公司 A kind of code key update method and block chain account management method using this method of locking an account

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106411503A (en) * 2016-11-28 2017-02-15 中国银行股份有限公司 Accounting method, accounting system, voting node and accounting node under block chain voting and accounting mode
EP3451579A1 (en) * 2017-09-01 2019-03-06 Accenture Global Solutions Limited Multiple-phase rewritable blockchain
US10162968B1 (en) * 2017-11-30 2018-12-25 Mocana Corporation System and method for securely updating a registered device using a development system and a release management system operated by an update provider and an update publisher
CN108650085A (en) * 2018-05-10 2018-10-12 杭州智块网络科技有限公司 A kind of group membership's extended method, device, equipment and medium based on block chain
CN108647968A (en) * 2018-05-10 2018-10-12 阿里巴巴集团控股有限公司 A kind of block chain data processing method, device, processing equipment and system
CN109345242A (en) * 2018-09-18 2019-02-15 百度在线网络技术(北京)有限公司 Key storage, update method, device, equipment and medium based on block chain
CN109257179A (en) * 2018-10-09 2019-01-22 北京网录科技有限公司 A kind of signature generating method and the block chain account management method using this method
CN109447634A (en) * 2018-10-09 2019-03-08 北京网录科技有限公司 A kind of code key update method and block chain account management method using this method of locking an account

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
"基于中国剩余定理的秘密共享方案";李洁平,韦性佳;《通信技术》;20180310;全文 *
Masayuki Fukumitsu ; Shingo Hasegawa."A Proposal of a Secure P2P-Type Storage Scheme by Using the Secret Sharing and the Blockchain".《2017 IEEE 31st International Conference on Advanced Information Networking and Applications (AINA)》.2017, *
Pratyush Dikshit ; Kunwar Singh."Efficient weighted threshold ECDSA for securing bitcoin wallet".《2017 ISEA Asia Security and Privacy (ISEASP)》.2017, *
张平 ; 栗亚敏."前向安全的椭圆曲线数字签名方案".《计算机工程与应用》.2019, *
王利朋 ; 胡明生 ; ."基于中国剩余定理的区块链投票场景签名方案".《计算机应用研究》.2018, *

Also Published As

Publication number Publication date
CN109905247A (en) 2019-06-18

Similar Documents

Publication Publication Date Title
CN109905247B (en) Block chain based digital signature method, device, equipment and storage medium
CN111639361B (en) Block chain key management method, multi-person common signature method and electronic device
US11818269B2 (en) Computer-implemented system and method providing a decentralised protocol for the recovery of cryptographic assets
JP7289298B2 (en) Computer-implemented system and method for authorizing blockchain transactions using low-entropy passwords
US11641283B2 (en) Computer implemented method and system for transferring access to a digital asset
CN110603783B (en) Secure dynamic threshold signature scheme using trusted hardware
TWI233739B (en) Systems, methods and computer readable recording medium for remote password authentication using multiple servers
CN110661613B (en) Anti-quantum-computation implicit certificate issuing method and system based on alliance chain
CN114521319A (en) Lattice-based signatures with uniform secrets
CN111211910A (en) Anti-quantum computation CA (certificate Authority) and certificate issuing system based on secret shared public key pool and issuing and verifying method thereof
CN110830244A (en) Anti-quantum computing vehicle networking method and system based on identity secret sharing and alliance chain
CN110719172B (en) Signature method, signature system and related equipment in block chain system
CN111786787A (en) Quantum key distribution post-processing method and system based on verifiable secret sharing
CN116349203A (en) Identifying denial of service attacks
CN110971403A (en) Anti-quantum computation blockchain system based on secret shared public key pool and transaction method
CN111191262B (en) Block chain wallet client private key protection method based on two-party signature
WO2018172185A1 (en) Electronic communication and access-control method
CN110737907B (en) Anti-quantum computing cloud storage method and system based on alliance chain
CN109560926B (en) Anti-quantum computing proxy digital signature method based on asymmetric key pool, signature system and computer equipment
CN110740034A (en) Method and system for generating QKD network authentication key based on alliance chain
CN109274506B (en) Certificateless signature method based on SM2 secret
CN109981293B (en) Member revocation processing method, device, equipment and storage medium
NS et al. Security Attacks and Key Challenges in Blockchain Technology: A survey
CN113656840B (en) Dynamic integrity verification method with accountability
CN110929872A (en) Anti-quantum-computation private key backup, loss report and recovery method and system based on alliance chain and identity cryptography

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant